In a first of its kind report, Federal Bureau of Investigation, U.S. (FBI) has quantified the economic impact of Chinese hackers on U.S. businesses. According to a fraud alert from FBI, U.S. businesses have been taken for at least $11 million over the last year thanks to unauthorized wire transfers to China. Cybercriminals have been compromising the businesses’ banking credentials in order to send money overseas.
At least 20 incidents occurred between March of 2010 and April of 2011 that resulted in the credentials of small-to-medium-sized businesses being compromised. According to the FBI, the typical scenario involves scammers sending phishing e-mails to the business in question, at which time someone enters the business’ banking credentials into a malicious website. The scammers then use the credentials to log into the business’real banking website in order to wire money to “Chinese economic and trade companies.”
In just a year, this resulted in $11 million in losses, with transfer amounts ranging from $50,000 to $985,000 at a time. The total attempted amounts were closer to $20 million, though—the FBI says that many attempted transfers were over $900,000, but the scammers are usually more successful trying smaller amounts. On top of the electronic wire transfers, some of the scammers also sent domestic money mules to the U.S. in order to make further fraudulent transactions.
“The economic and trade companies appear to be registered as legitimate businesses and typically hold bank accounts with the Agricultural Bank of China, the Industrial and Commercial Bank of China, and the Bank of China,” the FBI warned. “At this time, it is unknown who is behind these unauthorized transfers, if the Chinese accounts were the final transfer destination or if the funds were transferred elsewhere, or why the legitimate companies received the unauthorized funds. Money transfers to companies that contain these described characteristics should be closely scrutinized.”
The FBI says that some—but not all—cases seem to involve attacks through malware such as ZeuS, Backdoor.bot, and Spybot.