Fraudulent Automated Clearing House (ACH) Transfers Connected to Malware and Work-at-Home Scams

Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts. In a typical scenario, the targeted entity receives a "spear phishing” e-mail which either contains an infected attachment, or directs the recipient to an infected website. Once the recipient opens the attachment or visits the website, malware is installed on their computer. The malware contains a key logger which will harvest each recipient's business or corporate bank account login information. Shortly thereafter, the perpetrator either creates another user account with the stolen login information or directly initiates funds transfers by masquerading as the legitimate user. These transfers have occurred as both traditional wire transfers and as ACH transfers. Posted in: Internal Fraud