EmailSafety.net - Cyber crooks increasingly target small business accounts

Cyber crooks increasingly target small business accounts

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

An organization representing more than 15,000 financial institutions has issued a warning about a growing wave of attacks against small banks and businesses by cyber criminals using stolen banking credentials to plunder corporate accounts.

In an alert to its members earlier this month, NACHA -- the Electronics Payments Association said that attackers are increasingly stealing onine banking credentials, such as user names and paswords, from small businesses by using keystroke logging tools and other malware. The cyber criminals are using the stolen credentials to 'raid' and 'take over' corporate accounts and initiate the unauthorized transfer of funds over electronic payment networks.

NACHA oversees the Automated Clearing House (ACH) electronic payments network. A similar alert that was sent out confidentially last Friday to members of the Financial Services Information Sharing and Analysis Center, according to a story published in the Washington Post yesterday. According to the Post, the alert identified organized cyber groups in Eastern Europe as being predominantly responsible for illegally siphoning millions of dollars off corporate accounts and sent overseas via popular money and wire transfer services.

The Financial Services Information Sharing and Analysis Center was formed by major financial services firms to share information about potential physical and cyber threats to their companies.

Related Content

NACHA's alert said that the cyber crooks are apparently targeting small businesses because of their relative lack of strong authentication procedures, transaction controls and "red flag" reporting capabilities.

In some cases, the alert said, attackers are tricking small business workers into visiting phishing sites with the same look and feel as their company's financial institution, where they would log on using their credentials.

In other instances, keystroke loggers and data stealing malware programs are downloaded onto corporate systems via e-mail attachments, and then used to capture bank account credentials as they are entered into a financial institution's Web site.

Some of the malware tools are capable of alerting the perpetrators when a victim has logged into the Web site of a financial institution. The tools fool the user into thinking the system is not responding while the perpetrator quietly conducts transactions in the user's name, the alert noted.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites