From Softpedia
A Californian escrow firm that had $465,000 stolen from its bank account, with the help of a computer trojan, was forced to sign up for a loan to replace the missing funds.
The cybercrooks responsible defeated several online banking security measures in order to steal the money.
According to Krebs on Security, the security breach occurred sometime in March, when the owner of California-based Village View Escrow opened the attachment on a fake email about an undelivered UPS package. The file installed a banking trojan, which immediately started to record and relay valuable information, like the online banking password, back to the cybercrooks.
Furthermore, the fraudsters managed to disable the normal email notifications sent out by the online banking system after each transaction. This left the company totally in the dark about what was going on.
Apparently, there was also human error involved, as every transaction required approval from two distinct people in the company, the owner and their assistant. However, after failing to view information about that undelivered UPS package, the owner forwarded the malicious email to their assistant and had them check it out as well.
The crooks initiated two international money transfers of $88,000 and $94,000 directly to bank accounts in Latvia. This is also unusual behavior, because such fraudulent transfers are usually kept under the $10,000 limit and sent to accounts held with domestic banks. The rest of the stolen money was transferred to mules in the United States in order to be wired outside of the country.
The bank was only able to reverse transfers amounting to $70,000, leaving Village View Escrow short of $395,000, that were actually other people's deposits for real estate deals
A Californian escrow firm that had $465,000 stolen from its bank account, with the help of a computer trojan, was forced to sign up for a loan to replace the missing funds.
The cybercrooks responsible defeated several online banking security measures in order to steal the money.
According to Krebs on Security, the security breach occurred sometime in March, when the owner of California-based Village View Escrow opened the attachment on a fake email about an undelivered UPS package. The file installed a banking trojan, which immediately started to record and relay valuable information, like the online banking password, back to the cybercrooks.
Owner Michelle Marisco said her financial institution at the time — Professional Business Bank of Pasedena, Calif. – normally notified her by e-mail each time a new wire was sent out of the company’s escrow account. But the attackers apparently disabled that feature before initiating the fraudulent wires.This case stands out from the pile of other similar incidents that occurred in the past year, because it really outlines the complexity of these malware threats. For example, the company's bank - which, as in other cases, refused to take responsibility - told the owner that the fraudulent transactions were issued from their regular IP address. This means attackers used an advanced connection tunneling feature that trojans like Zbot have in their arsenal.
Furthermore, the fraudsters managed to disable the normal email notifications sent out by the online banking system after each transaction. This left the company totally in the dark about what was going on.
Apparently, there was also human error involved, as every transaction required approval from two distinct people in the company, the owner and their assistant. However, after failing to view information about that undelivered UPS package, the owner forwarded the malicious email to their assistant and had them check it out as well.
The crooks initiated two international money transfers of $88,000 and $94,000 directly to bank accounts in Latvia. This is also unusual behavior, because such fraudulent transfers are usually kept under the $10,000 limit and sent to accounts held with domestic banks. The rest of the stolen money was transferred to mules in the United States in order to be wired outside of the country.
The bank was only able to reverse transfers amounting to $70,000, leaving Village View Escrow short of $395,000, that were actually other people's deposits for real estate deals