A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.
Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by using 2 factor authentication such as hardware tokens or SMS verification.
Swedish bank Nordea has told ZDNet UK that it has been stung for between seven and eight million Swedish krona “up to £580,000” in what security company McAfee is describing as the “biggest ever” online bank heist.
Over the last 15 months, Nordea customers have been targeted by emails containing a tailormade Trojan, said the bank.
Nordea believes that 250 customers have been affected by the fraud, after falling victim to phishing emails containing the Trojan. According to McAfee, Swedish police believe Russian organised criminals are behind the attacks. Currently, 121 people are suspected of being involved.
If it’s a custom trojan I don’t see how anti-viral software would have helped, but then…executives and corporates tend to talk a lot of crap when it comes to technical issues.
Nordea spokesman for Sweden, Boo Ehlin, said that most of the home users affected had not been running antivirus on their computers. The bank has borne the brunt of the attacks, and has refunded all the affected customers.
Ehlin blamed successful social engineering for the heist, rather than any deficiencies in Nordea security procedures.
“It is more of an information rather than a security problem,” said Ehlin. “Codes are a very important thing. Our customers have been cheated into giving out the keys to our security, which they gave in good faith.”
As always just be wary, no point preaching here as the people reading this site know not to open random executables sent from anywhere unless they are signed and md5 hashed ;)
Source: Zdnet UK