loader gif

New Nets.eu phishing campaign found targeting Danish E-shoppers

New Nets.eu phishing campaign found targeting Danish E-shoppers
  • Hackers have set up over 1500 fake domains that look legit as the popular payment processor ‘Nets’.
  • These domains that are created with the name of ‘Nets’, have either .dk or .de extensions.

A new wave of phishing campaign has been discovered targeting the online shoppers in Denmark. Dubbed as ‘Nets.eu’, the campaign tricks the online shoppers into revealing their credentials.

Modus Operandi

According to researchers from Heimdal Security, hackers have set up over 1500 fake domains that look legit as the popular payment processor ‘Nets’. These domains that are created with the name of ‘Nets’, have either .dk or .de extensions. This small trick goes unnoticed by the users and they are tricked into providing their details in the fake URLs.

To add even more legitimacy to the scam, the email even includes a CVR number - the unique identification number for any business registered in Denmark’s Central Business Register. However, a careful observation reveals that there is a broken HTML code preceding the CVR number.

The phishing email comes as an alert message, warning online shoppers that a suspicious payment has been recorded on the ‘Nets’ payment gateway. The users are prompted to click on a link in order to claim the refund.

Detecting the phishing email

Once the users click on the link, they are taken to “netsbeskytte.life/index.html” and asked to provide credentials.

On Chrome and Firefox, the users are alerted that these URLs are malicious links and that they should not proceed further. On Internet Explorer, however, there is absolutely no alarm.

Upon discovery, the phishing website was taken down. However, users still need to be cautious while opening such emails asking for users’ data in exchange for refunds.

loader gif