March 2, 2010

Banks Asked to Be Alert for 'Money Mule' Attacks
AmBA is asking all banks to be on the alert for "money-mule" attacks -- funds-transfer fraud that most recently has involved exploiting the valid online banking credentials of small- and medium-sized businesses. In a typical scenario, the targeted entity receives a "spear phishing" e-mail which either contains an infected attachment, or directs the recipient to an infected Web site.

When recipients open the attachment or visit the Web site, malware is installed on their computer that harvests their business or corporate bank account log-in information. The middlemen in this scheme are called "money mules" because they serve as a conduit between the business bank account and the hacker's bank account. In most cases, the funds disappear into a foreign bank account too quickly for the cyber-theft trail to be detected.

The Financial Services Information Sharing and Analysis Center advises banks to be alert for large-value payments to previously unknown payees; international payments just under monetary reporting thresholds; new, previously unfunded accounts with high-value, high-volume transactions; previously unfunded accounts with large-value incoming funds that are cashed out as soon as funds are cleared; and domestic online bank-account transactions in which the account is accessed from overseas and transactions involve large-value funds.

Read more: http://www.aba.com/aba/documents/news/MoneyMule21510.pdf .  For more information, contact AmBA's Don Rhodes at drhodes@aba.com.