The FBI is warning businesses about the rash of scams that attack crews are using to target their bank accounts and drain them. The scams themselves are nothing new, but the FBI says that they’re becoming more prevalent and sophisticated as the attackers adjust their tactics.
The warning from the FBI is somewhat unusual in that it’s rather specific and detailed in its description of the tactics the attackers are using to get access to the companies’ accounts and the ways in which they’re planting malware on their machines. The advisory, which was written with the help of some banking industry trade groups, warns companies about common tactics such as spear phishing and targeted drive-by downloads that install various pieces of malware on vulnerable machines.
“The cyber criminal’s goal is to get the employee to open the infected attachments or click on the link contained in the email and visit the nefarious website where hidden malware is often downloaded to the employee’s computer. This malware allows the fraudster to “see” and track employee’s activities across the business’ internal network and on the Internet. This tracking may include visits to your financial institution and use of your online banking credentials used to access accounts (account information, log in, and passwords). Using this information, the fraudster can conduct unauthorized transactions that appear to be a legitimate transaction conducted by the company or employee,” the FBI warning says.
Attackers have found quite a bit of success with these scams in the last few years, especially with smaller businesses that likely don’t have large IT staffs or dedicated security personnel. The scams can take a number of different forms, and the emails containing the infected attachments often are very well crafted. They will typically appear to come from either a trusted third-party vendor that the company deals with regularly, such as a delivery service or bank, or from an executive within the company itself.
Many of the attachments are PDFs or Word or Excel documents that are rigged to exploit a vulnerability on the user’s machine, often one that’s already been disclosed, but sometimes a previously unknown bug. The infection itself is usually transparent to the end user and may go unnoticed for some time, allowing the attackers to drain the victim’s account before the employees figure out what’s happened.
The FBI’s advice to business owners are simple, common-sense methods for preventing the infections and identifying financial fraud as quickly as possible:
The advisory points out that attackers change their tactics often and that businesses need to remain aware of new developments.