Two Cyberfraud Advisories IssuedProtecting Against Account Takeover, Money Mule Schemes
The two advisories, Fraud Advisory for Businesses: Corporate Account Take Over, and Fraud Advisory for Consumers: Involvement in Criminal Activity through Work from Home Scams, were issued by the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Federal Bureau of Investigation, the United States Secret Service and the Internet Crime Complaint Center.
These advisories come just weeks after authorities in the U.S. and Europe arrested more than 100 people involved in a cybercrime gang that was stealing millions from U.S. businesses.
To get the online banking credentials needed to access to financial accounts, cybercriminals often target employees -- senior executives or accounting and HR personnel -- and business partners and cause the targeted individual to spread malware, often a Zeus variant, that also steals their personal information and log-in credentials.
Once the account is compromised, the cybercriminals are able to electronically steal money from business accounts. Cybercriminals also use various attack methods to exploit check archiving and verification services that enable them to issue counterfeit checks, impersonate the customer over the phone to arrange funds transfers, mimic legitimate communication from the financial institution to verify transactions, create unauthorized wire transfers and ACH payments or initiate other changes to the account.
In addition to targeting account information, cybercriminals also seek to gain customer lists and/or proprietary information -- often through the spread of malware -- that can also cause indirect losses and reputational damage to a business.
This type of crime, first identified in 2006, has evolved in terms of the types of companies targeted and the technologies and techniques employed by cybercriminals.
These criminals, who used to attack mainly large corporations, have now begun to target municipalities, smaller businesses and non-profit organizations. Thousands of businesses, small and large, have reportedly fallen victim to this type of fraud.
"Educating all stakeholders (financial institutions, businesses and consumers) on how to identify and protect themselves against this activity is the first step to combating cybercriminal activity," says Errol Weiss, the FS-ISAC's corporate account takeover task force leader.
These advisories are intended to make businesses and consumers aware of this crime, identify some examples of how the fraud may occur, and provide updated recommendations to businesses to protect themselves against it, he says. "The information contained in these advisories is intended to provide basic guidance and resources for businesses to learn about the evolving threats and to establish security processes specific to their needs," Weiss says.
Consumers too, should be aware of the types of work from home scams that may be offered to them. Weiss warns it is very important to know cybercriminals change their techniques, so businesses must continue to update their knowledge of these attacks as well as their security posture. The information in the advisory may help reduce the likelihood of fraud, but shouldn't be expected to provide complete protection against these attacks, Weiss says.
Protect, Detect, Respond
The advisory for commercial account holders has a section on how businesses should protect, detect and respond to these attacks. It stresses education of all staff and enhanced security measures for the computers and networks used by the business to conduct online banking.
The advisory notes that businesses need to monitor and reconcile their accounts at least once a day.
The response portion of the advisory tells businesses that if they detect suspicious activity, they should: stop work immediately and remove the compromised computer from the network; make sure employees know how and to whom suspicious activity should be reported; and contact their financial institution immediately if suspicious activity is detected.
Cyberfraud Hits Consumers
The FS-ISAC also issued an advisory for consumers, who continue to lose money from "work-from-home" scams. These scams assist cybercriminals by moving the stolen funds. Often work-from-home scam victims are recruited by organized cybercriminals through newspaper ads, online employment services, unsolicited e-mails or "spam," and social networking sites advertising work-from-home opportunities.
Once recruited, however, rather than becoming an employee of a legitimate business, the consumer is actually a "mule" for cybercriminals who use the consumer's or other victim's accounts to steal and launder money. In addition, the consumer's own identity or account may be compromised.
The advisory recommends consumers be on the watch for these types of scams:
An individual applies for a position as a rebate or payments processor through an online job site or through an unsolicited email.
As a new employee, the individual is asked to provide his/her bank account information to his/her employer or to establish a new account using information provided by the employer.
Funds are deposited into the account that the employee is instructed to wire to a third (often international) account. The employee is instructed to deduct a percentage of the wired amount as their commission. Instead of processing rebates or processing payments, the individual is actually participating in a criminal activity by laundering stolen funds through their own account or a newly established account