Many European banks provide their customers with a paper list of sequential numbers and randomly requested checksums. Without this physical list, an attacker might be able to access the online banking GUI, but they should not be able to complete a fund transaction.
Now, carrying around a card and scratching off numbers is fairly secure but it isn't always convenient.
What's more convenient and is something you always have with you? Your phone.
More and more banks are beginning to offer transaction authentication numbers (TAN) via SMS text messages. The customer registers their phone to receive the one-time passwords, and the TAN is provided on-demand. Easy, secure.
A company called Ultrascan Research Services claims that East European gangs are paying big money for certain versions of Nokia 1100 phones.
According to Ultrascan's post, some Nokia 1100 phones can be used to intercept SMS messages.
We don't have the details, we only know what's been stated by Ultrascan. We've also been unable to find a hacker forum or an auction site with actual requests for such phones.
To be worth the prices being paid (up to €25,000) the phone would somehow need to spoof the victim's phone number without using their SIM card. If that's possible, then it's a very clever trick and suddenly enables the use of all of the past compromised account information that's been gathered by banking trojans.
And that's a very sizable return on investment. Even for a €25,000 phone.