IBM Uncovers New, Sophisticated Bank Transfer Cyber Scam
IBM has uncovered a
sophisticated fraud scheme
run by a well-funded Eastern European gang of cyber criminals that uses a
combination of phishing, malware and phone calls that the technology company
says has netted more than $1 million from large and medium-sized U.S. companies.
The scheme, which IBM security researchers have dubbed "The Dyre Wolf," is
small in comparison with more recent widespread online fraud schemes, but
represents a new level of sophistication. According to IBM, since last year
the attackers have been targeting people working in companies by sending
spam email with unsafe attachments to get a variant of the malware known
as Dyre into as many computers as possible. If installed, the malware waits
until it recognizes that the user is navigating to a bank website and
instantly creates a fake screen telling the user that the bank's site is
having problems and to call a certain number.
If users call that number, they get through to an English-speaking operator
who already knows what bank the users think they are contacting. The operator
then elicits the users' banking details and immediately starts a large wire
transfer to take money out of the relevant account.
What It Means to PIA Agencies:
For PIA agencies, along with their business
and municipal customers, it is important to remember that just as with "regular"
crime, not every cyber theft/enterprise is targeting major corporations using
elaborate methods of infiltration of highly sophisticated computer systems.
Many, as this one, target the mid-to-small size firms. Further, they take
the "easier" way into a business' system through an individual's "system"
(it can be a smartphone) that the employee connects to their business' system
in some way.
As PIA advises regularly, it may prove helpful if PIA agencies track
to develop a "picture" of what "normal" daily activity on their systems AND
through transactions looks like. This may allow an agency to spot unusual
patterns earlier, allowing you to take action quicker. This includes monitoring
ALL financial and banking transactions and instruments.
Intrusion can enter your system from employees' or your smartphone. Be sure
that system security measures include all mobile devices and remote accesses
and their users.
Be sure you contact your bank and investment firms to find out what are the
methods, time frames and to whom do you report a detected fraud in your agency's
commercial accounts. Ask what information the bank requires and what their
obligations to you are. This includes asking them what they consider "online
banking," and be sure that you have a physical copy of what your agency's and
the bank's obligations are for both fraud detection and/or any system issues
that arise as a result of using the online systems. Last, get it in writing!
Additional information on cyber security is available on the
www.BusinessIDTheft.org website, provided as a free
public resource by the Identity Theft Protection Association and the National
Association of Secretaries of State (NASS).
To find out more about the Cyber Liability Products available to you and your
agency through PIA, please contact Natalie Cooper at www.piaoflouisiana.com.
To get an easy quote, click
Hurricane Advisories Will Now Include Storm
As the people of New Orleans, New Jersey and New York know all too well, much
of the death and damage caused by hurricanes isn't from the wind. It's from
the storm surge.
When the 2015 Atlantic hurricane season starts June 1, people living along
the coast of the U.S. mainland are going to get a new set of
the National Hurricane Center in Miami. In addition to tropical storm and
hurricane warning and watches, the center will post storm surge alerts for
any location where water might rise at least 3 feet (91 centimeters) above
normal, said Jamie Rhome, team leader of the center's Storm Surge Unit.
"Roughly 50 percent of the lives lost" to tropical weather "are because of
storm surge," Rhome said in an interview at the National Hurricane Conference
in Austin, Texas. More than 1,500 people died when Hurricane Katrina hit
Louisiana in 2005, and many of those deaths were attributed to surge up to
19 feet high in the New Orleans area, according to the center. In Sandy,
surge overtopped Manhattan's Battery and sent seawater into subways, cellars
and tunnels, blacking out parts of the island. Surge destroyed homes and
businesses from Queens to the New Jersey coast as the destructive storm