Online banking hack nets over €1 million for crooks
Criminals have successfully stolen tens of thousands of euros from dozens of people across Germany after finding a way around systems that text a code to confirm transactions to online banking users.
The Süddeutsche Zeitung reports that the total amount of money lost in the scam is likely to be over €1 million.
Millions of bank customers use the co-called "mTan" scheme to make sure that only they can carry out transfers and other transactions with their bank online.
After the account holder has entered all the information about the transfer, the bank texts a code to their phone which they then have to enter by hand.
It's a system that had been believed to be secure for years thanks to its reliance on two separate systems with a human in between.
But there have already been two previous waves of frauds in autumn 2013 and summer 2014.
The latest wave of fraudulent bank transactions has only hit Deutsche Telekom mobile customers.
"Criminals have further refined their methods for committing fraud using mTan," a Telekom spokeswoman told SZ.
She said that the number of frauds this time was "in the mid double-digits".
The fraudsters managed the trick by first hacking bank customers' computers and installing software that would record online banking passwords.
At the same time, they would find out the victim's mobile phone number.
With that, they could contact Telekom, posing as a mobile phone shop worker, and say that they wanted to activate a new SIM card using the phone number – meaning that they could receive any and all texts meant for the customer.
With access to the customer's online banking and their text messages, the fraudsters had total control over the account.
Telekom says it has now "tightened its methods of identifying retailers" to crack down on the problem and that this method should no longer work.