Corporate Online Banking is at Risk – FBI Says $100M in Attempted Online Theft This Year

The Federal Bureau of Investigation has released a warning to banks and corporate customers. Over the last several months there has been a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts.

In a typical scenario, the targeted entity receives a “spear phishing” e-mail which either contains an infected attachment, or directs the recipient to an infected website. Once the recipient opens the attachment or visits the website, malware is installed on their computer. The malware contains a key logger which will harvest each recipient’s business or corporate bank account login information. Shortly thereafter, the perpetrator either creates another user account with the stolen login information or directly initiates funds transfers by masquerading as the legitimate user. These transfers have occurred as both traditional wire transfers and as ACH transfers.

According to the Internet Crime Complaint Center (www.IC3.gov), $100M in attempted fraud has occurred this year. What is scary is that only two months ago, the attempted fraud stood at $40M, so there is definitely a big pick-up in these attacks. Many of these successful exploits of corporate banking accounts are the result of the Zeus trojan.

NACHA and the FBI, through the FS-ISAC, released guidance to banks and corporate customers in August about how to better protect corporate banking customers. One recommendation was to only do corporate online banking from “locked down” computers that are pretty much only ever used for corporate banking. Those computers should not be used for any other web browsing, nor should they be used to read email.

You can read FS-ISAC CEO Bill Nelson’s September testimony on this issue to the United States Senate Committee on Homeland Security and Governmental Affairs here (it’s a Word document).

Similar Posts:

• Company Sues Comerica Bank After Losing $550,000 In Phishing Attack Online
• Corporate Payment Systems Targeted by Phishers – Fake NACHA ACH Emails
• New Banking Trojan Attacking Users of Corporate Banking Services
• New Identity Theft Virus Steals from Online Banking
• Online banking account takeover fraud may be bigger than we think

• « Previous post
• Next post »

• Categories

  • Identity Theft Tips
  • Online Identity Theft

• Popular Posts

  • Five Tips for Knowing that the “Forward this to your friends and get a free (fill in the blank)” E-mail is a Fake
  • Job Seeker’s Information Stolen in Guardian Jobs Website Hack
  • Government Tries to Thwart P2P Identity Theft
  • 10 Ways to Prevent Social Media Scams
  • Did you get 411 on the *112 life saving email?

• Recent Comments

• Spam Blocked

  681 spam comments blocked by
  Akismet