Case study joined

Cyber Criminals Now Target Small And Medium Enterprises

SITUATION
Cyber criminals have moved beyond simple identity Compare that to fraud statistics of Automatic Clearing
theft. They are now targeting small and medium Houses (credit card processors). The recent arrests “Lacking sophistication and
businesses and local banks, using specialized banking connected with Zeus accounted for some 390 appropriate security, SMEs make
malware for cyber heists, using mainly the Zeus reported cases where $70 million was stolen from great targets for cyber gangs.
botnet. These small and medium organizations accounts. The criminals had attempted to steal some
represent good targets for organized cybercrime as $220 million. The investigation mainly netted the Cyber crime has moved beyond
they often lack the sophistication and knowledge of lowest ranks of the criminal network -- the so-called simple identity theft and is now
the Fortune 1000 to prevent cyber attacks. money mules that remove stolen funds from their specializing in cyber heists:
accounts and transfer the money to international emptying the bank accounts of
CASE IN POINT – accounts abroad. In general, the money mules are small and medium enterprises.”
SANFORD DECEMBER 3, 2009 people who are duped into believing they are
Patco Construction filed suit in York County Superior working for a legitimate company processing Case in Point: Patco Construction
Court Sept. 18, seeking the return of $345,000 not payments. in Sanford, Maine filed suit
recovered from $588,851 in funds hackers were able against its own bank seeking the
to transfer to bank accounts out of the country from ANALYSIS return of $345,000 that was
Patco’s Ocean Bank. The illegal transfers began on The Internet is the crime scene of the 21st century. stolen by cyber criminals.
May 7, when thieves hijacked the company's online Cyber theft is one of the biggest challenges facing our
banking credentials, moving $56,594 to several society today. We can no longer remain ignorant and
individuals that had no prior business relationship hope it will go away. Banks and customers alike must
with Patco. The transfers continued, and Patco educate themselves and give employees Internet
officials only learned the fraud was occurring because Security Awareness Training, including procedures
some of the funds were transferred to invalid bank and necessary security measures. Accounts must be
accounts. The company filed suit, alleging the bank monitored by companies on a regular basis and
was negligent in allowing cybercriminals to break questionable transactions queried immediately.
through the security system. Simultaneously, banks must use the highest level of
security to protect their customers. The financial
DIGITAL CRIME OUTPACES REAL- relationship is at stake – trust is of utmost
WORLD ROBBERIES importance. Today that trust must be earned on both
Digital crime now outpaces real-world bank robberies sides.
in terms of losses. In 2009, there were 8,818 bank
robberies netting criminals an average of $4,029 -- a
total of about $35.5 million, according to the FBI's
Uniform Crime Reporting (UCR) program. However,
60 percent of bank robbers were caught, often very
quickly.

KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com
© 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.

These Mules Move Money

SITUATION banks, setting up new accounts and withdrawing the
In illegal commerce vernacular, a mule is someone money for transfer. In the meantime their “Money
who carries the contraband from one location to Lords” (like “Drug Lords”) remain hidden in the
“Digital crime now outpaces
another. Recent history is full of stories of people background safe from scrutiny.
carrying drugs across borders secreted on their real-world bank robberies in
person. Today’s mules are money mules and are often DIGITAL CRIME OUTPACES REAL- terms of losses. In 2009, there
innocent dupes who move money from bank to bank. WORLD ROBBERIES were 8,818 bank robberies
Digital crime now outpaces real-world bank robberies netting criminals an average of
CASE IN POINT – THE MONEY MULES in terms of losses. In 2009, there were 8,818 bank
$4,029 -- a total of about $35.5
When hackers steal from banks and other business robberies netting criminals an average of $4,029 -- a
total of about $35.5 million, according to the FBI's million, according to the FBI's
structures they are left with a major problem – what
to do with the money? Stealing hundreds of Uniform Crime Reporting (UCR) program. However, Uniform Crime Reporting (UCR)
thousands of dollars at a time requires a strategy so 60 percent of bank robbers were caught, often very program. However, 60 percent of
that when the funds are distributed these criminal quickly. bank robbers were caught, often
deposits don’t raise any red flags. This means that very quickly.”
deposits cannot be in more than $5,000 increments Compare that to fraud statistics of Automatic Clearing
or it is reported to the government. Therefore the Houses (credit card processors). The recent arrests
stolen funds have to be laundered at lower levels. connected with Zeus accounted for some 390
Hackers bust into the accounts, using Trojans, reported cases where $70 million was stolen from
keyloggers and other malicious software but then accounts. The criminals had attempted to steal some
what do they do? $220 million. The investigation mainly netted the
lowest ranks of the criminal network -- the so-called
Taking a page from their drug dealing friends, the money mules that remove stolen funds from their
money mules were invented. But instead of accounts and transfer the money to international
smuggling drugs, these mules are recruited to open accounts abroad. In general, the money mules are
sham bank accounts to receive the money stolen people who are duped into believing they are
from victim accounts. They then withdraw the funds working for a legitimate company processing
from the shell accounts and transfer the money to payments.
overseas bank accounts operated by the gang
leaders. This is all done in increment amounts that ANALYSIS
could elude detection by banks and law enforcement It is more than interesting to note that these thefts
officials. The mules retain somewhere between eight are first initiated through a phishing attack that
and ten percent as their cut of the illegal proceeds. enabled the malware to enter the computer network.
There are hundreds if not thousands of mules This phishing started with a susceptible employee
operating in the United States currently. who through his or her own ignorance clicked where
they should not have clicked. Giving Internet Security
With the rise in unemployment and current economic Awareness Training to employees and executives
conditions, recruitment of mules is not a problem. (really anyone who even remotely touches a
Online job sites such as Careerbuilder have been used computer) , could prevent such massive thefts from
to find people. They run ads and hire recruiters to find happening, and is an essential part of ‘defense-in-
new mules. The mules end up having to do the dirty depth’.
work like their drug carrying brethren. They have to
do the actual “dangerous” business of going into


Is Your Health-Care In Danger From Cyber-Gangs?

