Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
ACH thieves embed job apps with malware
WASHINGTON (1/26/11)--A new variant on automated clearinghouse (ACH)/wire transfer fraud is targeting businesses by responding via e-mail to job openings posted online and embedding malicious software, or malware, warned the FBI. Cyber criminals often target small businesses that use smaller financial institutions such as credit unions and regional banks (cio.co.ke.com.com Jan. 20). In ACH fraud, cyber criminals install malware on a small business' computer and use it to log into the business's online banking account. There, they set up fake fund transfers, add bogus employees or payees, and move the money offshore, sometimes several hundred thousand dollars in a matter of hours. Recently more than $150,000 was stolen from a U.S. business through unauthorized wire transfer as a result of a so-called job applicant's e-mail that contained malware, said the FBI (Internet Crime Complaint Center Jan. 19). The malware was embedded in an e-mail response to a job posting the business placed on an employment website. As a result, the criminal obtained the online banking credentials of a person authorized to conduct financial transactions within the company. The criminal changed the account settings to allow wire transfers--one to the Ukraine and the other two to domestic accounts in the U.S. The FBI identified the malware as a Bredolab variant, svrwsc.exe., which was connected to the ZeuS/Zbot Trojan commonly used by cyber criminals to defraud U.S. businesses. Potential employers should remain vigilant in opening e-mails of prospective employees, said the FBI. Run a virus scan before opening an e-mail attachment to provide an extra layer of security against this type of attack. Also , use separate computer systems to conduct financial transactions, said the FBI.
Other Resources

RSS print
News Now LiveWire
Expanded ATM services at branches attractive to members: @CFIGroup. See #NewsNow Friday
7 hours ago
#FinCEN imposes civil money penalty against NJ's BPI money services co. for #BSA violations http://t.co/WnDzOcxdOZ
9 hours ago
.@ABCULCUs give hat tip to America's #100MM #creditunion milestone http://t.co/q8yo6Lx3LM
10 hours ago
The @CFPB has announced new Credit Union Advisory Council members, as well as other senior leaders, advisory board and council members.
11 hours ago
GDP expanded 4.2% on an annualized basis in 2Q according to Bureau of Economic Analysis
11 hours ago