PII Pillage: How Attackers Use BitPanda to Plunder Credentials

Cofense PDC observed a targeted phishing campaign impersonating Bitpanda that uses a deceptive domain (account-bitpanda.com) and near-identical cloned pages to harvest login credentials and sensitive PII (name, phone, address, DOB). The attack lures victims with an account-block scare, collects data across multiple form pages, then redirects to the real Bitpanda site to appear legitimate; it bypassed secure email gateway protections and is recommended to be mitigated with email threat detection and managed remediation services.