SITUATION
Organized cybercrime has shifted its focus to small Compare that to fraud statistics of Automatic Clearing
healthcare providers. After having stolen millions Houses (companies in charge of electronic funds
“According to Chief Executive
from corporations and schools, greedy eyes have transfers and credit card payment processing. The
recent arrests connected with Zeus accounted for Susan Brown, the thieves tried to
moved on to other “easy pickings” – to non-profit
organizations that service the uninsured and the some 390 reported cases where $70 million was steal more money – another
disabled. Is it because their defenses are so poor or stolen from accounts. The criminals had attempted to batch of $30,000 when the bank
are they not educated enough about cyber-heists? steal some $220 million. The investigation mainly blocked the transfer at her
netted the lowest ranks of the criminal network -- behest. Of course the bank
CASE IN POINT – PUGET SOUND the so-called money mules that remove stolen funds blames Evergreen and Evergreen
SEPTEMBER 9, 2010 from their accounts and transfer the money to
blames the bank. Evergreen is
On the morning of September 9, 2010 the staff international accounts abroad. In general, the money
mules are people who are duped into believing they still fighting with the bank to
accountant at the Evergreen Children's Association
woke up to find $30,000 missing from their bank are working for a legitimate company processing have the money reimbursed. ”
account. No one at the organization had written a payments.
check or authorized a transfer for that amount or
anything close to it. Evergreen was in mystery as to ANALYSIS
how so much money had virtually disappeared There is a distinctive pattern as to how these bank
overnight. Virtual was the key word as cyber-thieves account invasions take place. First a targeted e-mail
had been hard at work ripping off this Seattle based is typically sent to the company's accountant or
non-profit organization to the tune of $30K. controller. The communication appears to be
Evergreen provides childcare service on-site for public innocuous, but it is far from that. The message
schools in the Puget Sound area. contains either a virus-laden attachment or a link
that -- when opened -- surreptitiously installs
According to Chief Executive Susan Brown, the malicious software designed to steal passwords.
thieves tried to steal more money – another batch of Armed with those credentials, the crooks then hacks
$30,000 when the bank blocked the transfer at her the online banking accounts and initiate a series of
behest. Of course the bank blames Evergreen and wire transfers.
Evergreen blames the bank. Evergreen is still fighting
with the bank to have the money reimbursed. The real culprit is ignorance. This is not a matter of
Who is really to blame? Read our analysis below. just technology, it is just as much a matter of
education. Someone clicked when they should not
DIGITAL CRIME OUTPACES REAL- have clicked. Someone did not have adequate
WORLD ROBBERIES security software installed or it was not up-to-date.
Digital crime now outpaces real-world bank robberies Think before you click! Security is everyone’s’ job, and
in terms of losses. In 2009, there were 8,818 bank Internet Security Awareness Training has become
robberies netting criminals an average of $4,029 -- a urgent at this point.
total of about $35.5 million, according to the FBI's
Uniform Crime Reporting (UCR) program. However,
quickly.


Is Your Health-Care In Danger From Cyber-Gangs?

SITUATION Compare that to fraud statistics of Automatic Clearing
Organized cybercrime has shifted its focus to small Houses (companies in charge of electronic funds
healthcare providers. After having stolen millions transfers and credit card payment processing). The
“Using a team of “money mules”,
from corporations and schools, their greedy eyes have recent arrests connected with Zeus accounted for
the attackers sent $44,000 to
moved on to local community based health-care some 390 reported cases where $70 million was
their own banks which was then
providers. Could poorly or untrained employees be at stolen from accounts. The criminals had attempted to
steal some $220 million. The investigation mainly rapidly wired to organized crime
the root of these attacks being successful?
netted the lowest ranks of the criminal network -- accounts in Eastern Europe. The
CASE IN POINT – NORTHEAST GEORGIA the so-called money mules that remove stolen funds mules got their commission and
SEPTEMBER 2, 2010 from their accounts and transfer the money to the gang lords got the bulk of
MedLink is a fully staffed year-round primary care international accounts abroad. In general, the money the transfer.“
organization with a central administrative office and mules are people who are duped into believing they
clinic sites throughout northeast Georgia. In early are working for a legitimate company processing Per Gary Franklin, MedLink
September, 2010 cyber-criminals attacked the payments.
Georgia's chief financial officer,
accounts of this healthcare provider. Hackers got
the company's bank reversed
access to the login and password to Medlink’s online ANALYSIS
There is a distinctive pattern as to how these bank some of the fraudulent transfers,
bank account and the cyber-heist was well over
$40K. Using a team of “money mules”, the attackers account invasions take place. First a targeted e-mail but apparently transfers valued
sent $44,000 to their own banks which was then is typically sent to the company's accountant or at $15,000 were not accounted
rapidly wired to organized crime accounts in Eastern controller. The communication appears to be for and may not be recovered.
Europe. The mules got their commission and the innocuous, but it is far from that. The message
gang lords got the bulk of the transfer. contains either a virus-laden attachment or a link
that -- when opened -- surreptitiously installs
Per Gary Franklin, MedLink Georgia's chief financial malicious software designed to steal passwords.
officer, the company's bank reversed some of the Armed with those credentials, the crooks then hacks
fraudulent transfers, but apparently transfers valued the online banking accounts and initiate a series of
at $15,000 were not accounted for and may not be wire transfers.
recovered.
The real culprit is ignorance. This is not a matter of
DIGITAL CRIME OUTPACES REAL- just technology, it is just as much a matter of
WORLD ROBBERIES education. Someone clicked when they should not
Digital crime now outpaces real-world bank robberies have clicked. Someone did not have adequate
in terms of losses. In 2009, there were 8,818 bank security software installed or it was not up-to-date.
robberies netting criminals an average of $4,029 -- a Think before you click! Security is everyone’s’ job, and
total of about $35.5 million, according to the FBI's Internet Security Awareness Training has become
Uniform Crime Reporting (UCR) program. However, urgent at this point.
quickly.


