Losses amounting to EUR 50,000 in malware attack on Nordea online banking customers
A malicious programme circulating on the Internet has caused financial losses to a few online customers of Nordea Bank over the weekend, the bank reported on Monday.
Fifteen Nordea Solo customers have lost a total of approximately EUR 50,000.
E-mail attachments or web pages can contain malicious software that is difficult to prevent from spreading.
Anti-virus software can find and delete the malicious programme only if it has been updated and the user of a computer has activated the update.
If a customer’s computer has been affected by the malicious software, the Finnish log-in page of Nordea’s Netbank [Solo] shows up in English.
If you see this page when logging into Netbank, abort the session, says Kari Oksanen, the head of risk management at Nordea.
The malware first asks customers to enter their user ID and a four-digit passcode, after which it explains that the Netbank is under maintenance for 24 hours and that not all services are functioning as usual, and an updating routine is required. Then the programme asks for a further four-digit confirmation code.
During the "updating process", sums of money are actually being removed from the customer’s account, which he or she will not detect until afterwards.
The question is not one of phishing for user IDs and codes as such, but about scam malware that is hidden in the user’s computer and acts as a kind of bogus interface between the customer and the online bank.
Nordea has no means to prevent such a malicious programme from spreading, as the bank has no access to its customers’ contaminated computers.
Information Security Expert Erkki Mustonen from the Finnish IT security provider F-Secure advises people to get anti-virus software that updates itself regularly and automatically, and to always keep it on.
If a computer has been affected, there are two alternatives: updating the anti-virus software or reinstalling the computer’s operating system.
”Replacing Internet Explorer by for example Firefox or Chrome could reduce the risk of contamination. Microsoft products are the most widely-used programmes, which is why they are also most often used for malicious programmes”, says Mustonen.
In Mustonen’s view, the security level of Nordea’s online banking is good.
Previously in HS International Edition:
Nordea Bank customers hit by malware incident (27.2.2008)
F-Secure: Finland manages to cope with Downadup worm (29.1.2009)
Nordea press release 18.1.2010: Loss caused by malware will be compensated
Nordea press release 15.1.2010: Nordea warns customers about a malicious program