Category Archives: Target: Small Businesses

Posts in this category will include new stories similar to those told in the Small Business Victims category on The Washington Post’s Security Fix blog, which chronicled the methods organized cyber thieve are using to steal hundreds of thousands of dollars from dozens of small- to mid-sized companies around the country.

Hacked Inboxes Lead to Bank Fraud

March 13, 2012

8 Comments

Hacked and phished email accounts increasingly are serving as the staging grounds for bank fraud schemes targeting small businesses. The scams are decidedly low-tech and often result in losses of just a few thousand dollars, but the attacks frequently succeed because they exploit existing trust relationships between banks and their customers.

Last month, scam artists hijacked private email accounts belonging to three different customers of Western National Bank, a small financial institution with seven branches throughout Central and West Texas. In each case, the thieves could see that the victim had previously communicated with bank personnel via email.

DDoS Attacks Spell ‘Gameover’ for Banks, Victims in Cyber Heists

November 30, 2011

23 Comments

The FBI is warning that computer crooks have begun launching debilitating cyber attacks against banks and their customers as part of a smoke screen to detract attention away from simultaneous high-dollar cyber heists.

The bureau says the attacks coincide with corporate account takeovers perpetrated by thieves who are using a modified version of the ZeuS Trojan that’s being called “Gameover.” The thefts come after a series of heavy spam campaigns aimed at deploying the malware, which arrives disguised as an email from the National Automated Clearing House Association (NACHA), a not-for-profit group that develops operating rules for organizations that handle electronic payments. The ZeuS variant steals passwords and gives attackers direct access to the victim’s PC and network.

Title Firm Sues Bank Over $207k Cyberheist

November 14, 2011

20 Comments

A title insurance firm in Virginia is suing its bank after an eight-day cyber heist involving more than $2 million in thefts and more than $200,000 in losses last year. In an unusual twist, at least some of the Eastern European thieves involved in the attack have already been convicted and imprisoned for their roles in the crime.

ZeuS Trojan Gang Faces Justice

October 4, 2011

5 Comments

Authorities in the United Kingdom have convicted the 13th and final defendant from a group arrested last year and accused of running an international cybercrime syndicate that laundered millions of dollars stolen from consumers and businesses with the help of the help of the ZeuS banking Trojan. The news comes days after U.S. authorities announced the guilty plea of the 27th and final individual arrested last year in New York in a related international money-laundering scheme.

Monster Spam Campaigns Lead to Cyberheists

October 3, 2011

27 Comments

Phishers and cyber thieves have been casting an unusually wide net lately, blasting out huge volumes of fraudulent email designed to spread password-stealing banking Trojans. Judging from the number of victims who reported costly cyber heist in the past two weeks, many small to medium sized organizations took the bait.

Experienced Money Mule, Will Travel

August 29, 2011

18 Comments

I’ve written a great deal about “money mules,” people looking for part-time employment who unwittingly or willingly help organized cyber thieves launder stolen funds. The most common question I get about money mules is: “Do any of them ever get… Read More »

eThieves Steal $217k from Arena Firm

August 16, 2011

40 Comments

Cyber thieves stole $217,000 last month from the Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization responsible for operating the Qwest Center and other gathering places in Omaha, Nebraska.

Judge Nixes Patco’s eBanking Fraud Case

August 8, 2011

56 Comments

A district court judge in Maine last week approved a pending decision that commercial banks which protect accounts with little more than passwords and secret questions are in compliance with federal online banking security guidelines.

Trojan Tricks Victims Into Transferring Funds

July 28, 2011

60 Comments

It’s horrifying enough when a computer crook breaks into your PC, steals your passwords and empties your bank account. Now, a new malware variant uses a devilish scheme to trick people into voluntarily transferring money from their accounts to a cyber thief’s account.

The German Federal Criminal Police (the “Bundeskriminalant” or BKA for short) recently warned consumers about a new Windows malware strain that waits until the victim logs in to his bank account. The malware then presents the customer with a message stating that a credit has been made to his account by mistake, and that the account has been frozen until the errant payment is transferred back.

Calif. Co. Sues Bank Over $465k eBanking Heist

July 25, 2011

44 Comments

A California real estate escrow company that lost more than $465,000 in an online banking heist last year is suing its former financial institution, alleging that the bank was negligent and that it failed to live up to the terms of its own online banking contract.

The plight of Redondo Beach, Calif. based Village View Escrow, first publicized by KrebsOnSecurity last summer, began in March 2010. That’s when organized crooks broke into the firm’s computers and bank accounts, and sent 26 consecutive wire transfers to 20 individuals around the world who had no legitimate business with the firm.