FBI Warns of Massive Wire Fraud Scams

[Jake Kouns <jkouns () opensecurityfoundation org>]

https://threatpost.com/en_us/blogs/fbi-warns-massive-wire-fraud-scams-042711

The FBI is warning businesses about an ongoing spate of attacks that
are stealing millions of dollars from companies through unauthorized
bank transfers to Chinese companies. The fraudulent wire transfers are
not a new tactic, but the FBI says the current round of attacks is
notable in that virtually all of the transfers are going to shell
companies based in China and have cost U.S. businesses $11 million.

The FBI on Tuesday issued a detailed warning--an unusual step for the
bureau--about the specific type of wire-transfer scam that it's been
seeing for a little more than a year now. The way that the scheme
works is pretty simple. An attacker somehow compromises a PC belonging
to a user at a given company who has access to the company's online
banking account. The attack often is a drive-by download or a
spear-phishing email.

Once the computer is compromised, the attacker installs some malware
that harvests the user's online banking credentials, and then waits
for the user to attempt to login to the bank's site. During the login
attempt, the attacker redirects the user to a fake site informing him
that the bank's site is offline or unavailable. The attacker then logs
in to the victim's bank account and sets up a transfer to a holding
company that the attacker controls in China.

The FBI said that many of the cases it has seen involve well-known
pieces of malware, such as Zeus, Spybot and others. The amount of
money the attackers try to transfer varies from $50,000 up to nearly
$1 million.

"The FBI has identified multiple companies that were used for more
than one unauthorized wire transfer. However, in these cases the
transfers were a few days apart and never used again. Generally, the
malicious actors use different companies to receive the transfers. The
companies used for this fraud include the name of a Chinese port city
in their official name. These cities
include: Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning. The
official name of the companies also include the words 'economic and
trade,' 'trade,' and 'LTD.'" the FBI said in its warning.

"The economic and trade companies appear to be registered as
legitimate businesses and typically hold bank accounts with the
Agricultural Bank of China, the Industrial and Commercial Bank of
China, and the Bank of China. At this time, it is unknown who is
behind these unauthorized transfers, if the Chinese accounts were the
final transfer destination or if the funds were transferred elsewhere,
or why the legitimate companies received the unauthorized funds. Money
transfers to companies that contain these described characteristics
should be closely scrutinized."

The FBI said that it has been tracking this specific string of attacks
since March 2010 and that it has seen attempts to steal more than $20
million, although the actual losses suffered by victims is about $11
million
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/