Gov't warns firms about online robberies
Online criminals have used the Automated Clearing House (ACH) system to facilitate the theft of more than $100 million from small and medium businesses, the FBI warned this week.
The attacks typically use social engineering via e-mail messages to install malicious software on the computers of managers responsible for a business's financial transactions. The Trojan horse then transfers money from the firm's account, when the manager signs onto the business's bank account. The FBI has had reports of firms losing hundreds of thousands to millions of dollars, according to an advisory posted on the FBI's Internet Crime Complaint Center (IC3).
"In most cases, the victims' accounts are held at local community banks and credit unions, some of which use third-party service providers to process ACH transactions," the FBI stated. "The bank account holders are often small- to medium-sized businesses across the United States, in addition to court systems, school districts, and other public institutions."
Data indicates that criminals are quickly ramping up their operations. Last month, the FBI estimated that more than $40 million has recently been stolen from firms, according to the Washington Post. In one example, a Silicon Valley construction firm had $447,000 siphoned from its account in 27 separate transactions in a matter of minutes.
http://www.securityfocus.com/brief/1032