hankwang writes: The Belgian authorities uncovered an international network of online banking fraud, which has been going on since 2007. (Story in Dutch and Google translation). The fraud targeted customers of several major banks, which used supposedly secure two-factor systems that required the customer to generate authorization codes from transaction information (random code and amount or recipient's account number) that is manually keyed into a cryptographic device (Flash demo from one of the banks, Manufacturer's website). Trojan horses that were planted onto the victim's computer would generate a fake error message and requested to re-enter authorization codes. This way, amounts up to €4,000 were transferred to foreign bank accounts.
The worrying part is that many cases were never reported to the police, with the bank preferring to refund the money to the victim rather than risking their reputation. The extent of this type of fraud is unclear.