Cyber Birds Of Prey Hunt Small Business
SITUATION DIGITAL CRIME OUTPACES REAL-WORLD
Small businesses are notorious for lack of security ROBBERIES
procedures. Little or no IT staff, busy owners, inadequately Digital crime now outpaces real-world bank robberies in
trained staff and lax procedures open the door to terms of losses. In 2009, there were 8,818 bank robberies “Small-town banking just does
cybercrimes. In fact the door is wide open. And to make netting criminals an average of $4,029 -- a total of about not have the same security
matters worse, banks are refusing to be the fall-guy and $35.5 million, according to the FBI's Uniform Crime resources as the bigger banks.
accuse account holders of poor security practices. Small Reporting (UCR) program. However, 60 percent of bank
businesses thus become easy targets for cyber-attacks robbers were caught, often very quickly. Moreover, companies simply do
with few financial or technical resources to stop them. not have legal protection from
Often times, the banks involved are small as well. Compare that to fraud statistics of Automatic Clearing identity fraud, unlike individual
Small-town banking just does not have the same security Houses (companies in charge of electronic funds transfers
consumers, and are forced to
resources as the bigger banks. Moreover, companies simply and credit card payment processing). The recent arrests
do not have legal protection from identity fraud, unlike connected with Zeus accounted for some 390 reported absorb the losses caused by
individual consumers, and are forced to absorb the losses cases where $70 million was stolen from accounts. The cyber theft. ”
caused by cyber theft. criminals had attempted to steal some $220 million. The
investigation mainly netted the lowest ranks of the
But who is really to blame? criminal network -- the so-called money mules that
remove stolen funds from their accounts and transfer the
CASE IN POINT – MODESTO, money to international accounts abroad. In general, the
CALIFORNIA FEBRUARY 8, 2010 money mules are people who are duped into believing
When David Johnston woke up that morning, the last they are working for a legitimate company processing
thing on his mind was cybercrime. But unfortunately, his payments.
company Sign Designs Inc., an electric-sign maker in
Modesto, California was on a hacker’s mind. And then there ANALYSIS
was the phone call from their bank, Bank of Stockton, Small business and regional banking attacks are on a
inquiring about a $9,670 electronic payment to a Chase major upswing. As indicated both lack creditable security
customer in Michigan. Sign Designs confirmed it hadn't set procedures and open themselves up to attack. However, in
up the payment and the banks halted the transaction. this case it was proven once again that the financial attack
was the result of an earlier malicious program attack. This
However, they were a little late on the chain. Close to program did not insert itself onto the controller’s
$100,000 had been transferred out of their account and computer. He had to have done something to initiate the
distributed to 17 money mules. The Bank of Stockton attack. Ignorance not maliciousness was the culprit.
responded as rapidly as they could once they discovered Sign Designs President David Johnston argues that Bank of
the online deception. They managed to secure a little more Stockton should cover the losses because it didn't flag the
than half of the absconded funds but $48,000 was already highly unusual account activity nor did it bar two
in the hands of the hackers. computers—the controller's and hacker's—from
accessing the account with the same credentials at the
Naturally, Bank of Stockton declares no responsibility since same time. "I don't think they should offer a service that is
its security systems were never actually penetrated. The not safe," Mr. Johnston says. "Do you expect I'm going to
bad guys had planted malicious software on the computer solve this? I'm going to take on these Russian thieves?
of Sign Designs' controller and used it to steal his Clearly I'm not going to be able to do it."
online-banking credentials. The bank also says Sign Actually, Mr. Johnston with all due respect, you can take
Designs failed to take advantage of security measures that them on. Educate your staff. Don’t let them fall for fishing
might have averted losses, such as requiring two staff expeditions.
members to sign off on every payment.


Looking At The Bank’s Role In Cybertheft
SITUATION 4. TD Bank did nothing to secure their online banking facility,
Do banks have sufficient safeguards to prevent unauthorized disregarding all the explicit warnings from federal agencies,
electronic transfers? In particular does your bank double verify plus industry analysts such as Avivah Litan and computer
before sending your money to a criminal organization? It may security specialists such as Bruce Schneier.
sound harsh but this is the current state of affairs for small 5. And this is in spite of the fact that many different proven, “Ms. McCarthy immediately
businesses in particular. Have you checked out your bank’s inexpensive, fast-to-implement, easy-to-integrate, and
security procedures? Have you told them to not allow electronic customer-friendly bank security solutions that defeat these notified the bank when she saw
transfers over a certain amount without checking with you attacks have been available in the commercial marketplace for the transfers from her Little &
personally? There are simple procedures to red flag an account for over half a decade.
unauthorized transfer – make sure your bank is employing them. King company account. She had
Not everyone has been so lucky. TD Bank maintains that because the hackers used her correct
username and password to make the transfers, TD Bank bears no never previously made an
CASE IN POINT – MASSAPEQUA, NEW YORK responsibility whatsoever for the breach. Furthermore, because
her computer was infected with ZeuS, Little & King bears electronic transfer. TD Bank did
FEBRUARY 15, 2010 responsibility for the fraudulent transfers.
On Monday, February 15, 2010, Karen McCarthy's life was literally not put a freeze on her account
turned upside down, when her business bank account at TD Bank until the next day despite the
was electronically looted. The usual suspects (Eastern European DIGITAL CRIME OUTPACES REAL-WORLD
criminals) removed $164,000 in what has become an epidemic of ROBBERIES call from McCarthy.
commercial bank account thefts. Utilizing the infamous ZeuS Digital crime now outpaces real-world bank robberies in terms of
virus, criminals were able to ferret out her logon and password. losses. In 2009, there were 8,818 bank robberies netting
The rest is history, except for one thing – did TD Bank employ the criminals an average of $4,029 -- a total of about $35.5 million,
necessary security lockdown procedures as mandated by the according to the FBI's Uniform Crime Reporting (UCR) program. Furthermore, the bank did not
FDIC? However, 60 percent of bank robbers were caught, often very notify her of any unusual
quickly.
Ms. McCarthy immediately notified the bank when she saw the activity, something that would
transfers from her Little & King company account. She had never Compare that to fraud statistics of Automatic Clearing Houses
previously made an electronic transfer. TD Bank did not put a (companies in charge of electronic funds transfers and credit card seem to be commonplace per
freeze on her account until the next day despite the call from payment processing). The recent arrests connected with Zeus
accounted for some 390 reported cases where $70 million was online banking agreements. It is
McCarthy. Furthermore, the bank did not notify her of any
unusual activity, something that would seem to be commonplace stolen from accounts. The criminals had attempted to steal some a simple matter to setup online
per online banking agreements. It is a simple matter to setup $220 million. The investigation mainly netted the lowest ranks of
online alerts such as this, yet TD Bank seemingly failed to do so. the criminal network -- the so-called money mules that remove alerts such as this, yet TD Bank
TD Bank has stated that they were not responsible, that the fraud stolen funds from their accounts and transfer the money to
was “not related to any breach on the part of TD Bank.” international accounts abroad. In general, the money mules are seemingly failed to do so.”
people who are duped into believing they are working for a
Determined to get to the bottom of this fraudulent activity, legitimate company processing payments.
McCarthy discovered some interesting things about TD Bank
including lack of certain security protocols. ANALYSIS
Is it possible that TD Banks’ online banking services required no
1. TD Bank did not comply with the regulatory guidance they more authentication than a simple user name and password and
have been receiving from FFIEC and FDIC starting in 2005. did not require any further enhanced authentication before
Indeed, TD Bank’s CEO received an FDIC Special Alert (LINK) transferring large sums of money? Did they make it easy for
almost six months prior to the Little & King incident that hackers to access Little & Kings’ bank account and wipe it out
exactly described the attack that cleaned out her account. The without no more than a cyber-handshake?
alert instructed the bank to institute appropriate security
measures to prevent losses due to malicious software. It seems that our local and regional banks have made it clear that
2. This FDIC Alert informed service providers where to look for until they are forced to take full financial responsibility (as they
guidance and gave them information on authentication and are today with retail - consumer - accounts) for allowing these
information about security for high risk transactions. These attacks to succeed, they simply will not follow the guidance that
documents included: their regulators have offered them to prevent those successful
• FFIEC Guidance Authentication in an Internet attacks. If and only when banks like TD Bank are required to
Banking Environment reimburse commercial depositors for losses from cyber theft that
• Authentication in an Internet Banking they could have thwarted they will then institute the security
Environment Frequently Asked Questions measures that they could and should have instituted long ago.
• FFIEC Information Security Examination Handbook
• FFFIEC Retail Payment Systems Examination Make sure your bank is employing the proper protocols and
Handbook procedures to prevent this from happening to you.
• FDIC Guidance on Mitigating Risks from Spyware
3. Previous FFIEC guidance instructed TD Bank to institute
“layers” of fraud controls such as checks on Internet addresses
used and for unusual patterns of account activity.


