European Cyber-Gangs Target Small U.S. Firms, Group Says
Tuesday, August 25, 2009
Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation's largest financial institutions.
A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to implement many of the precautions now used to detect consumer bank and credit card fraud.
"In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," the confidential alert says. The alert was sent to members of the Financial Services Information Sharing and Analysis Center, an industry group created to share data about critical threats to the financial sector. The group is operated and funded by such financial heavyweights as American Express, Bank of America, Citigroup, Fannie Mae and Morgan Stanley.
Because the targets tend to be smaller, the attacks have attracted little of the notoriety that has followed larger-scale breaches at big retailers and government agencies. But the industry group said some companies have suffered hundreds of thousands of dollars or more in losses.
Many have begun to come forward to tell their tales. In July, a school district near Pittsburgh sued to recover $700,000 taken from it. In May, a Texas company was robbed of $1.2 million. An electronics testing firm in Baton Rouge, La., said it was bilked of nearly $100,000.
In many cases, the advisory warned, the scammers infiltrate companies in a similar fashion: They send a targeted e-mail to the company's controller or treasurer, a message that contains either a virus-laden attachment or a link that -- when opened -- surreptitiously installs malicious software designed to steal passwords. Armed with those credentials, the crooks then initiate a series of wire transfers, usually in increments of less than $10,000 to avoid banks' anti-money-laundering reporting requirements.
The alert states that these scams typically rely on help from "money mules" -- willing or unwitting individuals in the United States -- often hired by the criminals via popular Internet job boards. Once enlisted, the mules are instructed to set up bank accounts, withdraw the fraudulent deposits and then wire the money to fraudsters, the majority of which are in Eastern Europe, according to the advisory.
"Eastern European organized crime groups are believed to be predominantly responsible for the activities that are employing witting and unwitting accomplices in the U.S. to receive cash and forward payments -- from thousands to millions of dollars to overseas locations -- via popular money and wire transfer services," the alert warns.
The FBI said it is working to stem the problem.
"We share a mutual concern with respect to criminals' unrelenting intent to target our nation's financial sector and customers, whether through computer hacking or by other schemes to steal customer account information and make unauthorized withdrawals," Steven Chabinsky, deputy assistant director for the bureau's cyber division, said in a statement.
Fewer Fraud Protections
The Financial Crimes Enforcement Network, a Treasury Department division that tracks suspected cases of fraud reported by banks, said incidences of wire-transfer fraud rose 58 percent in 2008. But experts say reliable figures about losses from commercial online banking fraud are hard to come by, and many incidents go unreported.