Thousands of Icelandic citizens have been subject to a phishing attempt by criminals . These attacks are designed to trick people into giving over sensitive information to hackers.
The attack had several parts , each designed to convince users that it was legitimate. First, victims received an official-looking email from police demanding that the recipient report to police or face an arrest warrant.
Within that email was a link to what it claimed was the official police website.
However the Icelandic police's web address is logreglan.is and the scam used logregian.is. By capitalising the I in the address the hackers were able to make it look like a legitimate domain - it's nearly impossible to see the difference on screen.
From the email people then ended up on a cleverly-copied version of the police website.
Victims were asked for their social security number, a process that's normal in Iceland. The authentication of their SSN requires users to log via their bank, who provide the confirmation.
It seems that the attacker was, however, able to verify the social security number without using a bank's services - perhaps using a database of previously-leaked SSNs.
Victims would then be presented with a file to download and were told this was a document containing information about the detail of their alleged crime. This file was, of course, a malicious "executable" file. In this case using the extension .scr to run as a screensaver.
These .scr files are, basically, the same as any executable file but may not seem as obviously malicious to normal computer users.
Once the victim has downloaded and run this file the scammers were given access to their computer.
The software also gathered data from the computer, particularly looking for banking details. It also contained a keylogger, which records every keystroke and is useful for stealing passwords.
Data was then sent to servers in Germany and Holland.
The malicious website was quickly shut down, but it's not clear how many people may have had details stolen or lost money.
Although the number of people who got the initial email may only have been "thousands" the population of Iceland is only 350,000 people.
Icelandic police haven't given any details on affected people or how many may have lost access to accounts or money.