Job Applications Open Door To Cybertheft

SITUATION The Trojan was used to transfer money to Ukraine and
Do you have a corporate policy regarding clicking on two other U.S. bank accounts. "The FBI recommends
attachments or downloading from sites or email? If that potential employers remain vigilant in opening
you don’t you better get on it. There is a new covert the e-mails of prospective employees," the FBI said. The FBI released information on
trick running around that implants your computer the latest iteration of the hack
with malicious software, just because you DIGITAL CRIME OUTPACES where the cybercriminals look
downloaded an applicant’s resume. REAL-WORLD ROBBERIES
Digital crime now outpaces real-world bank robberies for companies that are hiring
CASE IN POINT – SOMEWHERE IN THE in terms of losses. In 2009, there were 8,818 bank online and then send them the
UNITED STATES JANUARY 2011 robberies netting criminals an average of $4,029 -- a
malware through the so-called
Recently, The U.S. Federal Bureau of Investigation total of about $35.5 million, according to the FBI's
issued a warning regarding a new M.O. ACH, I.e., Uniform Crime Reporting (UCR) program. However, job application. One unnamed
Automated Clearing House fraud. As you have noted 60 percent of bank robbers were caught, often very U.S. Company recently lost
in these case studies, cybercriminals install malicious quickly.
software on unsuspecting computers which is then $150,000 according to the FBI's
used to burrow into their financial information logins Compare that to fraud statistics of Automatic Clearing Internet Crime Complaint Center.
and passwords. Once they have access to the account Houses (companies in charge of electronic funds
they start transferring sums through fake employees, transfers and credit card payment processing). The
payees, etc. The money mules then move the recent arrests connected with Zeus accounted for "The malware was embedded in
company to accounts that are out of the U.S. In a some 390 reported cases where $70 million was an e-mail response to a job
matter of hours, hackers can move hundreds of stolen from accounts. The criminals had attempted to
thousands of dollars from your account should it steal some $220 million. The investigation mainly posting the business placed on
become infected. Small businesses and regional netted the lowest ranks of the criminal network -- an employment website," the FBI
banks are often the targets for these 21st Century the so-called money mules that remove stolen funds
from their accounts and transfer the money to reported.
gangsters and they usually are not as technically
sophisticated. Access to the victimized computer is international accounts abroad. In general, the money
granted through sophisticated phishing techniques mules are people who are duped into believing they
that take advantage of employee computer security are working for a legitimate company processing
ignorance. payments.

The FBI released information on the latest iteration of ANALYSIS
the hack where the cybercriminals look for Once again we find that lack of computer security
companies that are hiring online and then send them training to be the culprit. We live in a highly
the malware through the so-called job application. technically uncivilized world. The Internet is the
One unnamed U.S. Company recently lost $150,000 modern version of the Wild Wild West. You have to be
according to the FBI's Internet Crime Complaint armed and ready to protect your company from
Center. "The malware was embedded in an e-mail serious gunfire. One of them of course, is to not open
response to a job posting the business placed on an email attachments. The safest bet is to delete the
employment website," the FBI reported. attachment and write back to the sender asking for a
plain text version. Interestingly, another option is
In this case the malware, a variant of the Bredolab opening the document in Google Gmail if you have
Trojan, "allowed the attacker to obtain the online an account to check the legitimacy of the application
banking credentials of the person who was or resume. You can set up a special Gmail account just
authorized to conduct financial transactions within for recruitment to safeguard your network.
the company." The typo-filled Trojan looked like a
Word document and read: "Hello! I have figured out
that you have an available job. I am quiet interested
in it. So I send you my resume, Looking forward to
your reply. Thank you."


