Construction Company Loses Substantial Amount to Hackers
Security experts stated that a Maine-based construction firm known as Patco Construction has lost almost $588,000 from its bank - Ocean Bank of Delaware - to cyber crooks.
Explaining the modus operandi of the scam, security experts informed that the gangs could have done this by secretly implanting spyware on the systems used to perform transactions. The spyware is usually installed by means of social engineering techniques or by exploiting flaws in obsolete software.
The attackers then used the company's stolen online banking details to kick start batches of bogus transfers from its account to more than thirty individuals with whom the company had never been involved in any business in the past. Separate batch of transfers were performed on an everyday basis from May 7, 2009 to May 14, 2009 and amounted to almost $588,000.
Security experts added that this money went to the alleged 'mules' or people who have agreed to get the funds and further transport it to the cybercriminals.
Also, the hackers had sufficient important details required to do the money transfers, which they did through the ACH (Automated Clearing House) Network that is used by institutions to manage direct deposits, bill payments and cash transfers between companies and individuals.
Patco said that Ocean Bank did not provide two-factor authentication, which usually is about the use of a token that shows a verification phone call or a one-time password. The company also stated that the transfers were started from Internet Protocol (IP) addresses that it never used.
Not even a single transaction set off doubtful activity alerts from Ocean Bank. Supposedly, one of the owners of Patco, Mark Patterson, got a notification on May 13, 2009 that one of the ACH transfers were discarded because of the bogus account number given by the scammers, according to the news published by COMPUTERWORLD on September 24, 2009.
Finally, reports about this sophiticated fraud that hits small- and medium-sized businesses and public institutions in the US began since the starting of July 2009. The scam includes banking Trojans, fake transfers and unwary people serving as money mules.
Related article: Constant Growth in Botnets Poses a Serious Threat, ENISA
» SPAMfighter News - 19-10-2009