The group, the Financial Services Information Sharing and Analysis Center (FS-ISAC), warned that banks, security companies, police and the media have reported an increase in funds-transfer fraud in the past six months. While other watchdogs have made similar warnings, this report marks the first time that a major financial industry advisory group has warned of the threat of cyber-robbery from eastern Europe. The FS-ISAC, which aims to help the finance industry prepare for and respond to threats, includes members such as Citigroup, American Express, the Federal Reserve, Bank of America, Wells Fargo and the New York Stock Exchange.
Using Money Mules
The fraud, according to the FS-ISAC, involves e-mails that hackers send to company controllers or treasurers. When opened, the e-mails install malicious software that steals passwords. Using the passwords, the hackers begin transferring money from the company’s accounts, often in amounts of less than $10,000 to avoid scrutiny under banks’ anti-money laundering laws. The money ends up in US accounts opened by “money mules” – people often unwittingly hired by criminals via job boards – who then wire the money on to a bank in Russia or elsewhere in the former Soviet Union.
“Eastern European organized crime groups are believed to be predominantly responsible for the activities that are employing witting and unwitting accomplices in the U.S. to receive cash and forward payments -- from thousands to millions of dollars to overseas locations -- via popular money and wire transfer services,” last week’s alert warned, according to the Washington Post.
Examples of the fraud include a Georgia-based auto parts company that lost almost $75,000 after fraudsters used malware to steal passwords and wire money to six money mules around the US, and a Louisiana-based electronics company that lost $100,000 after fraudsters sent small payments to at least five money mules who then wired the money to Russia.
Though cyber criminals have targeted large companies – a Miami man and two Russians were indicted last week for allegedly stealing the information for 130 million credit cards from major US companies like Barnes & Noble and Boston Market – FS-ISAC warned that criminals are finding smaller companies more attractive because crimes against them attract less attention.
--Beth Kampschror
Â