If you are using an automated clearing house (ACH) system to manage your funds, then you had better be extra careful.
The Federal Bureau of Investigation (FBI) has warned ACH users – particularly small businesses – to be on the lookout for ACH system fraud, which has already scammed as much as $100 million from unsuspecting victims.
The FBI is working with the National Cyber Forensics and Training Alliance (NCFTA) to determine a solution for the problem and to catch the criminals behind these multi-million dollar scams.
All it takes is a seemingly harmless email to an organization’s bookkeeper or accountant to give hackers access to all their accounts. In a technique called “phishing”, these criminals send electronic correspondence laced with attachments disguised as documents or genuine applications (like an update for Windows, for example), or links to supposedly legitimate websites. Once a recipient clicks on these links or installs the software, the hacker installs a keylogging program in their system, giving them access to passwords and other sensitive account information.
The siphoning off of funds happens fairly quickly. Some hackers set up ACH transfers to unaware third party groups that typically do payroll processing tasks for international companies, which in turn transfer the money overseas. Others create fake names on a payroll system which automatically siphons off money into preset accounts enrolled in a similar system.
According to the FBI, the usual victims are small businesses because of their tendency to work with smaller, less secure banks. It’s the FBI’s conclusion, indicated in a report by their Internet Crime Complaint Center (IC3), that smaller banks lack the proper security measures, which gives hackers the capacity to abuse the ACH system.
“In several cases banks did not have proper firewalls installed, nor anti-virus software on their servers or their desktop computers. The lack of defense-in-depth at the smaller institution/service provider level has created a threat to the ACH system,” the IC3 report reads.
More details about this story can be found here.