Business & Finance
06:01 PM
Connect Directly

Swedish Bank Taken for Over $1 Million by Cyber Crooks

Customers were duped by a phishing scam coupled with a version of the Haxdoor Trojan installed on their computers.

Cyber crime apparently pays quite well. Swedish bank Nordea has acknowledged that about 250 of its online banking customers have been robbed of about 8 million Swedish kronor -- roughly $1.14 million dollars -- as a result of a targeted phishing campaign.

The attack took place over the past 15 months, according to Boo Ehlin, a spokesman for the bank. Swedish trade publication Computer Sweden reported that 121 people may have been involved in carrying out the attack, but Ehlin could not confirm that figure. The article identified Russian cyber thieves as being behind the attack.

The phishing e-mail was designed specifically to fool Nordea's online banking customers into downloading what was supposed to be an anti-spam application, according to computer security company McAfee. Those duped ended up with a version of the Haxdoor Trojan on their computers. The malware redirected them to a phony login page that captured their online banking user names and passwords.

"These types of Trojans are quite sophisticated," said David Marcus, security research and communications manager at McAfee Avert Labs. "It's not just something that's sitting in the background capturing screenshots. ...[T]hey're actually designed to wait for you to go to a specific financial institution, so they're not capturing everything."

"What they then do is redirect you to the fake Web site, which looks just like the real thing, and present you with what looks like a real login screen," explained Marcus. "There goes your account login, PIN, and money."

"The interesting thing is the bank actually did nothing wrong in this instance," said Marcus. "And this type of Trojan is something we run into a lot out in the wild. It's one of the largest classes of malware out there. So this attack is really nothing new. This particular one just happened to be a bit more successful than some of the ones we had seen."

Indeed, Nordea was hit with a similar attack in August 2005. The bank says it has almost 10 million customers, 4.6 million of whom bank online, in the Nordic and Baltic regions.

"We have reimbursed all the customers, so they will not take any loss," said Ehlin, who explained that the affected customers had outdated antivirus software or none at all. He said Nordea intended to make free antivirus software available to customers that don't have it already.

"It never ceases to amaze me that people will do online banking, exposing huge amounts of financial information, and not take basic precautions," said Marcus. "I was born in a really bad neighborhood and you're just taught to take certain precautions, like not walk down dark streets at night. And the Internet has to be approached the same way."

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll