The FBI has warned US banks to watch out for large wire transfers sent to accounts registered to companies located in Chinese port cities near the Russian border. They are investigating 20 cases where bank accounts of small and midsize US businesses were hijacked to initiate transfers to company bank accounts based in the Heilongjiang province.
Losses between March 2010 and April of this year have totaled about $11 million. Attempted transfers reached roughly $20 million, according to the alert. The unauthorized wire transfers range from $50,000 to $985,000, and in most cases, they tend to be above $900,000. The attackers have been most successful receiving funds when transfering under $500,000.
A targeted business will generally receive a phishing email, attempting to trick the recipient into clicking on a link, taking them to a malicious website, which installs malware designed to steal banking credentials. The malware agent, typically Zeus, SpyBot or Backdoor.bot, waits for the victim to login to their business bank account, captuing their credentials, then redirects them to a site that falsely informs them that their bank site is currently offline. The attackers log into the vitim’s account and initiate large wire transfers to accounts under their control, usually hosted in New York.
Money is moved from those NY accounts to Chinese bank accounts belonging to what appear to be legitimate businesses using the name of a Chinese port city and words such as “economic and trade,” “trade,” and “LTD.”