Scammers Transfer $11 Million Stolen from SMBs to China (
Page 1 of 2 )
Scammers
successfully transferred more than $11 million stolen from small and midsize
businesses to companies in China in the past year, according to the FBI.
Cyber-criminals
stole banking credentials from companies and public institutions in the United
States to fraudulently wire millions of dollars to Chinese companies, warned
the FBI
in a fraud alert issued April 26. There were 20 such incidents between
March 2010 and April 2011, where the attackers attempted to steal $20 million
and succeeded in stealing about $11 million, according to the federal agency.
In
most cases, the thieves use phishing emails or rogue Websites loaded with
data-stealing malware to compromise the computer of someone within the targeted
company. When the victim, who generally has the authority to initiate funds
transfers, tries to log into the Website, he or she is redirected to a page
claiming the site is under maintenance.
At
this point, criminals use the stolen log-in credentials to transfer money from
the victims’ accounts to intermediary accounts at a different United States
bank, often located in New York. The funds are then transferred overseas to an
account owned by one of the “economic and trade companies” located in China’s
Heilongjiang province. The stolen money is immediately withdrawn or transferred
again from that Chinese account, the FBI said.
"It
is unknown who is behind these unauthorized transfers, if the Chinese accounts
were the final transfer destination, or if the funds were transferred
elsewhere, or why the legitimate companies received the unauthorized
funds," said the advisory. The FBI alert listed both the Agricultural Bank
of China and the Industrial and Commercial Bank of China in the advisory.
IT Security & Network Security News & Reviews News & Reviews 
