Advertising for a Job? Watch Out for a Scam
Just when you think cyber-thieves have thought of every way to hack into accounts, along comes a new scam. This one is the help-wanted fraud. The United States Federal Bureau of Investigation has issued a warning Wednesday warning about this new attack, calling it the Automated Clearing House Fraud.
It goes like this: Your company puts out an ad for a position and someone "answers" it, but also installs malicious software on a small business' computer and uses it to log into the company's online bank account. They then set up fraudulent fund transfers, adding fake employees or payees, and finally move the money to offshore havens. Recently, more than $150,000 was stolen from a U.S. business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment Web site and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company, according to the U.S. government.
Scammers can siphon away hundreds of thousands of dollars in a matter of hours using this technique, usually targeting small businesses that use regional banks or credit unions.
The F.B,I recommends that potential employers remain vigilant in opening the e-mails of perspective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.
Although the F.B.I. warning came just recently, this scam has been around for at least six months. The Trojan involved is a typo-filled Word document that reads: "Hello! I have figured out that you have an available job. I am quiet intrested in it. So I send you my resume. Looking forward to your reply. Thank you."
In the case reported by the F.B.I., this Trojan ended up siphoning money off to the Ukraine and to two other U.S. accounts.
Anyone who believes they have been a target this type of attack should immediately contact their financial institutions and local FBI office, and promptly report it to the Internet Crime Complaint Center's (IC3) Web site. The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The IC3 also uses complaint information to identify emerging trends and patterns.