This is the 5th in a series of online security information The First is providing to our Business Online Banking customers. This article is from a September 2011 Infosecurity Magazine.
FBI probes over 400 cases of corporate bank account cyberjacking
16 September 2011
The FBI is currently investigating over 400 reported cases of corporate banking account takeovers in which cybercriminals have initiated unauthorized automated clearing house (ACH) and wire transfers from US-based organizations, an FBI official told a House panel this week.
Through this method, cybercriminals have attempted to steal over $255 million and have actually stolen around $85 million, Gordon Snow, assistant director of the FBI’s cyber division, told a House subcommittee on financial institutions and consumer credit.
Snow explained that these cyberattacks are usually carried out through targeted phishing emails that contain either malware or a link to a malware-laden website. The phish targets a person within the company who can initiate fund transfers on behalf of the business or institution.
“Once the recipient opens the attachment or navigates to the website, malware is installed on the user’s computer, which often includes a keylogging program that harvests the user’s online banking credentials. The criminal then either creates another account or directly initiates a funds transfer masquerading as the legitimate user. The stolen funds are often then transferred overseas”, Snow explained.
The targets of these phishing attacks are small and medium-sized businesses, local governments, school districts, and healthcare providers, he noted.
Snow cited the example of a New York school district that had $3 million transferred out of its bank account as the result of a 2009 phishing attack. The bank was able to recover some of the stolen funds, but $500,000 had already been withdrawn and was unrecoverable.
In March 2010, an Illinois town was the victim of a cyberattack resulting in unauthorized ACH transfers totaling $100,000, Snow related. When an authorized individual logged into the town’s bank account, she was redirected to a site alerting her that the bank’s website was experiencing technical difficulties. During this redirection, the cybercriminal used the victim’s authorized credentials to initiate transactions. The town was able to recover only $30,000, he noted.
The First encourages you to take measures to keep user credential safe. Below are pointers that we have suggested in previous briefs. If you haven’t reviewed and taken action previously…please read on.
How can user credentials be compromised and what can be done to prevent this? The most common way credentials are compromised is key stroke logger viruses that infect users’ computers. Many times, the viruses are picked up after the user opens a booby-trapped email attachment containing password-stealing malware, but it can also occur from opening “Special Offers” from online shopping sites or other websites that pop up on the screen. Once a computer is infected, the hacker has access to all of the users’ computer activity, including login names and passwords for all programs used, not just online banking. Some things for you to do:
First National Bank of Hutchinson highly recommends your Business Online Banking procedures include:
· Require dual approvals on ACH transactions
· Require a Secure Access Code for all Logins sessions rather than enrolling a browser (for information to reset an enrolled browser, contact the Online Help Desk at 620-694-2334)
· Use a dedicated computer for your Business Online Banking Transactions.
· Keep your computer operating system up to date by automatically installing all Windows updates. This will help to ensure the highest level of protection.
· If you suspect your computer has a virus, do not use for online banking or any other sites that require a user id and password. Immediately have a computer professional check out the unit.
· Protect your online passwords. Don’t write them down or share them with anyone.
· Although at this time The First does not require users to change their user id or password, it is a good practice to do so occasionally. Especially if you suspect your computer has been compromised.
· Conduct online banking activities on secure computers only. Public computers (computers at internet cafes, copy centers, etc.) should be used with caution, due to shared use and possible tampering. Online banking activities and viewing or downloading documents (statements, etc.) should only be conducted on a computer you know to be safe and secure
· Sign off rather than close after each online banking session.
eBranch Manager & Officer