The FBI reported this week that between March 2010 and April 2011, cyberthieves drained approximately $20 million from the accounts of US-based small to medium enterprises (SMEs) via fraudulent wire transfers to China. The money was sent to economic and trade companies located near the China-Russia border. Although the transfers involved in these cybercrimes totaled $20 million, some victims were able to recover a portion of their money, resulting in $11 million in net actual losses.
In many cases, the cyberthieves sent phishing emails to SME employees who authorize wire transfers. By clicking a link in these emails, malicious software such as the ZeuS Trojan, backdoor.bot, and Spybot infected an SME employee's computer, sending banking credentials back to the thieves. These thieves then made a series of unauthorized wire transfers, ranging from $50,000 to $985,000. Once these overseas transfers occurred, the money was sent to money mules in the United States via Automated Clearing House (ACH) transactions within minutes. The criminals didn't stop at online theft, either. One victim reported that the hard drive of the company's infected computer was erased remotely after the theft, most likely to impede any follow-up investigation.
These kinds of Internet thefts can be devastating to SMEs because organizations don't have the same type of FDIC account protection that individual consumers enjoy. Where consumers have up to 60 days to detect and report fraudulent transfers and get their money back, an organization has just a few days. Stories like these emphasize the need for SMEs to review their corporate accounts daily, and purchase cyber liability insurance to protect against online fraud and theft.
The FBI provides guidance for all organizations to protect themselves from cybercrime and other fraudulent activities. You can download the "Fraud Advisory for Businesses: Corporate Account Take Over" document from http://www.fsisac.com/files/public/db/p265.pdf. If you haven’t done it already, do it today!!
Stu Sjouwerman
In many cases, the cyberthieves sent phishing emails to SME employees who authorize wire transfers. By clicking a link in these emails, malicious software such as the ZeuS Trojan, backdoor.bot, and Spybot infected an SME employee's computer, sending banking credentials back to the thieves. These thieves then made a series of unauthorized wire transfers, ranging from $50,000 to $985,000. Once these overseas transfers occurred, the money was sent to money mules in the United States via Automated Clearing House (ACH) transactions within minutes. The criminals didn't stop at online theft, either. One victim reported that the hard drive of the company's infected computer was erased remotely after the theft, most likely to impede any follow-up investigation.
These kinds of Internet thefts can be devastating to SMEs because organizations don't have the same type of FDIC account protection that individual consumers enjoy. Where consumers have up to 60 days to detect and report fraudulent transfers and get their money back, an organization has just a few days. Stories like these emphasize the need for SMEs to review their corporate accounts daily, and purchase cyber liability insurance to protect against online fraud and theft.
The FBI provides guidance for all organizations to protect themselves from cybercrime and other fraudulent activities. You can download the "Fraud Advisory for Businesses: Corporate Account Take Over" document from http://www.fsisac.com/files/public/db/p265.pdf. If you haven’t done it already, do it today!!
Stu Sjouwerman