The Federal Bureau of Investigation (FBI) warns that emails containing malware are being sent to businesses concerning their online job postings. The FBI reports that cyber criminals are engaging in ACH/wire transfer fraud and are targeting businesses by responding via email to employment opportunities posted online.
According to the FBI, more than $150,000 was stolen from a U.S. business via an unauthorized wire transfer as a result of an email the business received that contained malware. The malware was embedded in an email response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company.
The scammer changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud U.S. businesses.
Employers should stay up-to-date on their virus protection. Running a virus scan prior to opening any email attachments from a potential employee could provide more security.
The FBI recommends businesses use separate computer systems to conduct financial transactions.
Anyone who believes they have been a target of this type of attack should contact their financial institutions, the FBI, and report it to the Internet Crime Complaint Center website at www.IC3.gov.
For more tips from BBB on data security, see “Data Security – Made Simpler” at http://www.bbb.org/data-security/