The FBI is investigating more than 400 cases of corporate
account takeovers caused by unauthorized ACH and wire transfers resulting in
losses of approximately $85 million.
In testimony last week before the House Subcommittee on
Financial Institutions and Consumer Credit, FBI Cyber Division Assistant
Director Gordon M. Snow said criminals target the companies and specific
employees who are authorized to initiate fund transfers with phishing e-mails
that contain either infected files or a link to an infected website.
“Recently, two trucking companies were victimized by
fraudulent electronic account transfers, and lost approximately $115,000,” or
roughly.1 percent of their gross revenue, Snow said.
Snow also warned committee members of such additional cyber
fraud activity as:
- Third-party payment processor breaches
- Mobile banking exploitation, and
- Supply chain infiltration.
In the latter, Snow testified, “the production, packaging,
and distribution of counterfeit software or hardware used by financial
institutions or critical financial networks by cyber criminals could result in
the compromise of proprietary data, system disruption, or complete system
failure. Financial firms have become regular targets of supply chain attacks.”
William B. Nelson, the president and and CEO of the
Financial Services Information Sharing & Analysis Center (FS-ISAC) who also
testified before the subcommittee, did report some progress in the fight
against corporate takeovers. A FS-ISAC survey of 77 financial institutions found
that 36 percent of reported account takeovers in the first half of 2010 had
monetary transactions created but were stopped before funds left the FI,
compared to 20 percent in 2009. In addition, 27 percent of reported account
takeovers in the first half of 2010 had monetary transactions created and funds
sent out of the FI, compared to 63 percent in 2009.
Read more witness testimony from the “Cybersecurity: Threats
to the Financial Sector” hearing here.
Read the 2011 AFP Payments Fraud and Control Survey here.