14 DAY TRIAL // The Massachusetts Bay and Merrimack Valley chapter of United Way of America fell victim to overseas cybercrooks, who attempted to siphon over $150,000 from the charity's bank account. Fortunately, the organization noticed the fraudulent transfers in time and was able to recover the money.
This is just one of the many similar incidents that have occurred across the United States starting with 2009. Their pattern remains the same, but some of the outcomes can differ due to various factors.
It all starts with cybercriminals successfully infecting a computer used for online banking by an organization with an information-stealing computer trojan. Small-size businesses, public institutions and non-profit organizations are the main targets of such attacks.
After online banking credentials have been stolen, the fraudsters use them to set up batch transfers from the organization's account to the accounts of various U.S. residents, who act as money mules. The vast majority of these money mules are hired through online ads and think that they are working as financial managers for foreign companies.
They are instructed to use their personal bank accounts to receive money (allegedly on behalf of their employer), then withdraw and wire it via Western Union or MoneyGram to overseas agents (usually in Eastern Europe). The mules get to keep a hefty commission as compensation for their effort.
The United Way of Massachusetts Bay and Merrimac Valley incident is one of the few fortunate cases where all the money was recovered. This is because the employees noticed the bogus transfers very fast and the mules did not have a chance to withdraw the stolen money from their accounts.
"We were able to pretty much capture things as they were happening. Fortunately, we saw it on the day that it occurred," Patricia Latimore, chief financial officer with the chapter, commented for Krebs on Security, the blog of former Washington Post reporter, Brian Krebs.
Cybercrooks usually keep the fraudulent transfers under $10,000 to avoid being flagged for checking by the bank. However, in this case, one particular transfer was of almost $40,000. This is apparently because one of the mules, William Hong, of Flushing, N.Y., used a business account. According to Mr. Hong, he was recruited online by a company called Classic Group.
These attacks are so frequent that the FBI and American Bankers Association have issued a recommendation that online banking be performed from computers dedicated only to this task. We have suggested that booting from a live Linux CD and doing it from a temporary environment is even better.