The FBI has warned small and medium sized business that they are a prime target for cyber-thieves hacking into their network systems and stealing millions of dollars out of their U.S. bank accounts weeks at a time.
The National Cyber Forensics and Training Alliance (NCFTA) who works closely with the FBI, has identified this new cyber threat to be one of their top problems to be addressed. The FBI has said that there has been a "significant increase" in ACH fraudulent activity in the past several months while the Rob Plesco, NCFTA's Executive Director, says "Every year there seems to be a trend and this has been the trend this year."
Cybercrooks have found ways to move money overnight from a victim's account, ranging from thousands to millions of dollars, and add new payees to the organization's bank account. The whole process is initiated by an email that is first sent to either a company's financial officer or bookkeeper with a malicious attachment that is designed to pretend to be a Microsoft software patch. Once the attachment is executed it will record keystrokes made by the recipient of the email eventually compromising online banking login credentials.
After the keylogging process has commenced, things start to get even more interesting. Hackers who have obtained the banking login credentials will then setup ACH transfers to their hired "money mules", similar to the scams that the FDIC recently warned financial institutions of, and then wait for them to do what they thing is a harmless payroll processing for an international company. The money mules have no idea that they are aiding in criminal activity when they perform money transfers as previously instructed to do through Moneygram and Western Union services. Sounds like a type of "new-age" money laundering doesn't it?
What you may be wondering is how can these cyberthieves slip through the cracks of financial institutions that handle millions of dollars for business? Part of the problem lies with the financial institution. Yes, some banks are part of the problem according to the FBI's Crime Complaint Center (IC3). In some instances a financial institution falls victim to a cyberthief's tactics because the bank did not have anti-virus software on their servers and desktop systems or have the proper firewalls in place. In return, this creates a serious breakdown within smaller financial institutions with the ACH system as to why cybertheives are able to transfer large amounts without any interruptions. The smaller banks simply do not have the controls in place to block the fraudulent ACH transfers.
Just when you thought the case for detecting these cybertheives was clear-cut, they throw a wrench into things by using other, much more clever, methods for theft of funds from financial institutions. Cybercrooks have found ways to basically add themselves to the payroll of organizations such as schools by logging into their system. Usually in order to be added to a payroll an employee must submit a voided check but in the case of Plainview Christian Academy in Plainview, Texas, hackers were able to add new payee's via compromised online banking access and the bank was willing to actually pay them before proper authorization. The banks were willing to send up to $10,000 per payee confirmed by Karen Earhart, Plainview Christian Academy’s administrator.
Even though the incident at Plainview Academy did not amount to much over $16,000 in the end, this scenario could happen to other organizations. Since the attack, Plainview has taken the needed precaution in using only one laptop for online banking access where email or web browser it not allowed.
What else can banks do to prevent this from happening besides installing antivirus software or firewalls? Will the FBI have to step in and demand that banks take these measures or suffer the consequences?