FBI Warns of ACH Fraud: Businesses, Banks Targeted

A recent report suggests that cyber criminals are now setting their sights on small- and medium-sized businesses and institutions.

According to an alert posted on the U.S. Federal Bureau of Investigation (FBI) website, there has been a "significant increase" in automated clearing house (ACH) fraud over the past few months, targeting small businesses, municipal governments and schools. The FBI believes that about $100 million dollars has moved bank accounts because of this practice. (Source: yahoo.com)

The "weapon of choice" for these fraudsters is online banking and the plan is rather devious, to say the least.

Email 'Plants the Seeds' for Hack

It starts with a seemingly harmless email to the bookkeeper of a small-time business. The email carries a corrupt attachment designed to appear as a Microsoft software patch, or a direct route to an infected site. This is essentially "planting the seeds" for future maliciousness to ensue, in the hopes that the bookkeeper will soon enter vital login credentials.

When the fraudster has access to the bank account, the ACH transfers are then set up and given to "money mules" -- innocent victims who believe they are performing payroll processing for international companies. (Source: idg.no)

Once the money is sent overseas, it never returns.

DOS Attack Buys "Mules" More Time

Hackers are already beginning to improve upon this theft method. In one case, cyber criminals launched a denial-of-service attack against an automated clearing house processor to prevent the bank from identifying transfers before the "mules" could move the funds overseas.

The reason for the small-scale attacks is simple: these organizations tend to work with smaller regional banks which may not have fraud detection tools in place to catch automated clearing house transfers.

As the fraudsters are quickly learning, however, those regional banks which do have sound detections tools are making it very difficult for this continued "undetected" form of deviance.