Business e-Banking and The 6-Figure Password
Brian Krebs writes on Security Fix:
On Monday, Security Fix featured the story of Ronnie Cutshall, a Tennessee man who was caught up in an international money laundering scam after being recruited through a work-at-home job offer. That story mentioned that Cutshall received a $9,600 transfer from a company called American Realty, but that I didn't have any luck in tracking down the victim company.More here.
Today the American Realty company affected by that scam contacted me after reading my story (turns out they're located in Shalimar, Fla., not Georgia, as I had previously thought). A few weeks ago, an American Realty employee clicked a link in an e-mail scam that spoofed an IRS alert about unreported income. The Web site linked to in that message quietly installed a password-stealing Trojan horse program named Zeus. From there, the perpetrators were able to swipe the company's online banking credentials, and initiate unauthorized payroll payments to Cutshall and about 20 other individuals.
In all, the hackers transferred $195,000 out of American Realty's bank account. So far, the company has retrieved just $45,000 of the stolen money.
Denny Naugle, operations director at American Realty, said the company is drafting papers to sue their bank.
"The bank said it detected that this was likely fraud, but they let the transfers go through anyway," Naugle said. "They're saying it's our fault because we gave our password information away."