14 DAY TRIAL // An email address that’s used for online banking and business purposes can be highly valuable for cybercriminals. A recent incident that occurred in Dubai demonstrates that access to a Gmail account is all a crook needs to empty his victim’s bank account.
According to Emirates 24/7, an Indian expatriate from Dubai found that $15,000 (€11,500) were missing from his bank account. When he called his bank to clarify the matter, the financial institution informed him that he had personally authorized the transfer.
It turned out that the money was transferred to a Westpac bank account in New Zealand to one Garry Albert Frazer, possibly an unsuspecting money mule.
The attacker broke into the victim’s Gmail, which he was using to communicate with the bank, and requested money to be transferred. All the information the cybercrook needed to make the request was found in the email account.
When the bank requested a written document to authorize the transaction, the attacker forged the victim’s signature after finding a scanned copy of his passport.
The money was stolen from the account in the first week of June, but the man only noticed that the money was missing in July after one of the checks he issued bounced.
The victim blames the financial institution for not requiring personal verification before making the transfer.
While many financial institutions have started implementing all sorts of comprehensive security measures, crooks usually find a way to bypass them, either with the use of malware or clever social engineering.
The lesson we can all learn from this incident is to activate two-factor authentication on our accounts, if possible. If the email service provider doesn’t offer the security feature, watch out for phishing attacks and malicious applications designed to steal passwords.
As far as bank account security is concerned, make sure that you act with caution whenever you receive a notification that appears to come from the organization.