700,000 kroner stolen in NemID attack

February 12th, 2012

This article is more than 11 years old.

Hackers used spy software to help them steal money from the online bank accounts of eight individuals by bypassing the NemID digital signature

Hackers have broken into the online banking accounts of eight Danske Bank customers and stolen approximately 700,000 kroner.

The attacks were confirmed yesterday in a press release from Nets, the company behind the NemID digital signature for online banking.

According to Nets, the hackers tricked the account holders into installing spy software, called malware, onto their computers which the hackers used to monitor the actions of the customers in real time.

These ‘real time phishing’ attacks, as they are known, allowed the criminals to steal the customers’ user IDs, passwords and keys from their NemID key card.

The criminals managed to transfer about 700,000 kroner to foreign bank accounts using the information, though the customers will not lose any money as they were all protected against fraud.

Nets is recommending all NemID users to update their anti-virus software and operating systems

Should computer users experience anything unusual while logged in through NemID, Nets recommends they immediately contact customer support.

“It’s important to stress that the latest attacks by IT criminals do not change the general security of NemID and it is still safe to use,” Nets wrote in the press release. “Nets DanID will analyse that events together with the banks in order to assess what further steps we can take to prevent these forms of fraud happening again.”

The attacks were similar in nature to those eight months ago in which eight people had money stolen from them after they unwittingly passed on their login information to hackers posing as their banks.

NemID is a login system that requires users to have three forms of verification: an account number, a password and a single-use ‘key’ that matches a numerical ‘lock’ generated by the system at login.

Despite these attacks, NemID is considered a safe security system. According to Nyhedsbrevet Finans, there were no successful attacks on net bank customers using NemID between September 2010 and July 2011, when the study was published.

In comparison, over 13 million kroner was stolen in 362 attacks on online banking customers in 2008 and 2009 before NemID became the standard digital signature for online banking.


Subscribe to our newsletter

Sign up to receive The Daily Post

Latest Podcast