Wednesday, November 04, 2009

Business e-Banking and The 6-Figure Password

Brian Krebs writes on Security Fix:

On Monday, Security Fix featured the story of Ronnie Cutshall, a Tennessee man who was caught up in an international money laundering scam after being recruited through a work-at-home job offer. That story mentioned that Cutshall received a $9,600 transfer from a company called American Realty, but that I didn't have any luck in tracking down the victim company.

Today the American Realty company affected by that scam contacted me after reading my story (turns out they're located in Shalimar, Fla., not Georgia, as I had previously thought). A few weeks ago, an American Realty employee clicked a link in an e-mail scam that spoofed an IRS alert about unreported income. The Web site linked to in that message quietly installed a password-stealing Trojan horse program named Zeus. From there, the perpetrators were able to swipe the company's online banking credentials, and initiate unauthorized payroll payments to Cutshall and about 20 other individuals.

In all, the hackers transferred $195,000 out of American Realty's bank account. So far, the company has retrieved just $45,000 of the stolen money.

Denny Naugle, operations director at American Realty, said the company is drafting papers to sue their bank.

"The bank said it detected that this was likely fraud, but they let the transfers go through anyway," Naugle said. "They're saying it's our fault because we gave our password information away."

More here.


At Sat Mar 27, 09:42:00 AM PDT, Anonymous bangin said...

E-banking will be a high risk if the system not secure. Audit trail and protection systems must be reliable. A number of banks in Indonesia was attacked through exploitation of weaknesses in the ATM. But that case was resolved quickly and encourage the Bank of Indonesia to review and implement a better security system. Thanks for your post


Post a Comment

<< Home