Nets.eu phishing attack is aimed at Danish online shoppers

E-shoppers are attacked by hackers pretending to be from the famous Nets company

Danish e-buyers are tricked to write down their credentials

Another malicious campaign that is using Nets^[1] was found spreading online. Previously, its name has been widely misused as we are having in mind the biggest payments processors in Europe. This time, hackers found a new way to trick e-shoppers without sending them any phishing spam^[2] filled with harmful hyperlinks hiding in them. Instead, attackers have started setting up malicious domains while trying to receive users' credentials.

According to cybersecurity researchers from Heimdal Security, hackers have set up more than 1500 domains related to the payments processor's name “Nets”.^[3] While trying to look fully legit, they added either the .de or .dk appendix to each URL address. As a result, numerous e-buyers have been tricked by this scam seeking to steal their personal data.

To look more trustworthy, the attack is using a CVR number

In the beginning, the attackers contact their victims via the email message claiming that the Nets noticed an unknown transaction which was made somewhere out of the Denmark country area. The message then offers to cancel all payments and transfers and apply for a refund for all products and services that were purchased.

To seem legit, hackers filled their message with an html code including a CVR code.^[4] However, if you are a little bit more experienced user, you might notice that the html code is not as clear as it should be. Sadly, a lot of users do not see such a thing and proceed with clicking on the given link. After that, the victim lands on this website: netsbeskytte.life/index.html.

Additionally, the victim is asked to write down all sensitive information. A lot of users get tricked as they do not spot anything suspicious, just a finance-related organization requiring particular data for further actions and protection.

Victims who are using the Google Chrome or Firefox web browsers should receive an alert about unsafe activity detected. Sadly, many people who are still using the Outlook, continue using the Internet Explorer web browser as well. If so, you need to note that the Explorer web browser does not provide any warnings even though if there is suspicious activity going on. For this reason, Google Chrome or Mozilla Firefox are recommended as default search providers.

The rogue website was taken down but users still need to be careful with their sensitive data

Even though the phishing website has been taken down, users still need to stay cautious while browsing and performing various actions such as transferring processes online. Make sure that you do not open any suspicious-looking messages you were not expecting to receive. Even if you do open it, you should investigate it to the finest.

Additionally, avoid clicking on hyperlinks that are provided in rogue email messages or on unsafe web pages. These also can cause some harm. Take very good care of your credential details and banking information, as if not, this might relate in serious identity theft and even unexpected money losses as soon as the data falls into the wrong hands and is misused for illegitimate purposes.^[5]