Automated Transfer Systems

Cybercriminals Find New Method to Steal Millions from Bank Accounts (continued)

With new security measures in place that limit bank transfers and automatically send transaction notices to account holders, it's not so easy for hackers to empty victims' accounts. To stay under the radar, cyber thieves transfer smaller amounts of money each time victims log into their accounts. They focus on volume by targetting hundreds of victims to gain millions in stolen funds.

According to Tom Kellerman, vice president of cyber security for Trend Micro, in a recent interview for Time Moneyland magazine, "Ambitious criminals are embracing cybercrime, and thieves and the software they use are getting smarter, harder to combat, and easier to access online. Now anyone can download a cyber Kalashnikov, a cyber getaway car, and a cyber grenade from a myriad of sites."

The ATS is the newest grenade in the cybercriminal's arsenal.

An ATS uses malware plugins called 'webinjects' that can make it appear that everything is OK with your account. It can even use a 'balance replacer' feature that sends false information to the compromised account—so most users who are hacked won't know their account is compromised until long after their money has disappeared.

Operation High Roller, a cyber attack that targeted both individuals and businesses, stole about $78 million from bank accounts across Europe, Latin America, and the U.S. Once thieves get all that money into their account, there are a couple of ways they get their hands on it:

First, they can hire a money mule—someone who may or may not know the account is being illegally used. The money mule receives a small amount of money for assisting the thieves.

Second, criminals use alternative payment services, which are viewed by some as less legitimate versions of PayPal. According to Tom Kellerman, there are about 200 of these services online and they fall into two categories: services that don't require any personal information, and services that require little information and can be easily falsified. Cybercriminals can transfer funds to these services, and debit cards can often be linked to the accounts, giving them access to millions of dollars in stolen funds.

What can small businesses do to protect themselves?
"Until the financial services industry provides more security, this kind of attack cannot be thwarted," says Kellerman. On the other hand, small businesses can take some actions to stay protected, including changing passwords frequently, staying away from risky web sites, and conducting a mini audit of each month's bank statement.

Want to learn more?

Read our Automated Online Banking Fraud white paper
See our Automated Online Banking Fraud infographic

Where to Buy Trend Micro Products

For Home

For Small Business

For Enterprise

Not in the Australia? Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

See all Home Products Internet Security Products for 1-10 Computers

PC & Mac Protection

Online Store

Mobile Devices

More Products

Why Trend Micro?

Small BusinessSmaller companies with limited IT resources

See all Small Business Products

Large EnterpriseLarger companies with complex requirements

See all Enterprise Products

Business Challenges

Try our Consulting and Support Services

More Info on Business

Current Threat Activity

Research and Analysis

Awareness and Prevention

More Info on Security Intelligence

Our Focus

Our Technology

Our Story

More Info on Why Trend Micro

Home & Home Office

Go To:

Popular Products

Business

Go to:

Popular Products

Automated Transfer Systems