FBI: Money Mule Scams Racked $100 Million
Security officials of FBI (Federal Reserve Bureau) revealed in a statement that attackers have tried to steal an anticipated $100 Million from corporate bank accounts of small and mid-sized businesses in the US using money mules and targeted malware.
Within the last few months, the FBI has noticed a substantial rise in fraud which involves the abuse of authentic online banking details of school districts and municipal governments.
Further revealing about the attacks, security experts informed that the attacked entity gets a "spear phishing" mail which either directs the user to an infected site or carries an infected attachment. If the user visits the site or opens the attachment, malware is downloaded on their system.
The malware has a key logger which yields every user's corporate bank account login details. Soon after this, the executor either straightforwardly mimics funds transfers by disguising as an authentic user or makes another user account with the stolen login details.
These transfers have taken place in the form of both ACH (Automated Clearing House) as well as traditional wire transfers. Especially, the ACH transfers varied from thousands to millions of dollars.
In addition, studies have suggested that the ACH transfers are directed to the bank accounts of keen or ignorant individuals in the US. Security experts stated that many of these individuals have been employed through work-at-home ads, or have been communicated after they placed their resumes on reputed job search sites.
Describing the flaws, the FBI said that, in many cases, banks do not have efficient firewalls or anti-virus software to safeguard against such attacks.
Moreover, security experts stated that present signature-based anti-virus programs are heavily unproductive and suggested firms should also take into account using heuristic detection, application white listing that enables only familiar software and libraries to implement on a system, and decreasing user privileges.
For now, security experts said that hackers have switched from individual consumers to stealing the online bank details of businesses as there is more money in the corporate bank accounts to rob.
» SPAMfighter News - 13-11-2009