D.C. Businessman Loses Thousands After Clicking on Wrong e-Mail
Brian Krebs writes on Security Fix:
Pay-per-click revenue in the online advertising business may be diminishing for traditional media publishers, but thieves increasingly are earning five- to seven-digit returns when victims click on a booby-trapped link or attachment sent via e-mail.More here.
The latest victim to learn this was Nigel Parkinson, president of D.C.-based Parkinson Construction, a firm with an estimated $20 million in annual revenue that has worked on some of Washington's top gathering places, including the new D.C. Convention Center and the Nationals baseball stadium.
Parkinson said he had an expensive crash course in computer security, when on Nov. 24, he clicked a link in an e-mail purporting to be from the Social Security Administration warning him about potential errors on his Social Security statement. Parkinson fell for the ruse and ended up downloading a copy of the Zeus Trojan, a prolific family of malicious software that criminal gangs have used to great effect to steal tens of millions of dollars from victimized businesses so far this year.
Zeus is primarily a password-stealing Trojan, and in short order the thieves had stolen the credentials Parkinson uses to administer his construction firm's bank account online.
From there, the hackers sent $92,000 of Parkinson's cash to nine different money mules, accomplices hired through work-at-home job schemes who are instructed to withdraw the money and wire it overseas (typically minus an eight percent commission).