Application security

Cybercriminals swipe more than $1 million in record phishing scheme

In what's believed to be the most expensive web-related fraud case yet, cybercriminals have stolen more than $1 million from a Swedish bank over the past three months.

Information security experts and bank officials have blamed Russian cybercriminals for the phishing attacks, which cost Swedish bank Nordea $1.1 million.

Cybercriminals developed a specially-crafted trojan for the attack, which was sent to customers in an email disguised as a spam-fighting tool.

Once downloaded, a victimized computer is infected by the trojan haxdoor.ki, according to a statement released by McAfee.

When a user logs on to his or her account, the trojan activates, displaying an error message that asks the client to resend the data. The cybercriminals then have the personal information they need to transfer money from the account.

The malware stole user passwords, sent the information to servers in the United States, which then forwarded it to Russia.

Dave Marcus, security research and communications manager for McAfee Avert Labs, told SCMagazine.com today that the financial loss was not Nordea’s fault, but that banks can do more to educate their customers about cybercrime.

"There is nothing that Nordea did wrong here. This is client side; this is something that was installed on the PC of the consumer. Bad guys are interested in money and data, and this type of trojan can be very successful – and you’ll definitely see more in the future," he said. "I think one thing that they can do is to help to educate their online banking customers, and that’s done by some simple educational outreach, just telling people what types of threats they should be aware of."

Nordea has refunded money to all 250 victims, according to a BBC report. A Nordea representative could not immediately be reached for comment.

Click here to email Online Editor Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.