14 DAY TRIAL // Cybercriminals found a clever and somewhat unsophisticated way of gaining access to the bank accounts of unsuspecting Internet users. They started relying on compromised email accounts to send messages to bank personnel, requesting fund transfers.
Security journalist Brian Krebs informs that even though in many cases the employees of financial institutions refuse to complete these phony requests, there are some that want to aid a “person in need” and don’t hesitate to perform wire transfers based only on an email.
The scammers are counting on the fact that bank employees will trust the legitimacy of the emails if the sender’s address has been used on previous occasions to complete transactions.
In a scenario that occurred last month, some crooks compromised the email accounts of three Western National Bank (WNB) customers. After seeing that the emails have been used to communicate with bank officials, they sent cleverly designed requests to the victims’ local WNB branch.
The phony message looks something like this: Good Morning, Can you please update me with the the available balance in my account and also the information needed to complete an outgoing wire transfer for me today,i am on my way to my nephew funeral service but i will check my mail often for your response. Thanks.
Out of the three emails that were sent, two were ignored by the financial institution’s employees, but the third one was taken seriously and in the follow-up email the scam artists provided instructions on where the money should be wired.
Wade Kuehler, executive vice president at WNB, said that the bank takes complete responsibility for the incident which only resulted in a small loss.
While officials say that these types of attempts are not uncommon, especially for local bank branches, experts reveal that cybercriminals are still successfully exploiting the trust relationship that may exist between customers and institutions.
Due to the fact that businesses conduct a large part of their tasks via email, in many cases a verification process is neglected, giving fraudsters endless opportunities to gain a profit.