FBI issues spear phishing warning

gallery

The FBI has warned about a ‘significant’ increase in fraud involving spear phishing attacks – where emails are crafted to fool specific employees.

The agency has noticed that more valid online banking credentials belonging to small and medium sized businesses (SMBs) as well as the public sector are being exploited in this way.

Last month, IT PRO revealed that thousands of business employees using Microsoft Outlook Web Access were targeted by convincing phishing attacks.

Just a week earlier, a security researcher warned that people were just as likely to fall for phishing attacks on work PCs as they would on their home PCs.

In a typical attack, an employee opens an attachment or visits a website where they download malware.

This will potentially carry a keylogger, which can take the user’s business or corporate bank account login information.

Afterwards, the criminal will create an account with the stolen login information and transfer funds by pretending they are the legitimate user.

"Further reporting has shown that the transfers are directed to the bank accounts of willing or unwitting individuals within the United States. Most of these individuals have been recruited via work-at-home advertisements, or have been contacted after placing resumes on well-known job search websites. These persons are often hired to “process payments,” or “transfer funds.” They are told they will receive wire transfers into their bank accounts. Shortly after funds are received, they are directed to immediately forward most of the money overseas via wire transfer services such as Western Union and Moneygram" states the FBI notice.

"Customers who use online banking services are advised to contact their financial institution to ensure they are employing all the appropriate security and fraud prevention services their institution offers."

Email to a friend

Print this page