Larry Walsh at Secure Channel reported last week on a 400% increase in ID stealing malware in 2008, according to McAfee Avert Labs. Why the increase? Malware is easy to write, fraudulent web sites and bank accounts are easy to set up, and email and Internet sites are not authenticated using DNSSEC. It is therefore inevitable that crime involving malware is becoming ever more institutionalized. This is an industry with potentially huge profits and even governments are getting into the game.
What is happening today is a movement from high-publicity web attacks to numerous low-profile scams designed to steal cash from business, public and private schools, not for profit groups, and individuals.
How do they do it? CNN Money.com elaborates in Cybercrime: A Secret Underground Economy.
Brian Krebs at the Washington Post had a great article on this last Thursday, see "Money Mule" Recruitment Network Exposed. This "Mule" was involved in stealing $117,000 from the Sanford school district in Colorado:
The Sanford mule -- who spoke on the condition of anonymity out of fear of reprisals by the hacked company and perhaps by the hackers themselves -- said the Scope Group approached her via e-mail, saying it had found her resume on Careerbuilder.com, and would she be interested in a work-at-home job acting as a "financial manager"? Having worked as a payroll manager in a previous job, the mule said she thought it was a perfect fit. Besides, she said, she'd been out of work since March.
The mule said that after responding to the initial recruitment e-mail, she was directed to create a profile at the Web site www.scope-group.cn. She was then asked to provide a large amount of personal and financial data, including her name, address, Social Security number, bank account and routing numbers, as well as a scanned copy of her drivers license. During the enrollment, she was prompted several times to make sure that her bank would allow her to withdraw up to at least $10,000 a day.
When she initially received a $9,815 transfer from Sanford School District's account, her managers sent her a notice through the scope-group.cn site that the funds had been deposited into her bank account (see screen in the article). According to the task notice sent to her through her Scope Group account, the money was transferred with the notation "Conejos School District 6J," one of the schools in the Sanford School District (for more on that attack, see Cyber Crooks Target Public and Private Schools).
Work at home offers are all over the place today and many people less honest than this woman would be willing to go along with such scams. It's a pretty simple operation once account access is obtained. With so many people in dire financial straights around the world we will be seeing more thefts of this nature.
Comments