The transaction appeared legitimate to the bank

Jun 2, 2015 16:39 GMT  ·  By

A targeted attack on a businessman from Mahwah, New Jersey, caused the victim a financial loss of $240,000 / €215,000, through a bank transfer request that appeared legitimate to the financial institution.

The chances to recover the money are unclear at the moment because, from the bank’s point of view, all conditions were met for approving the money transfer.

Bank verifies client before allowing large transfers

In what appears to be a sophisticated attack, the hackers managed to gather sufficient personal information about the victim to be able to answer authentication questions from the bank and get the “okay” for transferring the funds.

The circumstances of the incident have not been disclosed, but the perpetrators may have compromised the businessman’s computer and gained access to the bank account, which allowed them to initiate the transaction.

For uncommonly large money transfers, the bank is required to verify if the request is legitimate, and most of the times it contacts the owner over the phone, asking security questions to prove their identity.

There are multiple questions and they range from the mother’s maiden name to social security number and the hospital the person was born in.

Client identity checks out, bank approves the transfer

The attackers already had this information, but they needed to find a method to be contacted by the bank. According to CBS New York, the hackers also had access to the victim’s phone and forwarded all the calls to a number they could answer.

When the bank called and asked the verification questions, it was talking to the perpetrators, who provided all the correct details, the consequence being authorization of the money transfer.

Police Chief James Batelli says that the call was forwarded to Brussels, Belgium, but the hackers may not be residents of the country.

If the victim noticed the missing money in time, the bank may have initiated a procedure to freeze the money and recover it.

However, in many cases, hackers are part of a highly organized group that quickly distributes the funds to multiple accounts and accomplices withdraw the money from ATMs.