Frenzzz....
With hacked or taken away by a phishing e-mail accounts have recently begun to rob the bank accounts of small businesses. Technically, the scheme is extremely primitive and rarely brings more than a pair of swindlers thousand dollars, but such attacks are often successful because the exploit trust relationships between the bank and the client.
Last month, some creative people have stolen personal email accounts with three different customer Western National Bank (WNB), a small bank with seven branches in the Central and West Texas. In all cases, the thieves could verify that the victim previously conducted electronic communication with the staff of the bank.
Further, there fraudsters have composed such a letter and sent it to the staff of local branches of WNB, which worked their victims:
"Good Morning,
Could you remind me of the available balance on my account and all information needed to make for me today, outgoing bank payments, now I'm going to the funeral of his nephew, but I will frequently check their mail, do not answer you.
Thank you.
"
Kyuler Wade (Wade Kuehler), executive vice president, WNB, said that in two out of three employees of the bank decided to track down the source of the request, and even ignored an order for this not to contact customers by phone. In both cases, the clients were very grateful and said that they did not write such letters.
But in the third case, the thieves hit the jackpot when a tendency to empathize with the girl-bank manager sent them in response to the information requested on the balance sheet. Thieves in response to a letter sent a request to transfer money to another bank account, and the manager was happy to help.
Kyuler said WNB accepts responsibility for the theft, the scale which he called "small" and that the employee deserves disciplinary action."This particular client did have [experience by e-mail] to the manager, who believed that doing his job - taking care of the customer."
Kyuler added that he had heard from other banks - namely, other small regional financial institutions - that they have recently been in the same attack.
"The general scheme is that the legitimate accounts hacked - he said. - And then the hacker wrote letters to everyone in your address book, just like a bank representative. "
JB Snyder (JB Snyder), a principal and manager of the company Bancsec, which specializes in network security and penetration testing for banks, said the attacks - even so clumsily executed, as described above - are working and will work as well as exploiting the oldest and most reliable security hole - a trust relationship. That is what is called "social engineering".
"It's crazy, but even such a stupid scheme generate revenue - said Snyder. - We know this from experience. The key point here is that a huge proportion of business today is done solely through e-mail without any other authentication, which opens up unlimited opportunities. "
As for the hijacking of accounts, it is usually done through phishing, viruses, or a brute force password-guessing attacks by cold reboot. So, as you know, do not pass on suspicious links in the mail, enter the authentication data, if you are unsure of the address of the login page and use simple passwords that are easy to guess.
source: krebsonsecurity.com/2012/03/hacked-inboxes-lead-to-bank-fraud /
With hacked or taken away by a phishing e-mail accounts have recently begun to rob the bank accounts of small businesses. Technically, the scheme is extremely primitive and rarely brings more than a pair of swindlers thousand dollars, but such attacks are often successful because the exploit trust relationships between the bank and the client.
Last month, some creative people have stolen personal email accounts with three different customer Western National Bank (WNB), a small bank with seven branches in the Central and West Texas. In all cases, the thieves could verify that the victim previously conducted electronic communication with the staff of the bank.
Further, there fraudsters have composed such a letter and sent it to the staff of local branches of WNB, which worked their victims:
"Good Morning,
Could you remind me of the available balance on my account and all information needed to make for me today, outgoing bank payments, now I'm going to the funeral of his nephew, but I will frequently check their mail, do not answer you.
Thank you.
"
Kyuler Wade (Wade Kuehler), executive vice president, WNB, said that in two out of three employees of the bank decided to track down the source of the request, and even ignored an order for this not to contact customers by phone. In both cases, the clients were very grateful and said that they did not write such letters.
But in the third case, the thieves hit the jackpot when a tendency to empathize with the girl-bank manager sent them in response to the information requested on the balance sheet. Thieves in response to a letter sent a request to transfer money to another bank account, and the manager was happy to help.
Kyuler said WNB accepts responsibility for the theft, the scale which he called "small" and that the employee deserves disciplinary action."This particular client did have [experience by e-mail] to the manager, who believed that doing his job - taking care of the customer."
Kyuler added that he had heard from other banks - namely, other small regional financial institutions - that they have recently been in the same attack.
"The general scheme is that the legitimate accounts hacked - he said. - And then the hacker wrote letters to everyone in your address book, just like a bank representative. "
JB Snyder (JB Snyder), a principal and manager of the company Bancsec, which specializes in network security and penetration testing for banks, said the attacks - even so clumsily executed, as described above - are working and will work as well as exploiting the oldest and most reliable security hole - a trust relationship. That is what is called "social engineering".
"It's crazy, but even such a stupid scheme generate revenue - said Snyder. - We know this from experience. The key point here is that a huge proportion of business today is done solely through e-mail without any other authentication, which opens up unlimited opportunities. "
As for the hijacking of accounts, it is usually done through phishing, viruses, or a brute force password-guessing attacks by cold reboot. So, as you know, do not pass on suspicious links in the mail, enter the authentication data, if you are unsure of the address of the login page and use simple passwords that are easy to guess.
source: krebsonsecurity.com/2012/03/hacked-inboxes-lead-to-bank-fraud /
0 comments:
Post a Comment