Late last year, in what was probably the world’s biggest instance of online fraud, cyber-criminals stole about SKr10m (€1m) from Swedish customers of leading Scandinavian bank Nordea. The hackers fraudulently obtained customer login details through a sophisticated combination of phishing and trojan programs. Phishing involves fraudsters using fake versions of genuine bank websites to lure people into revealing their bank account details. A trojan is a program that appears benign but contains or installs malicious software.
Nordea’s customers were sent e-mails, purportedly from the bank, that asked them to download an anti-spam tool. The PCs of those who downloaded the attachment were infected by the trojan ‘haxdoor.ki’, which monitored the PCs’ online activities and kicked into action when a user tried to log on to their internet banking account. The trojan saved the customer’s login details and displayed an error message asking the customer to re-enter their login information, which was then recorded and later used by the hackers to siphon off money from customer accounts. The hackers were based in Russia.