Monday, June 28, 2010

e-Banking Bandits Stole $465,000 From California Escrow Firm

Brian Krebs:

A California escrow firm has been forced to take out a pricey loan to pay back $465,000 that was stolen when hackers hijacked the company’s online bank account earlier this year.

In March, computer criminals broke into the network of Redondo Beach based Village View Escrow Inc. and sent 26 consecutive wire transfers to 20 individuals around the world who had no legitimate business with the firm.

Owner Michelle Marisco said her financial institution at the time — Professional Business Bank of Pasedena, Calif. – normally notified her by e-mail each time a new wire was sent out of the company’s escrow account. But the attackers apparently disabled that feature before initiating the fraudulent wires.

The thieves also defeated another anti-fraud measure: A requirement that two employees sign off on any wire requests. Marisco said that a few days before the theft, she opened an e-mail informing her that a UPS package she had been sent was lost, and urging her to open the attached invoice. Nothing happened when she opened the attached file, so she forwarded it on to her assistant who also tried to view it. The invoice was in fact a Trojan horse program that let the thieves break in and set up shop and plant a password-stealing virus on both Marisco’s computer and the PC belonging to her assistant.

More here.

2 Comments:

At Tue Jun 29, 10:06:00 PM PDT, Blogger Unknown said...

Need to substitute the word PC with the word Windows, as that is the one and only common denominator.

I also received that email about the lost UPS delivery. When I clicked the link, on my Macintosh, Safari properly detected that this site was trying to download a file, and informed me of such.

One could almost argue, that Microsoft should be the focus of a class action lawsuit, that they have ever allowed their operating system to be so terribly vulnerable.

Piko

 
At Thu Jul 01, 12:14:00 AM PDT, Anonymous Sid said...

On the whole notified by e-mail each time a new wire was sent out of the company’s escrow account.

 

Post a Comment

<< Home