Hackers Crack Library Without A Card: Making Withdrawals
Without A Library Card
SITUATION DIGITAL CRIME OUTPACES
How open is your company’s Internet access? Does REAL-WORLD ROBBERIES
your staff go online when no one is looking? Do you Digital crime now outpaces real-world bank robberies Digital crime now outpaces
have patrons or customers that have access as well? in terms of losses. In 2009, there were 8,818 bank real-world bank robberies in
What security safeguards do you have in place? What robberies netting criminals an average of $4,029 -- a
terms of losses. In 2009, there
are your rules for using the Internet? Small total of about $35.5 million, according to the FBI's
were 8,818 bank robberies
businesses tend to be pretty lax in this area. Isn’t it Uniform Crime Reporting (UCR) program. However,
time that you had firm policy on using the Internet in 60 percent of bank robbers were caught, often very netting criminals an average of
your business? You could save yourself a lot of trouble quickly. $4,029 -- a total of about $35.5
not to mention – money. million, according to the FBI's
Compare that to fraud statistics of Automatic Clearing Uniform Crime Reporting (UCR)
Houses (companies in charge of electronic funds program.
CASE IN POINT – DELRAY BEACH, transfers and credit card payment processing). The
FLORIDA JANUARY 7, 2010 recent arrests connected with Zeus accounted for However, 60 percent of bank
Somebody was cooking the books at the Delray some 390 reported cases where $70 million was
robbers were caught, often very
Beach Public Library – suddenly $160,000 went stolen from accounts. The criminals had attempted to
quickly.
missing and was nowhere to be found. Hackers steal some $220 million. The investigation mainly
created faux employees and paid them from the netted the lowest ranks of the criminal network --
library’s bank account. Overnight, the library “hired” the so-called money mules that remove stolen funds
16 new employees and their “earnings” were taken from their accounts and transfer the money to
through direct deposit payroll. The money was paid international accounts abroad. In general, the money
out in allotments of under $10,000 so as to not raise mules are people who are duped into believing they
red flags. are working for a legitimate company processing
payments.
Unfortunately for the hackers and fortunately for the
library someone was taking care of the books. The
fraud was discovered rapidly and the bank was able ANALYSIS
to reverse most of the fraudulent transfers. Their Who knows how the malicious software got into the
bank actually refunded the balance to them. This is Delray Beach Library’s network. All they know is that
not the usual case for commercial banks. it did. Publishing a set of computer security best
practices that can be used by library staff and patrons
The library’s phantom employees were recruited with would be a good start. Training the staff to keep
work-at-home offers. They received their ill-gotten security in and the bad guys out would be even
gains wired the majority off and kept a commission. better.
The transfers are under $3,000 each which appear to
be a threshold beneath any controls or checks the
transfer company might have. Western Union and
Moneygram are supposed to have fraud controls in
place to prevent this type of racket but they do not
appear to be working.


Losing The Trust In A Trust Fund

SITUATION over her accounts, despite the presence of standard
So you think you know the ins and outs of Internet anti-virus software.
banking. You make up strong passwords and you
even remember to change them once in a while. You DIGITAL CRIME OUTPACES Digital crime now outpaces
have “normal” security in place (you hid the sticky REAL-WORLD ROBBERIES real-world bank robberies in
with your password and login on it – it’s no longer on Digital crime now outpaces real-world bank robberies
your monitor). in terms of losses. In 2009, there were 8,818 bank terms of losses. In 2009, there
robberies netting criminals an average of $4,029 -- a were 8,818 bank robberies
CASE IN POINT – TAMPA BAY, FLORIDA total of about $35.5 million, according to the FBI's
netting criminals an average of
MAY 10, 2010 Uniform Crime Reporting (UCR) program. However,
There was nothing typical about this Monday 60 percent of bank robbers were caught, often very $4,029 -- a total of about $35.5
morning for Bradenton attorney Kimberly Graus. It quickly.
million, according to the FBI's
may have started out bright and sunny, but this
Monday turned out to be a dark day for one of the Compare that to fraud statistics of Automatic Clearing Uniform Crime Reporting (UCR)
trust accounts she administers. $35,000 was missing Houses (companies in charge of electronic funds program.
and she could not account for it. Her computer had transfers and credit card payment processing). The
been hacked and the money was finding its way to recent arrests connected with notorious Zeus
Eastern European criminals. malware accounted for some 390 reported cases However, 60 percent of bank
where $70 million was stolen from accounts. The
criminals had attempted to steal some $220 million. robbers were caught, often very
According to her bank, her own IP address was the
source of the wire transfer orders and after further The investigation mainly netted the lowest ranks of quickly.
study by computer forensic experts, the culprits were the criminal network -- the so-called money mules
found. The criminals had made four wire transfers that remove stolen funds from their accounts and
from Graus’ trust account. Fortunately, Kimberley transfer the money to international accounts abroad.
spotted it fast enough so she could notify Superior In general, the money mules are people who are
Bank and they were able pull back three of the orders duped into believing they are working for a
but the fourth for $9,500 had already been legitimate company processing payments.
transferred to the Ukraine.
ANALYSIS
And Graus was lucky that just that morning she had If you are a business doing online banking and are
wired $400,000 to pay off client mortgages. The only relying on the bank’s security and safeguards,
hackers struck in the afternoon; otherwise they you may be bound for major trouble. Commercial
might have gotten a much bigger haul and accounts do not have the same FDIC insurance as
potentially bankrupted her practice. personal accounts! Before you use online banking,
read the rules carefully. Check all online accounts
Aside from the $9,500.00 loss, there were significant daily, and make sure your corporate
other costs in both time and money including a new defense-in-depth is in good shape.
laptop to be used for banking purposes only, the cost
of the forensic investigation and not to mention the One simple thing we strongly recommend is that your
time costs involved in closing and setting up new company instructs the bank that no outside transfers
bank accounts. There is also the potential loss of trust are made without the bank having hard-copy written
she has had with her clients and other business authorization signed by an account signatory for any
associates including her bank. Superior Bank of transfer request. That, and having a formal Internet
course, is adamant that it bears no responsibility for Security Awareness Training program in place for all
the theft. employees. The bad guys are bypassing the antivirus
on workstations by making users click on something
Computer consultants told Graus that the malware on and infect the PC with malware so that they can hack
her system most likely came in the form of a email the network.
phishing attempt that she clicked on. The malware
was able to capture passwords and logins and took


