In the world of online security, two things are clear: phishing remains a top threat, especially against online shoppers, and the cleverest attacks still target payment processors and financial companies. 

This week we observed a new phishing campaign, designed to piggyback off the popularity of this major company that provides the acquiring agreements for merchants to accept online payments. 

Instead of sending off compromised emails with phishing links that seem to appear from online stores or banks, malicious actors now move deeper in the payments processing link in the hopes of tricking users to willingly give up their login credentials. 

Nets, one of the biggest payments processors in Europe, has constantly seen its name hijacked and used in phishing scams. Just how big the scope of the issue is? 

So far, out of the tremendous number of compromised domains blocked by Thor Foresight, our researchers have observed 1535 domains containing variations on the name “Nets”, a lot of them with .dk or .de extensions to lend “legitimacy” to the URLs.  

The way this phishing attack is structured, it can fool even educated internet users.  

First off is the original malicious email, which alerts the receiver that Nets recorded a suspicious payment made outside of Denmark. It also prompts the receiver to take action to cancel a transaction and get a refund. 

To add even more legitimacy to the scam, the email even includes a CVR number, the unique identifier for any business registered in Denmark’s Central Business Register. However, a quick eye might notice bits of broken HTML code preceding that CVR number. 

Once clicked, the user is taken to “” (a website quickly taken down once the email was flagged as spam) and asked to input their credentials. This page is the same whether visiting HTTP or https, which can prompt some browsers to disregard its malicious nature. 

Because it looks like a private portal hosted by a financial company, users don’t expect the URL to look particularly user-friendly, so they would go along with inputting their personal information in the fields.  

On Chrome and Firefox, the browser makes it clear that the user should proceed no further.  

On Internet Explorer, however, there is absolutely no alarm drawn over the lack of a security certificate or the potentially dangerous URL.  

This is doubly problematic since a lot of Outlook users leave Internet Explorer as a primary browser. 

As phishing continues to grow at an exponential rate, we urge online shoppers (and everyone else!) to exercise double caution in clicking any link received via email. If that link redirects to a page that demands your login, open a separate browser, Google search the service in question and perform the operation from the legitimate website 

As an extra rule of thumb, be extra suspicious of any email that comes from a bank, a payment processor or an online store, especially if it tries to warn you of fraudulent payment.  

Because attacks like this one come and go with incredible speed, with malicious websites being taken down and reuploaded on a different address as soon as a security researcher discover them, it’s important that users know how to prevent phishing. 

We put together these 4 resources to learn to protect yourself from phishing and other online attacks designed to obtain your sensitive information: 

*This article features cyber intelligence provided by CSIS Security Group researchers.

best free security tools and privacy addons 2019
2019.01.18 SLOW READ

Best free security and privacy tools in 2019

new dharma ransomware strain heimdal security

Security Alert: New Dharma Ransomware Strains Alarmingly Go Undetected By Antivirus Engines

thor enterprise best anti-malware solution 2018 computing security awards
2018.10.12 QUICK READ

Thor Enterprise Is Now Best Anti-Malware Solution of the Year

Detecting and Preventing Phishing
2018.07.25 SLOW READ

The ABCs of Detecting and Preventing Phishing


Security Alert: LinkedIn Phishing Campaign Promises Security

Comments on October 3, 2020 at 12:33 pm

popular ip addresss

This ip address is most common among the home networks.

nice one good post

Leave Application For School on December 24, 2019 at 10:14 am

i like your content

Leave Application For School on December 24, 2019 at 10:14 am

i like your content

this is how you write amazing leave application formats for school, college and office.

nice one good post

Very good content thanx for providing

really good. thanks for providing.

Thanx for sharing this great Article

This would be really helpful. thanks for sharing this. now people can be aware of this fraud.

This would be really helpful. thanks for sharing this. now people can be aware of this fraud.

If that link redirects to a page that demands your login, open a separate browser.

an awesome article, keep it up.

That’s a really good point, this article is very helpful and informative. Thanks for Sharing

Leave a Reply

Your email address will not be published. Required fields are marked *