Intelligence Note
Prepared by the Internet Crime
Complaint Center (IC3)
November 3, 2009
Compromise Of User’s Online Banking Credentials Targets Commercial Bank Accounts
Background
Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium sized businesses. In a typical scenario, the attack vector is a “spear phishing” e-mail which contains either an infected file or a link to an infectious Web site. The e-mail recipient is generally a person within a company who can initiate funds transfers on behalf of the business, or a credential account holder (treasury management platforms typically support both wires and Automated Clearing House (ACH) transfers). Once the user opens the attachment, or navigates to the Web site, malware is installed on the user’s computer. The malware contains a key logger, which harvests the user’s corporate online banking credentials. Shortly thereafter, the subject either creates another user account from the stolen credentials or directly initiates a funds transfer masquerading as a legitimate user. These transfers have occurred through both the wire system and the ACH Network; however, this bulletin specifically addresses incidents that have occurred through the ACH Network. In one case, the subjects used a Distributed Denial of Service (DDoS) attack against a compromised ACH third-party provider to prevent the provider and the bank from recalling the fraudulent ACH transfers before money mules could cash them out. These ACH transfers ranged from thousands to millions of dollars.
snip
http://www.ic3.gov/media/2009/091103-1.aspx
+++++++++++++++++++++++++++++++++++++++++++
Citing cybercrime, FBI director doesn’t bank online
By Robert McMillan
October 7, 2009 06:15 PM ET
Comments (12)
Recommended (17)
IDG News Service - The head of the FBI has stopped banking online after nearly falling for a phishing attempt.
FBI Director Robert Mueller said he recently came “just a few clicks away from falling into a classic Internet phishing scam” after receiving an e-mail that appeared to be from his bank.
http://www.computerworld.com/s/article/9139106/Citing_cybercrime_FBI_director_doesn_t_bank_online
+++++++++++++++++++++++++++++++++++++++++++++++++++
Business Ways
THE GLOBAL SMALL BUSINESS BLOG
January 14th, 2011
Avoiding Cyber Crime on Online Banking
Our banking world has given improved service time to time. Since internet banking gives us facility to get connected with our account for free, we can precede transaction at anytime. Mobile banking even gives us more convenient service for we can do any banking activities via cell phones. Emergency situation with banking activity and finance can be completed with online banking facilities. However, can people rely on the system without worrying about the cyber crime and identity theft? There is nothing too safe in this cybernetic world. We should thus be very careful with all of the online facilities. There are several things that we can do to make sure that we are making a secure access that will not endanger our account.
snip
+++++++++++++++++++++++++++++++++++++++++++++++++
As I said, “It’s for gamblers only.”
I’m just telling you my own experiences. That yes, it CAN happen, but it’s many times MORE likely to happen with the other methods I described.