Advertisement
<a href="http://krebsonsecurity.com/cyber-thieves-rob-treasury-credit-union/?administer_redirect_13=http://abaca.com/free_trial.html"><img src="/a-ab/missing.gif" /></a>
  • About the Author
  • About this Blog

    • Posts Tagged: money mules

    A Little Sunshine / Target: Small Businesses32 Comments
    27
    May 10

    Cyber Thieves Rob Treasury Credit Union

    Organized cyber thieves stole more than $100,000 from a small credit union in Salt Lake City last week, in a brazen online robbery that involved dozens of co-conspirators, KrebsOnSecurity has learned.

    Treasury Credit Union -- Image courtesy Google Streetview

    In most of the e-banking robberies I’ve written about to date, the victims have been small to mid-sized businesses that had their online bank accounts cleaned out after cyber thieves compromised the organization’s computers. This incident is notable because the entity that was both compromised and robbed was a bank.

    The attack began Thursday, May 20, when the unidentified perpetrators started transferring funds out of an internal account at Treasury Credit Union, a financial institution that primarily serves employees of the U.S. Treasury Department in the state of Utah and their families. Treasury Credit Union President Steve Melgar said the thieves made at least 70 transfers before the fraud was stopped.

    Melgar declined to say how much money was stolen, stating only that the total amount was likely to be in the “low six-figures.”

    “We’re still trying to find out what net [loss] is, because some of the money came back or for whatever reason the transfers were rejected by the recipient bank,” Melgar said, adding that the FBI also is currently investigating the case. A spokeswoman for the Salt Lake City field office of the FBI declined to comment, saying the agency does not confirm or deny investigations.

    Many of the transfers were in the sub-$5,000 range and went to so-called  “money mules,” willing or unwitting individuals recruited over the Internet through work-at-home job schemes. Melgar said other, larger, transfers appear to have been sent to commercial bank accounts tied to various small businesses.

    Continue reading →

    Target: Small Businesses47 Comments
    11
    May 10

    FBI Promises Action Against Money Mules

    The FBI’s top anti-cyber crime official today said the agency is planning a law enforcement action against so-called “money mules,” individuals willingly or unwittingly roped into helping organized computer crooks launder money stolen through online banking fraud.

    Patrick Carney, acting chief of the FBI’s cyber criminal section, said mules are an integral component of an international crime wave that is costing U.S. banks and companies hundreds of millions of dollars. He said the agency hopes the enforcement action will help spread awareness that money mules are helping to perpetrate crimes.

    “We want to make sure that public understands this is illegal activity and one of the best ways we can think of to give that message is to have some prosecutions,” Carney said at a Federal Deposit Insurance Corporation (FDIC) symposium in Arlington, Va. today on combating commercial payments fraud. “We realize it’s not going to make the problem go away, but it should help raise awareness and send a signal.”

    Continue reading →

    Target: Small Businesses / Web Fraud 2.033 Comments
    10
    May 10

    A Stroll Down Victim Lane

    Last week I traveled to Cooperstown, N.Y. to deliver a keynote address about the scourge of online banking fraud that I’ve written about so frequently this past year. I flew into Albany, and in the short, 60 minute drive west to Cooperstown, I passed through tiny Duanesburg, a town whose middle school district is still out a half million dollars from e-banking fraud. On my way to Cooperstown, I also passed within a few minutes of several other recent victims — including a wrecking firm based on Schenectady that lost $70,000 last month when organized thieves raided its online bank account.

    Alexander “Sandy” Jackson‘s world started crashing down on Apr. 20, the day he learned that more than $70,000 of company’s cash had been transferred to 10 complete strangers scattered about the United States. Since then, the owner of Jackson Demolition Service has spent a good deal of time trying to retrieve that money. So far, he and his bank have recovered about one-third of the amount stolen.

    Oddly enough, Jackson first learned of the fraud after being contacted by an individual who received close to $5,000 of the firm’s money.

    That individual was Montgomery, Ala. resident April Overton. In March, Overton responded to an e-mail from a company that said it found her resume on Careerbuilder.com, and would she be interested in a work-at-home job entering tax information on behalf of American tax filers? Overton said she accepted the job, and for more than a month worked several hours each day completing various tax forms with personal tax information sent to her via e-mail, forms that she then had to fax back to her employers, who claimed to be Tax World LLC, at www.taxreturnsworld.com.

    “I was basically processing tax returns, and they’d have me log in to a site every morning between the hours of 8:30 a.m. and 11:30 a.m., and would send me information, have me filing out [IRS Form] 1040 tax returns,” Overton said.

    Continue reading →

    A Little Sunshine / Target: Small Businesses28 Comments
    26
    Apr 10

    To Catch a Mule

    Much digital ink has been spilled in this blog detailing the activities of so-called “money mules,” willing or unwitting individuals here in the United States who are lured into laundering money for international organized cyber crime gangs. The subject almost always generates fierce debate among readers about whether these mules should be prosecuted, and the debate usually hinges on whether the mules knew that they were contributing to a crime.

