Hackers Attempt to Take $1.3 Million from D.C. Firm
Brian Krebs writes on Security Fix:
It has been a while since I've written about online banking fraud against small to mid-sized businesses, but I assure you the criminals perpetrating these attacks have been busier than ever. In fact, from more than a dozen incidents I've been investigating lately, the attackers for whatever reason now appear to be focusing heavily on property management and real estate firms, and title companies.More here.
On Nov. 12, I was contacted by a woman in Washington, D.C. who runs a large property management firm. The woman said her company had just been the victim of online banking fraud, but that her board of directors would not let her discuss the incident on the record. Per her request, I am omitting her name and the name of her firm.
The woman said hackers had tried to transfer more than $1.3 million out of her firm's account, but that all three transactions had been stopped. Still, her story is worth telling because it was not a victimless crime, and it shows how attackers are adding yet another layer of complexity to their scams, all in a bid to buy them more time to make off with the loot. In addition, it illustrates how even a security compromise that has been cleaned up can come back to haunt you, and it demonstrates how one weak link in the chain of trust in commercial online banking can be used to attack other organizations.