In what is reported to be the biggest ever online ‘heist’, Swedish bank Nordea has lost up to $1.1 million (£570,000) to Russian organised criminal using a ‘tailor made’ Trojan.

Up to 250 of the bank’s customers were duped by an email which purported to come from the bank, encouraging Nordea’s customers to download a piece of anti-spam software.

This software was in fact a Trojan, called haxdoor.ki, which was used to direct customers to a fake bank login page and record their keystrokes. Customers were then given a message telling them that the bank’s site was experiencing technical difficulties.

According to the Swedish police, these stolen details were sent to servers in the US, and then on to Russia.

Most banks attempt to combat fraud by monitoring large transactions, but in this case, by using a large number of small transactions over a period of several months, the phishers were able to get past the bank’s security measures.

It is unusual for banks to admit fraud on such a scale, as they are often fearful of damaging their reputations and affecting the confidence levels of their customers.

Back in December, a senior police officer told a Commons committee that banks were hiding the true extent of online fraud, which could be costing UK businesses far more than the official figure of £1.7 billion a year.

The bank has acted sensibly in this case; as such email-based scams are best stopped by educating the public on the kind of scams used by online fraudsters.

Most banks still have The Fear when it comes to phishing, so much so that we know of some consumer-focused banks which refuse to send out any emails to their customers. Now that’s prevention…