The latest company to fall victim to a plundering of their account by the hands of cyber criminals is Cynxsure, an IT consultancy firm based in New Hampshire.
The criminals broke into their account at Swift Financial and put through an automated clearing house payment batch that sent out nearly $100,000 to ten different persons across the US.
Obviously, the transfers did seem suspicious, since Cynxsure received a message from Swift asking the firm to contact them in order to discuss them.
When Keith Wolters, the owner of Cynxsure, called them back the next they, they informed him of the transfers and he confirmed they were unauthorized. Swift replied that they will try to reverse the transfers, offering a temporary credit until the issue is resolved. Unable to withdraw that money, he called the bank the next day, and the bank notified him that they didn’t manage to reverse the transfers. A short time later, they withdrew the offered credit.
Cynxsure decided to sue Swift Financial. The bank refused to comment on the situation.
According to Brian Krebs, Wolters is hoping that a Swift employee might be responsible for organizing the theft, and in the meantime has checked and re-checked his computer for malicious software such as the ZeuS Trojan.
For their online banking services, Swift adopted a method that requires anyone accessing an account to provide answers to some “secret questions”. Wolters has been informed by the bank that the person who accessed the account did so from an unfamiliar IP address in New Hampshire, but provided the right answers to the secret questions.
Wolters thought that since he was using a fingerprint scanner to access the account he would be safe from password-stealing Trojans. Unfortunately for him, the ZeuS Trojan can intercept the information entered in forms and send them to cyber criminals.
While nothing is yet sure about the method with which this attack was executed, it does resemble to some recent online thefts targeting companies.
What is interesting in this case is that one of the ten people to whose account the money was transferred has been located, and it has been discovered that he was an unwitting “money mule”, instructed to collect the money and transfer it to three accounts in Ukraine.