Phishers Duped a Leading D.C. Company

According to reports published in SecuObs on December 2, 2009, Parkinson Construction President 'Nigel Parkinson' who was behind the building of baseball stadium, D.C Convention Center and Nationals, became a victim of a phishing e-mail, which seized the company's bank account password thus, helping in a consequent theft of funds.

Parkinson said on November 24, 2009 that he hit a web-link within an e-mail, which looked like a message from the Social Security Administration, telling him that there could be mistakes in his statement on Social Security, as reported by Washington Post on December 1, 2009.

The ruse managed to trick Parkinson who eventually downloaded a Zeus variant. Zeus belongs to a family of Trojans, which cyber criminals have largely used for stealing huge amounts of dollars from corporate bank accounts in 2009.

The variant helped the phishers to steal credentials that Parkinson utilizes for administering his company's bank account online. By gaining access to that account, the thieves transferred $92,000 from it to the accounts of 9 separate money-mules who would then wire the money to a foreign destination after withdrawing the sum.

However, when his bank became aware of the illegal transactions, it managed to stop a few of them; consequently only $18,000 was lost, as merely 2 mules of the 9 could accomplish their job, said Parkinson.

The reports state that this kind of incident isn't new in D.C. During November 2009, another D.C. company, a property management company, fell to an e-mail scam. A staff member of that firm said that hackers had attempted at moving over $1.3 Million from the company's bank account, but their plan was effectively foiled.

Moreover, Internet security specialists comment that phishing criminals seem to make their scams more complex by using money-mules like in the frauds where they were issued several fake payroll payments after the theft of the banking credentials and money from the victims. Money-mules are recruited accomplices of cyber criminals who collect stolen money in their bank accounts and then wire the same to a foreign account of their employers.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 12/10/2009