Banking Malware Continues to Cost Banks Millions

In the last two years online banking fraud has doubled and it’s obvious that cyber criminals are targeting banks and their customers. The most common way criminals attack customers’ computers without their knowledge is to install malware on their computer, often malware that can sense the user’s keystrokes and thereby transmit the bank account number and password.

Below are some of last year’s biggest online banking scams so you can get an idea of how broad the problem is.

Great Britain
Consumers and businesses in Great Britain lost more than $1 million dollars last summer from a Trojan that infected their computers, prompting them to log into their bank accounts and then transfer money to scammers in other countries. About 3,000 bank accounts at one financial institution were compromised.

The scheme uses a combination of a new version of the Zeus keylogger and password stealer Trojan, which targets Windows-based computers, runs on major browsers, and exploits toolkits to get around anti-fraud systems used at bank Web sites.

IT Company
A New Hampshire-based IT consultancy lost nearly $100,000 in February, 2010 after thieves broke into the company’s bank accounts with the help of 10 co-conspirators across the United States.

The company received a voicemail message from its bank that said to contact the bank to discuss an automated clearing house (ACH) payment batch that had been posted to their account. The next day, the IT firm’s owner returned the call and learned from the bank that someone had put through an unauthorized batch of ACH transfers totaling $96,419.30. The batch payment effectively added 10 new individuals to the company’s payroll, sending each slightly less than $10,000. None of the individuals had any prior business or association with the company.

Zeus
Using a Trojan horse virus known as Zeus, hackers in Eastern Europe infected computers around the world. The virus was carried in an e-mail, and when targeted individuals at businesses and municipalities opened the e-mail, the malicious software installed itself on the victimized computer, capturing passwords, account numbers, and other data used to log into online banking accounts. The hackers used this to take over the victims’ bank accounts and make unauthorized transfers of thousands of dollars at a time, often routing the funds to other accounts controlled by a network of “money mules.” The money mules created bank accounts using fake documents and phony names. Once the money was in their accounts, they would either wire it back to their bosses in Eastern Europe or turn it into cash and smuggle it out of the country, they were paid a commission.

Instead of targeting corporations and large banks that had state-of-the-art online security, the hackers went after the accounts of medium-sized companies, towns, and even churches. Before they were caught, they managed to steal $70 million.

In October, with law enforcement partners in the United States, the United Kingdom, Ukraine, and the Netherlands, the FBI announced the execution of numerous arrests and search warrants in multiple countries in one of the largest cybercrime cases ever investigated.



This is just a short selection of last year’s cases. A key issue in bank account fraud is that there are serious disagreements between banks and their customers as far as who is ultimately responsible in cases of online account fraud. Banks feel that since the malware has infected the customers’ computers, the customers are responsible, while both commercial and individual customers feel that banks need to work harder on their end to increase online security. There are cases where customers have sued their banks because they were not able to recover all the money that was stolen but there have also been cases where banks have sued customers to have a court rule that their online security is sufficient

Ultimately the goal is to stop online account fraud, and a great way to accomplish that is SafeCentral’s WebProtection™.


SafeCentral’s WebProtection™, a one-time install, light-weight application, prevents funds transfer fraud even if the user’s machine is infected with malware. WebProtection™ provides data loss prevention (DLP) that combines impenetrable endpoint protection with secure DNS to ensure that endpoint data cannot be stolen or re-directed. WebProtection™ uses SafeCentral’s patented TSX technology to intercept and interpret over 5,000 discrete Windows commands (from write to disk, to save in RAM and beyond) and to block all potentially dangerous activities except those processes needed for the transaction. Unlike other tools, WebProtection™ goes down deep into the DNA of the Windows operating system and is able to control all processes during a secured transaction.

Take charge and secure your online financial transactions.