Hackers using a sophisticated network of banking Trojans money mules have stolen about $40 million from small and medium-sized businesses in the U.S., according to the latest installment in a series by Washington Post writer Brian Krebs.
Krebs quotes an FBI official as saying the criminals involved in these online account takeovers have attempted to steal at least $85 million from mostly small and medium-sized businesses, and have successfully made off with about $40 million of that money.
From the article:
According to the FBI and other fraud experts, the perpetrators have stuck to the same basic tactics in each attack. They steal the victim’s online banking credentials with the help of malicious software distributed through spam. The intruders then initiate a series of unauthorized bank transfers out of the company’s online account in sub-$10,000 chunks to avoid banks’ anti-money-laundering reporting requirements. From there, the funds are sent to so-called “money mules,” willing or unwitting individuals recruited over the Internet through work-at-home job scams. When the mules pull the cash out of their accounts, they are instructed to wire it (minus a small commission) via services such as MoneyGram and Western Union, typically to organized criminal groups operating in countries like Moldova, Russia and Ukraine.
Read the full story [washingtonpost.com]