The Trojan, known as haxdoor.ki, was masquerading as anti-virus software and was downloaded by Nordea’s customers on the recommendation of emails that claimed to come from the bank. The Trojan then deceived customers into revealing their details, using an error message that requested them to enter their details a second time, while recording them for later use.
According to industry newspaper Computer Sweden, police have sourced the emails from Russia, via the US, and therefore suspect Russian organized criminals to be involved. It was revealed that customers have been targeted by the emails for the last 15 months.
According to Boo Ehlin, Nordea’s Swedish spokesman, most of the affected customers did not have anti-virus software installed on their computer. Mr Ehlin commented: It is more of an information rather than a security problem, and added: Codes are a very important thing. Our customers have been cheated into giving out the keys to our security, which they gave in good faith.
This is not the first time that Nordea has been affected by online fraud. The bank, which has two million internet banking customers in Sweden alone, was also hit in August 2005, when it was forced to temporarily cease the operations of its online unit after a phishing attack.
The latest incident, described by the Swedish media as the world’s biggest online scam, has led industry insiders to question the two-factor authentification system, designed to protect internet bankers from fraud. The bank is now reported to be reviewing its security procedures.