    Of course, ignorance of the law is no excuse, and this blog entry is in no way meant to defend the mules. But I did want to shed more light on the efforts that some mule recruitment gangs take to help potential mules believe they are in fact working for a legitimate company.

    Take, for example, the efforts of what we’ll call the “Back Office,” mule recruitment gang — so named because the Web sites used to recruit and manage these folks almost always include the term “backoffice”. Potential Back Office mules are recruited via e-mail, with a message stating that the employer found the recipient’s resume on a job search site and would he or she be interested in working as a financial agent in an international finance company?

    Those who respond are directed to create an account at a Back Office site, and from there the new recruits are processed through a series of interviews. According to conversations with multiple mules recruited by the Back Office gang, the process normally starts with a lengthy telephone interview, wherein the recruit is asked about his or her work history, ethics and attitudes.

    Following the verbal interview, mules are asked to complete a lengthy questionnaire that asks roughly three dozen questions, including many that one might expect to find in a legitimate interview for a professional position.

    “How do you evaluate success?”

    “What classes or seminars have you taken on your own during the last three years to advance your careers and personal growth?


    A Little Sunshine / Target: Small Businesses21 Comments
    23
    Apr 10

    Charting the Carnage from eBanking Fraud

    Aaron Jacobson of Authentify put together this map of all 43 of the U.S. commercial e-banking victims I’ve mentioned in stories at Krebsonsecurity.com and at the Washington Post’s Security Fix blog.

    Clicking on this Google Maps link brings up an interactive version of this map showing the names of the victim at each point on the map, as well as their monetary losses.

    What’s interesting that I hadn’t realized before seeing this map is that the victims appear to be heavily clustered in the East Coast and Midwest. I’m not sure if there is a connection, but the thieves perpetrating these attacks typically recruit their money mules almost exclusively from these regions. The thinking is that the criminals — most of whom reside in the Eastern European Time Zone (EET), don’t want to spend all night managing these mules. As such, they crooks tend not to solicit mules from those living in the Western United States. Again, there may not be an actual link between the mule trend and the grouping of victims, but just thought it was worth noting.

    Latest Warnings / Target: Small Businesses59 Comments
    22
    Apr 10

    Fire Alarm Company Burned by e-Banking Fraud

    A fire alarm company in Arkansas lost more than $110,000 this month when hackers stole the firm’s online banking credentials and drained its payroll account.

    On Wednesday, Apr. 7, Ft. Smith based JE Systems Inc. received a call from its bank stating that the company needed to move more money into its payroll account, chief executive Melanie Eakel said. Over the course of the previous two days, someone had approved two batches of payroll payments — one for $45,000 and another for $67,000.

    “They said ‘You’re overdraft,’ and I told them that was impossible because we didn’t do our payroll…we do it every Thursday,  not on Mondays at 2 a.m., which was when this was put through,” Eakel said. “I told them we did not authorize that.”

    A few days later, however, the First National Bank of Fort Smith sent JE Systems a letter saying the bank would not be responsible for the loss. First National did not return calls seeking comment.

    “They said it was our [Internet] address that was used to process the payments, and our online banking user name and password,” Eakel said. “I feel like the bank should have caught this.

    Continue reading →

    Target: Small Businesses65 Comments
    30
    Mar 10

    Online Thieves Take $205,000 Bite Out of Missouri Dental Practice

    Organized computer criminals yanked more than $200,000 out of the online bank accounts of a Missouri dental practice this month, in yet another attack that exposes the financial risks that small- to mid-sized organizations face when banking online.

    Dentists working at the Smile Zone, a Springfield, Mo. based dental practice that caters specifically to the needs of children, weren’t exactly all smiles on March 22. That was the day unidentified crooks sent at least $205,000 of the practice’s money to nearly a dozen individuals around the country.

    Eric Hudkins, the office manager and husband of one of the dentists at Smile Zone, said the money was taken in 11 different transfers, including three large wires. Once again, it seems the attack was carried out with the help of money mules, willing or unwitting individuals hired through work-at-home job schemes over the Internet and lured into helping the attackers launder the stolen money.

    “I’ve got the names, account numbers, and phone numbers for most of them, and have even looked some of them up on Facebook,” Hudkins said of the co-conspirators. “The bank talked to two of the [mule] account holders and asked them why they opened the account, who it was for, that kind of thing. Both of them said they’d had their resumes out on careerbuilder.com or monster.com and that someone they’d never met contacted them and offered to help them make some money.”

