Cyber criminals are hacking bank accounts of small-to-medium size businesses in the U.S. and sending unauthorized wire transfers to Chinese economic and trade companies located near the Russian border, the FBI warned today. Between March 2010 and April 2011, authorities identified 20 incidents leading to $11 million in losses and about $20 million in attempted thefts.
The computer of an employee who is authorized to transfer funds is typically compromised by malware obtained by visiting a malicious Web site or through a phishing email. The malware -- which includes ZeuS, Backdoor.bot, and Spybot -- harvests the user’s corporate online banking credentials. When the authorized user attempts to log in to the user’s bank Web site, the user is typically redirected to another Web page stating the bank Web site is under maintenance or is unable to access the accounts. While the user is experiencing logon issues, malicious actors initiate the unauthorized transfers to commercial accounts held at intermediary banks typically located in New York. Account funds are then transferred to the Chinese economic and trade company bank account.
Recommendation to Financial Institutions
- Banks should notify their business customers of any suspicious wire activity going to the following Chinese cities: Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning.
- Wire activity destined for the Chinese cities of Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning should be heavily scrutinized, especially for clients that have no prior transaction history with companies in the Heilongjiang province.
For recommendations on how businesses can protect, detect and respond to corporate account takeovers, see the FBI's “Fraud Advisory for Businesses."