IBM Discovers New and Advanced Bank Transfer Cyber Rip-off

Simcoereformer.ca published a report on 2nd April, 2015 stating that IBM, an IT consulting giant, has discovered a sophisticated scheme of fraud run by a well-financed Eastern Europe gang of cyber crooks using a combo of malware, phishing and telephone calls and collected over US$1 million from big and medium-sized U.S. businesses as estimated by the technology company.

Security researchers of IBM have dubbed this scheme as "The Dyre Wolf' which is small as compared to latest largely spreading online fraud scams but it shows a new level of advancement.

According to IBM, crooks have been targeting employees of companies since last year by sending junk email with maligned attachments to inject a variant of malware known as Dyre in as many as computers possible.

When the malware is installed, it waits for the user to navigate to a website of the bank and immediately creates a fake screen which informs the user that the bank's site is undergoing problems and call a specific number.

When users dial that number, they receive response from an operator in English who already knows the name of the bank which users are trying to contact.

The individual prompts the person to submit their username and password and seems to verify it many times after a brief conversation.

He added that all these swings resulted in successful luring of their victims in providing their company's banking credentials.

IBM observes that the attacker logs into the account with stolen credentials and transfers large amount of money to many offshore accounts. It has been reported that amounts ranging from $500,000 to $1 million USD being stolen through smaller and multiple transactions. As if that were not enough, the victim may also be attacked with a distributed denial-of-service attack to hide the tracks of the attacker.

Tweaktown.com published a report on 3rd April, 2015 quoting Caleb Barlow, VP of IBM security, as saying: "In this case, we saw a pivot of attackers using a set of social engineering skills for the first time which is very different. The focus on wiring heavy sums of money really invited our attention."

The criminals created a live line for victims to call is rather surprising as they don't actually choose direct voice interaction.

» SPAMfighter News - 4/9/2015