Phishing in Wrong Waters

Yesterday a lot of Danes received an e-mail apparently coming from the tax authorities but was a phishing attempt.

The form to be filled may seem professional at first glance, but it actually had errors all over.


While such errors may be common in phishing as the ones behind only need a fraction of the receivers to take the bite, you actually do see many of the errors in lawful activities.

Some of the errors in the phishing attempt were:

  • It is very unlikely that the public sector would communicate in English instead of Danish
  • They got our national ID for every citizen right; it is called CPR-NR. But why ask for date of birth as this is included in the national ID.
  • Asking for “Mother Maiden Name” and “The name of your son” seems ridiculous to me. Don’t know if it’s some kind of custom anywhere else in the world.
  • The address format is (as usual) a United States standard. Here it would be: Address, Postal Code, Town/City.
  • You would never expect the public sector to pay anything to your credit/debit card. Our national ID is connected to a bank account selected for that purpose.

As the tax authorities stated in a warning e-mail today: “We do not know of anyone who has been cheated by the mail”.

I guess they are right.

Also, if you are doing lawful activities but committing the same kind of diversity errors in your forms: Don’t expect a whole lot of conversion.

Bookmark and Share

4 thoughts on “Phishing in Wrong Waters

  1. Ellie K 27th July 2011 / 11:35

    This IS an odd phishing attempt! It suffers from data quality errors, contextual ones!

    At first glance, it would seem to be based on a template intended for use in the U.S.A. Henrik pointed out the town/city, state, zip code order. Mother’s maiden name is often used for credit card identity verification purposes in the U.S.A. And the birth date format MM/DD/YYYY is a standard here, but not in Europe.

    But on closer inspection, it has some major flaws for a U.S.A.-targeted phishing attempt too! “The name of your son” isn’t a standard for credit card, PHI (protected health information), nor any other consumer electronic identity verification system here. There are several grammatical errors, but they are subtle (well, “mother maiden name” is more noticeable, but minor). As the post mentions, poor grammar isn’t a rule-out, as lawful activities sometimes have errors too. I was curious though about that “Maestro” logo, following Visa and MasterCard. I’ve seen it here, but not for a long time. Is it used in Denmark?

    • Henrik Liliendahl Sørensen 27th July 2011 / 11:50

      Thanks for adding in Ellie.

      I didn’t notice the wrong date format for these waters before.

      Maestro is not common here either – Visa Electron is the most used international debit card besides the local Dankort.

  2. Clarke Patterson 27th July 2011 / 14:58


    I think you’re last statement in this post is perhaps the most significant. Most of the time, we have LEGAL activity that succumbs to the same behavior. Sadly the lack of attention to detail can often have a significant negative impact on the overall user/customer experience. I suspect it’s not always obvious what the impact of poor data quality has on maintaining trust and upholding the reputation of the brand.


    • Henrik Liliendahl Sørensen 28th July 2011 / 07:05

      Thanks for joining Clarke. Precisely, that’s the learning from such misery.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s