FBI warns banks of new cyber threat
A new year brought a new Internet security threat with it, according to recent FBI warnings. The new threat is a phishing scheme dubbed “Gameover” that attempts to get people, often in financial institutions, to open fake emails purportedly from NACHA – the Electronic Payments Association. Once the emails are opened and a link in the message is activated, malicious software embedded in the website attached to the link infects the recipient’s computer and gives criminals access to the recipient’s bank accounts.
The FBI said Gameover is a virulent improvement on the more familiar Zeus malware that was created several years ago and targeted at banks. The Gameover phony emails tell the recipient, often a banking executive identified through social networking channels such as LinkedIn, that NACHA has found a problem with a bank account or an automated clearing house (ACH) transaction. The message contains a link that supposedly leads to a solution for the problem; the link instead leads to a bogus website where the Gameover malware is downloaded and begins accessing banking information from the computer it has infected.
It may seem natural to some banking officials to open electronic mail purportedly from NACHA because the association is in charge of developing, administering and governing the important ACH network.
When thieves gain entry to a financial institution, they typically launch a distributed denial of service (DDoS) attack though which a legion of computers suddenly flood the bank’s server with traffic that prevents legitimate users from accessing the site. Under the cloak of the DDoS attack, the criminals begin transferring money from accounts.
The FBI believes the DDoS draws attention from the money transfers and makes it impossible to reverse the transactions. Worse, the agency believes the malware has the ability to defeat several kinds of dual-factor authentication.
The FBI said in some instances the thieves are transferring the funds to jewelry stores to pay for gems, which their agents pick up and deliver back to them for conversion to cash. Often the agents who pick up the jewels, called “money mules” by law enforcement, are not aware of the criminal activity they are participating in, the FBI said. They are frequently people who work out of their homes who applied for a seemingly legitimate job through the Internet.
Other victims include the merchant jewelers who, when schemes are discovered and the transactions with the jewelers are reversed or canceled, are forced to absorb the loss of the jewels, the FBI noted.
In a statement issued late in 2011, NACHA said it is requesting “financial institutions, billers/merchants, and payment providers ensure that their front-line staff – those who interact with customers – understand the sustained and evolving nature of these attacks.”
NACHA said the phony emails often claim to be from actual NACHA employees or departments and often include a counterfeit NACHA logo along with NACHA’s mailing address and phone number. “NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions,” the association stated. “NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.”
NACHA stated it is not the only organization criminals are using as a phony front for their thefts. The association said similar phishing attacks are occurring using bogus emails supposedly sent by the Federal Reserve Bank, the Internal Revenue Service, other federal agencies, commercial financial institutions, payment organizations, technology companies and other businesses.
NACHA urged people who suspect they have received an improper email purporting to be from NACHA to forward the message to firstname.lastname@example.org to help in the capture and prosecution of the thieves.
The FBI advises those who think they have been victimized by the Gameover scheme to file a complaint with the FBI’s Internet Crime Complaint Center.