Organized cyber thieves took roughly $600,000 from the coastal city of Brigantine, New Jersey this week after stealing the city’s online banking credentials.
The break-in marks the second time this year that hackers have robbed the coffers of an Atlantic County town: In March, a similar attack struck Egg Harbor Township, N.J., which lost $100,000 in a similar intrusion.
Like the Egg Harbor incident and dozens of others documented here, the loot from the Brigantine heist was sent to multiple “money mules,” willing or unwitting people hired through work-at-home job offers to help computer crooks launder stolen cash.
Brigantine City officials said the incident began sometime before 6 p.m. on September 28th, when TD Bank notified city finance officers that multiple wire transfers had been made from its accounts. Brigantine Police’s Lt. James Bennett said in a written statement:
“Unknown person(s) had apparently obtained a user name and password for the city’s main TD Bank account when our finance personnel attempted to login (through either a fake Web page or an undetectable virus). Then several wire transfers were started with amounts ranging from a few thousand to over $300,000, for a total of about $600,000. The last update from TD Bank was that they were able to recall approximately $400,000 in transfers and were working on recalling the remainder. The investigation is being handled by the FBI, New Jersey State Police with the Brigantine Police Department and TD Bank security.”
The attack occurred in the middle of a week in which federal officials announced dozens of arrests and charges against money mules and the organized criminals responsible for orchestrating these types of break-ins. While it’s unclear whether those responsible for the attack on Brigantine were apprehended or charged this week, the method by which the thieves made off with at least some of the loot bears the same fingerprint as past breaches, including the Egg Harbor attack.
Lori Tharp, a 47-year-old from Goodlettsville, TN, said she recently started working for an entity calling itself the Forte Group, which found her résumé on Careerbuilder.com and recruited her into a work-at-home job where she was to serve as a “financial agent” for the company.
Tharp, who recently lost her job as a buyer for a local automotive supplier, said she figured out the job was a money laundering scam several days before the Brigantine robbery, and closed the bank account she had given her erstwhile employers. But she said the thieves still tried to transfer her $7,394 of the city’s money on Sept. 29. Tharp said she confirmed with her bank that the thieves never managed to deposit the stolen funds.
“Just last week the group called me again and told me they had put money into my account, but I told them it had already been closed,” Tharp said in a phone interview. “There’s too many people out of work, and I guess I just got overwhelmed and excited at the same time and made a stupid move.”
Brigatine Mayor Phil Guenther told pressofatlanticcity.com he is confident that the city will recoup its losses. Still, it remains to be seen whether these types of attacks will diminish following the law enforcement sweeps last week aimed at one of the largest international organized crime gang involved in this type of activity. According to the FBI, crooks involved in e-banking fraud have stolen more than $70 million from companies, small businesses, towns, cities and nonprofits, and attempted to steal more than $220 million.
Below is a screen shot of the alert the Forte Group sent Tharp on the day of the Brigantine breach. Click the image for a larger version.