FBI warns of fraudulent bank transfers to China
According to a report by the FBI, during the last year, several small to medium sized US companies have been victims of unauthorised wire transfers of funds that ended up in the accounts of "Chinese economic and trade companies located near the Russian border." The FBI detected 20 incidents in which a total of $11 million was fraudulently obtained.
The report explains that typically, the attacks were performed by targeting company employees with bank transfer authorisation and grabbing the banking details either through a phishing email or by luring them to a malicious web site. It continues: "When the authorized user attempts to log in to the user’s bank Web site, the user is typically redirected to another Web page stating the bank Web site is under maintenance or is unable to access the accounts. While the user is experiencing logon issues, malicious actors initiate the unauthorized transfers to commercial accounts held at intermediary banks typically located in New York. Account funds are then transferred to the Chinese economic and trade company bank account."
It appears that the recipient companies are legitimate business registered in China, but the report states that it is not clear who is behind these fraudulent transfers. The attempted transfers ranged up to $985,000, but the successful ones were generally smaller, typically between $50,000 and $500,000.
The malware used has not been identified in all cases, athough Zeus, Backdoor.bot and Spybot have been identified in some. The report recommends that banks pay particular attention to wire transfers to the cities of Raohe, Fuyuan, Jixi City, Xunke, Tongjiang and Dongning, all in China, particularly if their relevant customer has had no previous transaction history with that part of China, the Heilongjiang province.