IBM has found a rather sophisticated fraud scheme that uses a combination of phishing, malware and even phone calls to transfer money from gullible Internet Banking users, siphoning off about $1 million so far from large and medium-sized American companies companies.
IBM security researchers found the scheme the named “The Dyre Wolf,” is too small to detect by huge companies but highly sophisticated in its level of operation without causing any suspicion to the user who is giving away his information.
How it Works?
For the last one year, these cyber attackers have been sending a spam e-mail to some targeted employees in well-known companies with an attachment of malware called “Dyre” which gets installed in the computer but remains dormant for some time.
Afterwards, when it recognizes that the user is entering data to access his or her bank account, it keeps track and next time when the user tries to enter the banking account, it displays a fake instant screen saying the user’s bank is facing technical issues and offers a phone number to call.
When the caller makes the phone call, the English-speaking operator at the other end responds and seeks details of his bank account for the service required and before the call ends, it transfers all the money from the account to another.
Revealing the fraud, Caleb Barlow, vice president of IBM Security, says the difference here is the unsuspicious phone operator who speaks English.
“What’s very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques that I think are unprecedented,” Barlow said. “The focus on wire transfers of large sums of money really got our attention.”
Before the money transfer is tracked, it is quickly transferred to different accounts and passed on to several hands that eventually it is difficult to track. IBM said one gang even attacked the victim company with a denial of service attack, to make them blind not knowing where the money is going for quite some time.
IBM has asked companies to train its staff well in detecting phishing scams online.