School’s Out For Christmas, Hackers Get Presents

Here you are in the far Western part of Pennsylvania, REAL-WORLD ROBBERIES
a comparatively modest school district and your Digital crime now outpaces real-world bank robberies
Digital crime now outpaces
payroll suddenly expands by 42 employees from in terms of losses. In 2009, there were 8,818 bank
California and Puerto Rico during Christmas break. robberies netting criminals an average of $4,029 -- a real-world bank robberies in
Would that not strike you as unusual? On top of that total of about $35.5 million, according to the FBI's terms of losses. In 2009, there
your bank receives 74 wire transfer requests over a Uniform Crime Reporting (UCR) program. However, were 8,818 bank robberies
four-day period, when you very rarely ever ever wire 60 percent of bank robbers were caught, often very netting criminals an average of
transfer. Shouldn’t your bank take notice of that fact? quickly. $4,029 -- a total of about $35.5
Wouldn’t it strike them as unusual especially since
schools and administrative offices were closed for the Compare that to fraud statistics of Automatic Clearing
holiday? Well, that is what happened in Western Houses (companies in charge of electronic funds Uniform Crime Reporting (UCR)
Beaver Country, PA. transfers and credit card payment processing). The program.
recent arrests connected with Zeus accounted for
CASE IN POINT – WESTERN BEAVER some 390 reported cases where $70 million was However, 60 percent of bank
COUNTY, PENNSYLVANIA JANUARY 2, stolen from accounts. The criminals had attempted to
2009 steal some $220 million. The investigation mainly
Western Beaver County School District administrators netted the lowest ranks of the criminal network -- quickly.
were not very happy with their Christmas present this the so-called money mules that remove stolen funds
year. They woke up to find out that hackers not Santa from their accounts and transfer the money to
Claus had made away with over $700,000 from their international accounts abroad. In general, the money
bank accounts. To their credit, ESB Bank managed to mules are people who are duped into believing they
reverse some of the wire transfers, however, the are working for a legitimate company processing
Pennsylvania school district was out more than payments.
$441,000.

A few months later Western Beaver tried to sue ESB ANALYSIS
and recover their money, but as in other instances, Once again criminals made use of the Automated
the bank had protected itself with procedures and Clearing House (ACH) Network to get their prize.
policy. As we know commercial accounts do not Should banks take note of an unusual number of
receive the same level of protection as personal transfers? They sure should and no excuse that there
accounts which are only liable up to $50. Court filings are so many transactions that they could not keep
showed that the criminals used malicious software to track of them. It is not exactly rocket science to
gain control of Western Beaver’s computers and thus program an account to put up a red flag. Should
their bank accounts. Western Beaver School District be monitoring their
accounts on a regular basis? Absolutely, nothing is
The bad guys set up the new payees and transferred better than vigilance and nothing worse than
the money to them -- with routing number and negligence. It would be interesting to discover how
account number in hands, the money was transferred well-protected their computer networks are.
to the money mules who made out quite well for the
holidays.


Dentist Gets Drilled

SITUATION But before they did that, they still had to access Dr.
Just when you thought you heard everything, here Thousand’s account information. No surprise,
comes this new weapon from the bad guys – malicious software was embedded in his system
‘telephony denial-of-service’. Imagine you cannot use most likely after a phishing expedition. They then The bad guys had this dentist
your telephones, land, mobile, home, work, etc. went on to raid, pillage and loot his account. coming and going. In December,
because gangsters have engaged in a bombardment While his account was being plundered, the battery
he discovered that $399,000 had
of calls to those numbers while at the same time they of phone calls began. In the meantime the thieves
systematically drain your bank accounts. You bank posing as Dr. Thousand called Ameritrade demanding been drained from his
might even be trying to call you and get your that the transfers be sent through. When questioned, Ameritrade retirement account
approval or alert you to the transfers coming from they acknowledged having phone problems as to shortly after he’d received the
your account. why they did not respond to previous calls. Dr.
Thousand was most fortunate in that Ameritrade did calls. About $18,000 was
CASE IN POINT – ST. AUGUSTINE, return his funds. Had they been in a business account transferred from his account on
FLORIDA, DECEMBER 2009 he would not have been so fortunate. Nov. 23, with an
So there you are doing what dentists do, drilling and
filling, when you get a phone call featuring a DIGITAL CRIME OUTPACES $82,000-transfer following two
30-second promotion for a sex hotline. You just might REAL-WORLD ROBBERIES days later. Five days after that,
think that was unusual but when they persist and Digital crime now outpaces real-world bank robberies another $99,000 was drained,
literally barrage your phone lines, you just might in terms of losses. In 2009, there were 8,818 bank
robberies netting criminals an average of $4,029 -- a followed by two transfers of
think something unsavory was going on in your life.
This, indeed, was what happened to Florida Dentist total of about $35.5 million, according to the FBI's $100,000 each on Dec. 2 and 4.
Robert Thousand Jr., who by the way is semi-retired. Uniform Crime Reporting (UCR) program. However, The thieves withdrew the money
Almost $400,000 was drained from his Ameritrade 60 percent of bank robbers were caught, often very
quickly. in New York.
Retirement Account.

