Date
17 December 2017
Hackers typically break into e-mail servers to rewrite software, allowing them to redirect money transfers, according to cyber security experts. Photo: Internet
Hackers typically break into e-mail servers to rewrite software, allowing them to redirect money transfers, according to cyber security experts. Photo: Internet

Hackers hijacking business e-mails to divert cash transfers

Corporate e-mails are being targeted by hackers who trick small businesses into wiring them large sums of money.

Companies around the world lost more than US$1 billion from October 2013 to June 2015 as a result of such schemes known as “corporate account takeover” or “business e-mail fraud”, according to te FBI.

The Wall Street Journal is reporting that their targets are businesses such as Mega Metals Inc., a 30-year-old scrap processor.

In April, the company wired US$100,000 to a German vendor to pay for a container load of titanium shavings.

Mega Metals typically buys three to four loads of titanium a week from suppliers in Europe and Asia, for anywhere from US$50,000 to US$5 million or more per transaction.

Mega Metals crushes and washes the titanium scrap before selling it to mills that remelt the scrap into new products.

But after the recent transaction, the vendor complained that it hadn’t received payment.

A third party had infected the email account used by a broker working for Mega Metals, the company said.

“We got tricked,” said David Megdal, vice president of the family-owned business in Phoenix, which has 30 employees.

George Kurtz, chief executive of CrowdStrike Inc., an Irvine, Calif., cybersecurity firm that investigated the loss, said it appears that malicious software implanted on the broker’s computer allowed the crooks to collect passwords that provided access to the broker’s email system, and then to falsify wire-transfer instructions for a legitimate purchase.

In a recent advisory, the FBI said its Dallas office had identified six Nigerians, possibly working as a group, who had targeted roughly 25 Dallas companies, “with an attempted loss of over US$100 million”.

The e-mails appeared to be from high-level executives in the company being targeted, the FBI said in the advisory.

But in fact, the emails were sent from a domain that was similar, not identical, to the target’s actual domain name.

In other instances, cybercrooks have used malware to insert themselves into a company’s email system.

After monitoring email traffic, they tinker with a legitimate message, altering wire transfer or Automated Clearing House orders so that the payment is diverted to a bank account they control.

– Contact us at [email protected]

RA

EJI Weekly Newsletter

Please click here to unsubscribe