back to article Scumbags get sneaky with new self-robbery trojan

Malware-peddling scumbags have developed a particularly sneaky banking Trojan that attempts to trick victims into transferring funds into bank accounts controlled by cybercrooks or their partners. The Trojan generates a fake message at the point victims log into their bank account warning them of a mistaken credit to their …

COMMENTS

This topic is closed for new posts.
  1. SteveDaniels

    Follow the money trail..?

    Isn't it possible to just follow the trail and see where all the money is transferred to?

    How do folk like this get away with stealing the money and not being tracked as they turn it into cold hard cash?

    1. Anonymous Coward
      Anonymous Coward

      Drops and Cashers

      They transfer the funds to some idiot who thinks he is working for their fake company, they say they have accidently overpayed them and they need to transfer some of the money via Western Union or Moneygram or another anonymous service.

      They also sometimes just set up fake accounts with stolen identities.

    2. Allan George Dyer
      Paris Hilton

      Don't you see the spam...

      inviting you to make money by accepting payments and passing them on for various more-or-less believable reasons? The mules get caught, but the gang has already walked away from a Western Union halfway round the world with 90% of the money in cash.

    3. Anonymous Coward
      Anonymous Coward

      Krebs is your man for this sort of thing

      http://krebsonsecurity.com/2011/07/azeri-banks-corner-fake-av-pharma-market/

  2. Tegne
    Devil

    More hardware security needed.

    I can't transfer any money to accounts I haven't already authorised without generating a one-time code based on a combination of the destination account number and amount to be transferred. The device I have to use is a little cumbersome but I'd rather use that than to inadvertantly transfer my salary to some scumbag. Until more banks insist on this approach the fraudsters will prevail.

    1. Onid

      Does nothing in this scenario

      You could have 100 factor authentication and it still won't do anything for this type of fraud. You expect you have to use your authentication to validate the transfer so you would just use it anyway. No authentication system is going to prevent a fool from sending money in such a request. It's not automated It's asking the user to authorise it.

      1. This post has been deleted by its author

  3. Alan 6

    This is just bollocks

    If a bank transfers money into your account by accident they simply pull it back, along with any interest you may have earned in the meantime.

    They did this to a former colleague, he checked his balance in an ATM and he had way more than expected. He went inside the bank to report this and by the time he'd found a manager the money had gone anyway.

    Some people are just so stupid they're just thief magnets and would be robbed blind at some point anyway.

    1. Chemist

      Certainly..

      years ago I had £50000 transfered into my account ( this is when £50000 would have bought a nice 4-bed detached house in good area), unfortunately a few days later it left just as quickly.

    2. madferret

      Read the previous post

      The gullible account holder is giving permission for the money to be transferred. If it is to a valid account the back can't take it back. They can't even talk to the bank they have sent it to because of data protection laws. You would have to contact them and ask them to contact the account holder, etc.

      1. Charles 9

        Other way around.

        The point is that the bank NEVER needs a form like this to backtrack a bad transaction. They ALREADY have legal authority to backtrack the account THEMSELVES (via wire fraud laws), with no intervention from you, provided they can provide the legal basis for the backtrack. The mere existence of an authorization to backtrack form should be considered a red flag.

      2. Anonymous Coward
        FAIL

        Before posting..

        ....read up a little on the data protection act.

        Given your scenario, your insuarance company would not be able to contact the 3rd party for a claim, local doctors couldn't make appointments at hospitals, solicitors couldn't help buy your house and car dealers couldn't request loans on your behalf.

        If you give consent , a third party can act on your behalf, it is really that simple.

  4. Martin Maloney
    Trollface

    This is just a guess

    For most of the victims, the browser of choice is Internet Explorer.

    http://www.theregister.co.uk/2011/07/29/aptiquant_iq_survey/

  5. david 63

    Am I the only one who thinks....

    ...wooohooo more cash than I thought...spend it!!

  6. Anonymous Coward
    Holmes

    How does it work?

    I can't do anything with my Canadian bank account!

    I don't see a button to Wire funds. I believe you need to go in person to the branch to wire funds.

    Interac Email transfer has a limit of $1,000 and you would still need another Canadian bank account.

    I can make payments for bills (re: "Pay Bills" for Internet and Electricity etc.), but they would need to set up an account with another Canadian Financial institution in order to accept payments for bills (and it would need to be a Business account); and I am sure there are verifications steps required for that.

    In fact the above 2 methods are the only way I know of that money can go away online from your bank account.

    How do they expect to money out of a Canadian Bank account, and I am sure the above are the same for banks in other countries also?

This topic is closed for new posts.

Other stories you might like