While advisors are mostly—and rightly—concerned primarily with protecting their clients’ funds (and by extension, their own capital) from possible wire transfer fraud, last year the FBI, the Financial Services Information Sharing and Analysis Center (FS-ISAC), and the Internet Crime Complaint Center (or IC3) jointly warned that some banks and credit unions have become victims of another type of fraud: cyber criminals who target financial institution employees.
According to a Sept. 12, 2012 alert, the groups warned of a new trend among fraudsters—called “cyber-criminal actors” in the report—who are using spam and phishing emails, keystroke loggers, and Remote Access Trojans (or RATs) to compromise financial institution networks and obtain employee login credentials. Those credentials were then used to initiate unauthorized wire transfers overseas. The fraudulent wire transfers, the alert reported, varied in amounts from $400,000 to $900,000, and mostly involved small- to medium-sized banks or credit unions, though a few large banks were also affected.
The fraudsters used keyloggers, software that covertly records and stores each keystroke made by a user; and RATs, software that allows a remote user to control a computer, often installed on the targeted computer by a “Trojan horse,” another piece of software that appears to be performing a desired task but actually leaves behind a “payload” or “back door” that can damage a computer or ease an outsider’s illegal way into the computer.
That malware installed on the bank employees’ computers provided the fraudsters, the report said, with complete access to internal networks and logins to third-party systems, in some instances using malware software that goes by the name of ZeuS to steal the employee’s credentials.
According to the report, in some instances, the actors stole multiple employee credentials or administrative credentials to third party services and were able to circumvent authentication methods used by the financial institutions to deter fraudulent activity. This allowed the intruders to handle all aspects of a wire transaction, including approval of the transfer.