The FBI has released findings from its investigation on how cybercriminals are stealing money from the bank accounts of small-mid sized US companies.
The thieves then initiate a series of unauthorized bank transfers out of the company's online account in less than $10,000 to avoid banks' anti-money-laundering reporting requirements.
The funds are sent to "money mules", who are willing participants or naive individuals recruited over the Internet through work-at-home job scams. The mules pull the cash out of their accounts, keep a small percentage of it, and wire the rest to organized criminal groups operating in countries like Moldova, Russia and Ukraine.
The deputy assistant director of the FBI's Cyber Division said criminals involved in these online account takeovers have attempted to steal at least $85 million from mostly small and medium-sized businesses, and have successfully made off with about $40 million of that money.
Companies that bank online have few of the protections afforded to consumers. Individuals are usually are made whole by their bank. Businesses, however, often must absorb the losses.
The FBI says businesses should protect themselves by conducting online banking from a dedicated, locked-down computer that is not used for everyday web browsing or e-mail.
Malicious software that thieves use to steal online banking user names and passwords is usually installed when the recipient of a spam e-mail opens a poisoned attachment or clicks a link that leads to a booby-trapped web site.
Despite the best efforts of a business to protect itself, online banking still presents risk.
Companies being victimized by this type of crime often have accounts at small and regional financial institutions which do not have adequate fraud detection technologies in place. These institutions rely on layers of customer protections, such as security tokens, which can easily be circumvented by cybercriminals.
Interested in finding out more?
Contact firstname.lastname@example.org today