FBI: Watch out for spear phishers and money mules

Jake Widman
Thursday, 05 November 2009 04:14

Business IT - Security

The U.S. Federal Bureau of Investigation has warned small and midsize businesses and other organizations about a wave of cyber fraud involving targeted e-mails, malware, and work-from-home schemes.

According to the warning, the coordinated approach to fraud has seen "a significant increase" over the past several months. The victims have been small and midsize businesses, city governments, and school districts.

The way the scheme works is, the criminals learn enough about the organization or recipient to construct an e-mail that appears to come from a trusted source wihtin the organization -- a so-called "spear phishing" message.

That message either contains malware in an attachment or directs the recipient to an infected website. Either way, the target ends up with a key logger installed on his or her system that passes along the organization's bank account information.

The criminals then use that information to transfer funds electronically. This is where the so-called "money mules" come in.

Just last week the U.S. Federal Deposit Insurance Corporation (the agency that insures bank deposits) warned of an increase in the use of "work at home" recruits to launder such fraudulent money transfers.

These middlemen are told they're being hired to "process payments" or "transfer funds," or that they are being used to evaluate the performance of money transfer services. They get the wire transfers, take a commission, and send the rest of the money on to their employers, often with no idea they're aiding a crime.

 The FBI is urging the scheme's targets to "contact their financial institution to ensure they are employing all the appropriate security and fraud prevention services their institution offers." And the FDIC offers financial institutions a list of signs that money mules are operating with their accounts.