The FBI said attacks like this are growing, Compare that to fraud statistics of Automatic Clearing
Last November, Robert Thousand Jr., a semi-retired Houses (companies in charge of electronic funds
dentist in Florida, received a flood of calls to several transfers and credit card payment processing). The
phones. When he answered them, he heard a recent arrests connected with Zeus accounted for
30-second recording for a sex hotline, according to some 390 reported cases where $70 million was
the St. Augustine Record. stolen from accounts. The criminals had attempted to
steal some $220 million. The investigation mainly
The bad guys had this dentist coming and going. In netted the lowest ranks of the criminal network --
December, he discovered that $399,000 had been the so-called money mules that remove stolen funds
drained from his Ameritrade retirement account from their accounts and transfer the money to
shortly after he’d received the calls. About $18,000 international accounts abroad. In general, the money
was transferred from his account on Nov. 23, with an mules are people who are duped into believing they
$82,000-transfer following two days later. Five days are working for a legitimate company processing
after that, another $99,000 was drained, followed by payments.
two transfers of $100,000 each on Dec. 2 and 4. The
thieves withdrew the money in New York. ANALYSIS
Per the FBI, the phone calls were a diversionary tactic If you suddenly are barraged with porn phone calls,
tying up Thousand’s line so that Ameritrade could not realize something is amiss check with your bank and
get hold of him and authenticate the money other financial institutions. Change your phone
transfers. number. But do something. Also of course make sure
your anti-malware software is up-to-date. The
money you save may be your own!


An Apple A Day Didn’t Keep This Thief Away

SITUATION Compare that to fraud statistics of Automatic Clearing
You enjoy buying online and find many a bargain. But Houses (companies in charge of electronic funds
sometimes those prices just might be too good to be transfers and credit card payment processing). The Digital crime now outpaces
true. This is especially so when buying a limited recent arrests connected with Zeus accounted for real-world bank robberies in
distribution item like an Apple Computer. This might some 390 reported cases where $70 million was terms of losses. In 2009, there
just be one apple that you should not take a bite stolen from accounts. The criminals had attempted to were 8,818 bank robberies
from. steal some $220 million. The investigation mainly
netting criminals an average of
netted the lowest ranks of the criminal network --
$4,029 -- a total of about $35.5
CASE IN POINT – TAMPA BAY, FLORIDA the so-called money mules that remove stolen funds
OCTOBER 14, 2007 from their accounts and transfer the money to
Uniform Crime Reporting (UCR)
Rebecca Renner was in the market for a new international accounts abroad. In general, the money
program.
computer for her Tampa-based company, Creative mules are people who are duped into believing they
Minds, a print and design service. An ad on are working for a legitimate company processing
However, 60 percent of bank
Craigslist.org for a MacBook Pro with an Intel payments.
processor and 17-inch screen caught her eye, as did
quickly.
the price: $1,700. The seller, Jeffrey Murray, claimed
to be from the Bronx, N.Y., but was living in London ANALYSIS
because of his job. On the Internet as in life, take nothing for granted. If
something looks too good to be true, chances are it is
Via e-mails, Murray instructed Renner to pay by not what you should be seeking. What should Ms.
wiring money to a third-party payment service and Renner done instead of resorting to impulse and buy
provided a link to the payment Web site. Only a computer that was just priced too inexpensively?
problem was once Renner wired the money she never Well, she should have recognized it was too cheap for
received the computer. Murray or whatever his name that make and model and rejected it to begin with.
is disappeared with her wire transfer and presumably Renner said she was taken in by the idea that Murray
the computer she ostensibly purchased. was part of the Mac community and therefore had to
be a good guy.
DIGITAL CRIME OUTPACES
REAL-WORLD ROBBERIES Wrong again, Murray could have been anywhere in
Digital crime now outpaces real-world bank robberies the world, maybe even running a tidy little Nigerian
in terms of losses. In 2009, there were 8,818 bank scam. And last but not least you don’t pay someone
robberies netting criminals an average of $4,029 -- a you don’t know by wire transfer, not without having
total of about $35.5 million, according to the FBI's the goods in your hands first. This is a big No No.
Uniform Crime Reporting (UCR) program. However, Lesson learned look before you pay.
quickly.


Vandals Go To Town On Small Towns

SITUATION We guess not because the next thing you know there
Someone once said that you can’t fight city hall. Well, are ACH transfers of $70K and a wire transfer of
online criminals have changed this equation. They $30,000. The wire transfer was stopped by the bank
Recently, crooks stole $100,000
have found the means to not only fight city hall but but the 70,000 was long gone
take it to the cleaners. It seems there has been a rash from the New Jersey township of
of online heists of small town bank accounts. It seems DIGITAL CRIME OUTPACES Egg Harbor; $130,000 from a
like quite a few of these organizations do not have REAL-WORLD ROBBERIES public water utility in Arkansas;
the resources to employ the proper safeguards or Digital crime now outpaces real-world bank robberies $378,000 from a New York
sufficient education. in terms of losses. In 2009, there were 8,818 bank
town; $160,000 from a Florida
public library; $500,000 from a
CASE IN POINT – SUMMIT, ILLINOIS total of about $35.5 million, according to the FBI's
MARCH 11, 2010 Uniform Crime Reporting (UCR) program. However, New York middle school district;
The Village of Summit, Illinois is tiny when compared 60 percent of bank robbers were caught, often very $415,000 from a Kentucky
to most towns with a population topping off at quickly. county (this is far from a
around 10,000. Nevertheless, it was a ready target for comprehensive list).” The cyber
cyber-thieves who made off with a grand haul of Compare that to fraud statistics of Automatic Clearing
Houses (companies in charge of electronic funds criminals are taking it to city hall
close to $100,000.
transfers and credit card payment processing). The big time.
According to ace security reporter Brian Krebs, recent arrests connected with Zeus accounted for
“Summit is just the latest in a string of towns, cities, some 390 reported cases where $70 million was
counties and municipalities across America that have stolen from accounts. The criminals had attempted to
seen their coffers cleaned out by organized thieves steal some $220 million. The investigation mainly
who specialize in looting online bank accounts. netted the lowest ranks of the criminal network --
Recently, crooks stole $100,000 from the New Jersey the so-called money mules that remove stolen funds
township of Egg Harbor; $130,000 from a public from their accounts and transfer the money to
water utility in Arkansas; $378,000 from a New York international accounts abroad. In general, the money
town; $160,000 from a Florida public library; mules are people who are duped into believing they
$500,000 from a New York middle school district; are working for a legitimate company processing
$415,000 from a Kentucky county (this is far from a payments.
comprehensive list).” The cyber criminals are taking it
to city hall big time. ANALYSIS
Someone needs a lesson on online security, don’t you
The assistant to the town’s administrator logged in to think? Red flags were flying; the assistant even called
the town bank account at Bridgeview Bank and was the bank and was told there were no problems.
hit with a redirect explaining there were technical Shouldn’t the assistant and the bank have realized
difficulties. Someone had hacked into their network something was wrong and immediately taken
and was rapidly using the credentials she had precautions to protect the account? There was
entered to access the online account. The thieves obvious cyber-skullduggery in place here but truth is
even gave her a phone number for customer support. a bit of common sense could have prevented a
When the assistant called the number it was a $70,000 disaster.
residence. So she called the bank and was told there
were not problems. Should have raised a red flag,
don’t you think?


