20 January 2017
visit http://www.wolterskluwerfs.com

Cyber crooks targeting bank employees - FBI

19 September 2012  |  6082 views  |  1 biometric  face pointer

A spate of attacks on US financial institutions has seen criminals obtaining bank employee login details through phishing and keylogging and using the information to wire themselves hundreds of thousands of dollars, the FBI is warning.

In a fraud alert, the bureau says criminals have been duping financial institution employees with phishing and spam e-mails before installing keystroke loggers and remote access Trojans on their computers.

The thieves then manage to get complete access to internal networks and logins to third party systems, in some instances taking multiple credentials to circumvent authentication methods.

The crooks then use the information to log in to accounts outside of normal business hours and find out details that can help them steal money, such as transaction history and bank wire transfer settings.

In some of the incidents, before and after unauthorised transactions occurred, the victim suffered a DDoS attack against their public Web sites or Internet banking URLs as a distraction tactic. One botnet used, 'Dirtjumper', is a commercial crimeware kit that can be bought on criminal forums for $200.

Most of the victims to date have been small-to-medium sized banks and credit unions, although a few big players have also been hit, with between $400,000 and $900,000 wired overseas.

Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 20 September, 2012, 11:05

When banks' own employees can get duped by phishing attacks, merely educating their customers to watch out for dodgy emails and URLs is not going to work in this day and age, as I'd pointed out here. Thankfully, technology is available to solve this problem reliably, cost-effectively and, most importantly, without "false positives".

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

High rolling cyber-crooks are smashing bank security safeguards

High rolling cyber-crooks are smashing bank security safeguards

26 June 2012  |  7835 views  |  3 comments
Cybercrime a growing risk for FS firms - PwC survey

Cybercrime a growing risk for FS firms - PwC survey

27 March 2012  |  6510 views  |  0 comments | 1 linkedin
Business banking customers target for new 'live chat' malware attack

Business banking customers target for new 'live chat' malware attack

05 March 2012  |  6523 views  |  0 comments
Another US firm sues bank after cyber-attack

Another US firm sues bank after cyber-attack

15 November 2011  |  10851 views  |  1 comments
FBI arrests 14 over PayPal cyber-attack

FBI arrests 14 over PayPal cyber-attack

20 July 2011  |  8241 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
http://www.financialcrimerisk.fiserv.com/aml?r=finextra

Who is commenting?

Top topics

Most viewed Most shared
Banks face big profit loss to digitisation - McKinseyBanks face big profit loss to digitisation...
15362 views comments | 85 tweets | 108 linkedin
Seven banks plan blockchain platform for SMEsSeven banks plan blockchain platform for S...
12383 views comments | 48 tweets | 42 linkedin
Accenture beats Brexit blues with largest-ever London startup programmeAccenture beats Brexit blues with largest-...
10614 views comments | 30 tweets | 20 linkedin
hands typing furiouslyBlockchain: Time To Get Your Feet Wet
7301 views 0 | 24 tweets | 9 linkedin
RBI told the time is right to digitise the RupeeRBI told the time is right to digitise the...
7254 views comments | 14 tweets | 12 linkedin

Featured job

to Six-Figure Base, Bonus, Benefits
London, UK

Find your next job