By Brian Krebs
Washington Post Staff Writer
Tuesday, August 25, 2009
Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation’s largest financial institutions.
. . . . . . .
In many cases, the advisory warned, the scammers infiltrate companies in a similar fashion: They send a targeted e-mail to the company’s controller or treasurer, a message that contains either a virus-laden attachment or a link that — when opened — surreptitiously installs malicious software designed to steal passwords. Armed with those credentials, the crooks then initiate a series of wire transfers, usually in increments of less than $10,000 to avoid banks’ anti-money-laundering reporting requirements.
Phi Beta Iota: PNC bank is uinsg tokens generating random numbers that must be entered as part of the log-in, this appears to defeat this particular kind of attack. The larger lesson is to not have financial transfer capability on any computer linked to the Internet or receiving email–isolate the money box.