The fraudsters sent an email to a large number of Swedish addresses, both Nordea customers and others. It had apparently been sent by the bank, with the email address [email protected], and the message instructed the recipient to log in on a false Nordea web page.
The email was written in poor Swedish but the page was an exact copy of Nordea’s web site with an address which was almost identical. Security experts have now tracked the page to a server in Korea. Customers were told that the bank had changed its security system and that they had to re-enter their account details for “authorisation”.
The details which customers typed in were sent to the same server.
“The page itself is copied from the original, but the email which was sent out contained many spelling mistakes so hopefully not many people have been tricked,” said Anders Nilsson, a security specialist at the company Eurosecure.
Nordea found out about the scam at around 10pm on Monday and within an hour the bank had shut down its internet services. The newspaper Dagens Nyheter said it had seen emails which were sent at 9.30pm.
“I believe that only a very limited number of our customers were taken in by the con,” said Nordea’s head of information, Boo Ehlin.
“We noticed it early on and the few customers who were in at that time noticed pretty quickly that something wasn’t right.”
But those who followed the instructions in the email gave away their personal numbers, personal codes and single-use codes which the fraudsters would then have been able to use on the real web site.
Ehlin appealed for customers who had given their details away to contact the bank and confirmed that Nordea would compensate anyone who had suffered losses as a result of the fraud.
This method of IT fraud, in which internet users are tricked into giving out private information, is known as ‘phishing’.
“We as a bank would never request our customers to do this kind of thing, either by email or be telephone,” said Ehlin.
“So if you ever get anything like this, you should be extra careful.”
The bank said it was not clear how long its internet service would be offline for, but that it would try to get the false pages taken down on Tuesday.