An Eastern European cyber crime ring of unprecedented sophistication has stolen more than $1 million from several large and medium-sized U.S. companies, IBM Security researchers said Thursday.
Once victims click on a fraudulent link or attachment, the malware is installed and waits for users to access a bank website. Instead of going to the bank’s website, a fake screen says the bank website is down, so victims have to call a phone number. Once dialed, victims turn over bank information and a large money wire transfer is initiated by the criminals.
“What’s very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques that I think are unprecedented,” said Caleb Barlow, VP of IBM Security, in a statement to Reuters. “The focus on wire transfers of large sums of money really got our attention.”
The fact that criminals set up a live line for victims to call is rather surprising, as they don’t typically choose direct voice interaction.
Agencies/Canadajournal