Frontlines of Fraud

Recently, the FBI, FS-ISAC, and IC3 alerted the industry to a new fraud scheme involving corporate account takeover and unauthorized wire transfers sent from the accounts of small and medium-sized businesses to China. There were twenty incidents investigated by the FBI with $20M at risk and $11M in losses. I’m guessing there were many more incidents that never made their way to the FBI and the situation is actually much worse. In fact, some of our customers detected fraud attempts associated with this same alert and were able to stop fraudulent transactions from occurring.

What’s really striking to me is not the total loss, but the boldness of each individual attack. Wires investigated by the FBI ranged from $50,000 to  $985,000.  Data from unsuccessful attempts against our FraudMAP users put the largest single wire attempt at $1.9M.  You can read more about the attempts that we recorded in our recent Fraud Informer.

With no risk of retribution, criminals are getting bigger and bolder and experts are warning these schemes will continue.  Avivah Litan was quoted in a BankInfoSecurity.com article saying, “You can be sure the attacks won’t abate until banks fight back.”  I couldn’t agree more.

The risk of not taking action is too great for financial institutions. The cost of this type of attack and its impact on profitability, operational resources, customer loyalty and reputation is much higher than any fraud prevention solution. We are thrilled our customers proactively invested in protecting their account holders and that no money was lost to these attacks. Not every business and every bank was as fortunate.

We hope the attention given to this scheme will create a call to action for institutions to fight back. It costs less money, time and effort than most think to prevent these attacks. Millions of stolen credentials are already available to criminals and with the recent Sony PS3 and Epsilon breaches, there is more personal information than ever at large to help criminals compromise accounts. I hope it doesn’t have to get too much worse before it gets better.

Last week the Department of Justice announced it had taken the most comprehensive and complete action in its history to bring down an international botnet. Active for over 10 years, the botnet was a network of over 2 million computers infected with a malicious software program known as Coreflood.  Coreflood is a key logging program that steals usernames, passwords and other  personal and financial information for a variety of criminal purposes, including stealing funds from the compromised banking accounts.

The court papers for the civil suit against the criminals identified a set of sizable corporate account takeover and fraud incidents directly related to Coreflood:

• $115,771 fraudulent wire transfers from a real estate company in Michigan
• $78,421 fraudulent wire transfers from a law firm in South Carolina
• $151,201 fraudulent wire transfers from an investment company in North Carolina
• $241,866 in fraudulent wire transfers from defense contractor in Tennessee

The 2011 Business Banking Trust Study highlights that attacks like these put banks and their customers in a lose-lose situation, and permanently damages the relationship between a business and their bank.   But what’s really concerning is that with 2 million computers infected, who knows what additional damage is waiting for financial institutions and their account holders.

It’s too late for the consumers and businesses whose credentials have already been stolen to use anti-virus or secure browsing techniques to protect themselves.  These retail and commercial account holders will have to rely on their own diligence and the proactive fraud prevention efforts of their financial institution to keep their money safe.

This serves as reminder for banks and credit unions of all sizes to assume the endpoint is compromised and build fraud prevention strategies accordingly.  And while they can hope for the best (that those stolen credentials will never be used),  institutions should really prepare for the worst.

Welcome to “The the Frontlines of Fraud”, Guardian Analytics’ new blog.  We want to give our financial institution customers, prospects, followers, industry analysts, bloggers, pundits and solution providers an immediate platform to discuss what’s happening right now in the ever-evolving world of payments and the escalating war on cybercrime.

We have amassed a significant body of research data over the years, which we’ve published in the form of Fraud Informer, independent research and white papers. This blog serves a different purpose.  We hope it will be more immediate and collaborative.

Why now? Three reasons.

First, the villains. Cybercriminals have upped the pace of their attacks on financial institutions and the sophistication and adaptability of their cybercrime technology. The sheer success rate and impunity of this global network of cybercriminals are at an unprecedented high, with no sign of abating.  The fact is the bad guys are succeeding at stealing money with very little risk of getting caught.  Most of the stolen money is moved offshore, to parts of the geopolitical world that are not sympathetic to the US financial system or our laws.  As a community, we need to use every tool at our disposal to stop them.

Second, the victims.  The backbone of our economy, small and medium businesses, along with community groups, churches, school districts, consumers and the community centered banks and credit unions that serve them have been victimized systematically and on a devastating scale. The impact is enormous and in some cases the financial stability of the victimized account holders cannot be recovered. Their stories need to be heard.

Finally, the heroes.  We have the privilege of working everyday with people at leading financial institutions of all sizes who have put protecting their retail and commercial account holders at the center of their business strategy.  They have stepped up to the challenges of this cyber war. They have leveraged the best technologies available, and along with educating their account holders, have made the business and process changes needed to stop these criminals in their tracks.  And the good news is it’s working.  Day after day we see firsthand cases of sophisticated fraud attempts, leveraging all the latest malware and criminal techniques, that are detected and stopped before any money is taken and before the bank and the victim have to go through the gut wrenching process of trying to recover.  This is where the war will be won and these successes need to be highlighted, shared and learned from.

So this blog is here now.  Our hope is it will provide a forum to expose the criminals, support the victims and enlist more heroes. We want the blog to serve as a platform for ongoing discussion on the most important issues facing banks, credit unions, and anyone concerned with payments, mobile and online banking fraud. We’re looking forward to lending our perspective based on daily interactions with the people who are in the trenches fighting this war: CEO’s, CSO’s, online and mobile banking executives, fraud managers, businesses and consumers. Moreover, we hope that “The Frontlines of Fraud”, is an open platform for knowledge sharing of best practices and lessons learned as we all work together to win the cyber war.

Looking forward to our ongoing conversation,

Terry Austin