Cybercrime Attacks Charities - How Criminal Is That?

SITUATION total of about $35.5 million, according to the FBI's
We have seen some acts from cyber bad guys, Uniform Crime Reporting (UCR) program. However,
especially those that take advantage of disasters and 60 percent of bank robbers were caught, often very Digital crime now outpaces
catastrophes, but looting a charity’s bank account quickly. real-world bank robberies in
seems especially low even for them. In the world of terms of losses. In 2009, there
these criminals, nothing is sacred or holy. Compare that to fraud statistics of Automatic Clearing were 8,818 bank robberies
Houses (companies in charge of electronic funds netting criminals an average of
transfers and credit card payment processing). The $4,029 -- a total of about $35.5
CASE IN POINT – BOSTON, recent arrests connected with Zeus accounted for million, according to the FBI's
MASSACHUSETTS JANUARY, 2010 some 390 reported cases where $70 million was Uniform Crime Reporting (UCR)
The United Way is one of the good guys in society. The stolen from accounts. The criminals had attempted to program. However, 60 percent of

funds they raise are put back in the community to steal some $220 million. The investigation mainly bank robbers were caught, often
netted the lowest ranks of the criminal network -- very quickly.
help those who require help. But in January, 2010, it
was the United Way needing the help. the so-called money mules that remove stolen funds
from their accounts and transfer the money to
The bad guys used the Internet to break into the international accounts abroad. In general, the money
United Way in Massachusetts bank account and mules are people who are duped into believing they
looted it to the tune of $150,000 or so they thought. are working for a legitimate company processing
They were pretty clever in using the unauthorized payments.
payroll routine (putting bogus workers on the payroll
and then distributing the funds electronically to
them). This was for $110,000 and then attempted to ANALYSIS
transfer $40,000 to a money mule in New York. Either the United Way got very lucky or someone was
Neither of the schemes worked out as the United Way on their toes monitoring the bank accounts.
and their bank was able to block or reverse the Whatever it was, one of the good things about this
transactions. This is not always the case, very often a was the organization was able to work with their
substantial amount cannot be retrieved because it bank to prevent the fraud. Perhaps this is a good time
has disappeared to eastern Europe. to have a talk with your favorite banker and find out
what they are doing to prevent online fraud. While
you are there work out an airtight policy to make sure
DIGITAL CRIME OUTPACES it never happens to you.
REAL-WORLD ROBBERIES
Digital crime now outpaces real-world bank robberies
in terms of losses. In 2009, there were 8,818 bank


Financial Institutions Fall Victim To Cyber-Theft –
Could Internet Security Awareness Training Have Prevented The Larceny?
In a cyber-twist, a bank is targeted and (possibly a REAL-WORLD ROBBERIES
lot) more than $100K removed from its coffers. The Digital crime now outpaces real-world bank robberies
Digital crime now outpaces
bank won’t say how much. Most of our case studies in terms of losses. In 2009, there were 8,818 bank
involve businesses who wake up one morning to find robberies netting criminals an average of $4,029 -- a real-world bank robberies in
their bank accounts emptied of accumulated cash. total of about $35.5 million, according to the FBI's terms of losses. In 2009, there
This time a bank felt the sting of the cyber-gang. So Uniform Crime Reporting (UCR) program. However, were 8,818 bank robberies
for once it was not the small businessman that was 60 percent of bank robbers were caught, often very netting criminals an average of
hit but the bank itself. Makes you wonder how many quickly. $4,029 -- a total of about $35.5
other banks have found themselves the victim of
cyber-theft. This is especially relevant when you hear Compare that to fraud statistics of Automatic Clearing
about banks that for legal reasons are not able to Houses (companies in charge of electronic funds Uniform Crime Reporting (UCR)
take responsibility for their clients when they have transfers and credit card payment processing). The program. However, 60 percent of
been defrauded. There is irony in all of this, especially recent arrests connected with Zeus accounted for bank robbers were caught, often
when you take into consideration a federal credit some 390 reported cases where $70 million was very quickly.
union. stolen from accounts. The criminals had attempted to
steal some $220 million. The investigation mainly
netted the lowest ranks of the criminal network --
CASE IN POINT – SALT LAKE CITY, UTAH the so-called money mules that remove stolen funds
MAY 20, 2010 from their accounts and transfer the money to
The Treasury Credit Union is a financial facility international accounts abroad. In general, the money
servicing federal employees and the families of the mules are people who are duped into believing they
U.S. Treasury Department in Utah. On a sunny are working for a legitimate company processing
Thursday in May, somewhere around 70 wire payments.
transfers were made from one of the bank’s own
accounts. The transfers were made at low increment
amounts of under $5,000 to money mules for a total
in the low six figures. Some of the money was ANALYSIS
returned. It just goes to show you that despite sophisticated
security, the weak link even in a financial institution
How did the criminals infiltrate this supposedly proved to be an employee. One of the keys to security
well-protected financial institution? Just like they do is educating personnel on Internet Security
any other business; a bank employee’s login and Awareness. If the employee had been educated, a
password was stolen, by malicious software most large amount of money would have been saved and
likely via phishing and the Trojan horse was inserted much aggravation would have been avoided.
into the computer. This was accomplished despite the
fact that the computer and network was
well-protected by an antivirus. The Trojan horse was
not detected; no wonder when you consider the user
went to the phishing site and literally invited the
malware in. Last July, organized thieves used money
mules to steal tens of thousands of dollars from
Huntington, W.V. based First Sentry Bank.


Case study joined

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Case study joined

Similar to Case study joined (20)

Recently uploaded

Recently uploaded (20)

Case study joined