    Hudkins said he contacted the FBI, and that the agent he spoke with told him the FBI wouldn’t open a case on the theft unless it was over $500,000 in losses. As it stands, he was told, his case would be lumped into a group of similar investigations that is being run out of an FBI task force in Omaha, Nebraska. It also appears there is little appetite for prosecuting the money mules, he said.

    “The FBI said prosecuting these [mules] for doing anything wrong is near impossible,” Hudkins said.

    Continue reading →

    Target: Small Businesses60 Comments
    16
    Mar 10

    eBanking Victim? Take a Number.

    Over the past nine months, I have spent a substantial amount of time investigating and detailing the plight of dozens of small businesses that have had their bank accounts cleaned out by organized criminals. One of the most frequent questions I get from readers and from my journalist peers is, “How many of these stories are you going to tell?”

    The answer is simple: As many as I can verify. The reason is just as plain: I’m finding that most small business owners have no clue about the threats they face or the liability they assume when banking online, even as the frequency and sophistication of attacks appears to be increasing.

    I am now hearing from multiple companies each week that have suffered tens of thousands or hundreds of thousands of dollar losses from a single virus infection (last week I spoke with people from four different companies that had been victimized over the past two months alone). In each of these dramas, the plot line is roughly the same: Attackers planted malicious software on the victim’s PC to steal the company’s online banking credentials, and then used those credentials to siphon massive amounts of money from the targeted accounts. The twists to the stories come in how the crooks evade security technologies, how the banks react, and whether the customers are left holding the (empty) bag.

    In most cases I’ve followed, the banks will do what they can to reverse the fraudulent transactions. But beyond that, the bank’s liability generally ends, because — unlike consumers — businesses do not have the same protection against fraud that consumers enjoy. Indeed, most companies that get hit with this type of fraud quickly figure out that their banks are under no legal obligation to reimburse them.

    Earlier this month, I spoke with the CEO of Eskola LLC, a Treadway, Tenn. roofing firm that had $130,000 stolen from its online bank accounts in a series of five unauthorized wire transfers in late January. The bank was able to reverse most of those transfers, but Eskola was unable to recover more than $30,000 of the stolen money.

    “It really took our bank by surprise and triggered a whole series of internal reviews, because they told me they’ve been hit several other times since then,” Jon Eskola said. “They said so far this year, it’s been the number one thing that’s come across their plate, and that this type of crime had increased 500 to 600 percent over a year ago.”

    Continue reading →

    Target: Small Businesses48 Comments
    11
    Mar 10

    Crooks Crank Up Volume of E-Banking Attacks

    Computer crooks stole more than $200,000 from an auto body shop in Ohio last month in a brazen online robbery. The attack is yet another example of how thieves are using malicious software to bypass bank security technologies that are often touted as strong deterrents to this type of fraud.

    The latest victim is Clarke Collision Center, an auto body shop in Hudson, Ohio. According to Craig Kintz, owner of Kintz Tech, a local security consulting company that responded to the incident, on Feb. 23 an employee of the victim firm noticed something strange when she went to log in to the company’s online bank accounts: The site said the bank’s system was down for maintenance.

    Clark Collision’s bank, Cincinnati-based Fifth Third Bank, requires business customers to enter their user name and password, and a one-time passcode generated by a battery-operated key fob that is synched up to the bank’s back end servers. This approach — what banking regulators call “multi-factor authentication” — involves asking the user to provide something they know (a user name and password) in addition to something they have (a code generated by a security token).

    But Kintz said that when the body shop employee visited the bank’s site and entered her user name, password and the output from the security token, she was directed to a page that said the bank’s site was temporarily unavailable. The page she was sent to even included a 1-800 number supposedly for the bank’s customer service line.

    Kintz said the woman called that number, but quickly found that it was not in service. When the employee looked up the real customer service number for the bank and called to complain about the suspicious activity, she learned that there had just been a large number of wires and money transfers out of the company’s accounts to individuals in the United States and overseas, Kintz said.

    “She reported it to the bank at 9 o’clock that morning,” Kintz told Krebs on Security. “By 11:30 a.m. the bank had frozen all of the company’s accounts, but by that time those accounts had all been emptied.”

    Continue reading →

    Target: Small Businesses119 Comments
    26
    Jan 10

    Texas Bank Sues Customer Hit by $800,000 Cyber Heist

    A machine equipment company in Texas is tussling with its bank after organized crooks swiped more than $800,000 in a 48-hour cyber heist late last year. While many companies similarly victimized over the past year have sued their banks for having inadequate security protection, this case is unusual because the bank is preemptively suing the victim.

    Both the victim corporation – Plano based Hillary Machinery Inc. – and the bank, Lubbock based PlainsCapital, agree on this much: In early November, cyber thieves initiated a series of unauthorized wire transfers totaling $801,495 out of Hillary’s account, and PlainsCapital managed to retrieve roughly $600,000 of that money.

    Continue reading →

    ← Older Entries
    Newer Entries →