Over the last year, there have been a number of incidents in which cyber criminals accessed the online banking credentials of small to midsize U.S. companies to initiate unauthorized wire transfers, the Federal Bureau of Investigation warned last week. The funds were then transferred to Chinese economic and trade companies located in the Heilongjiang province, which is near the Russia-China border, the FBI says.
“Banks should notify their business customers of any suspicious wire activity going to the following Chinese cities: Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning,” the FBI says.
In the warning, the FBI says it has seen 20 such attempts with a total value of $20 million since March 2010; the actual losses to the companies involved totaled $11 million.
Cyber criminals are obtaining the companies’ banking credentials by sending phishing e-mails to a company employee with the power to initiate wire transfers or by luring such an employee to a malicious Website, the FBI says.
The full fraud alert is here.
For an update on possible changes to authentication standards for online banking transactions, see Layering on Security.