Banking Blog

Finance Blogs » Banking Blog » Hackers empty $900K bank account

Hackers empty $900K bank account

By Claes Bell ·
Monday, February 25, 2013
Posted: 9 am ET

In itself, a distributed denial of service, or DDoS, attack on a bank's website is little more than costly hooliganism. It essentially consists of hackers ordering a bunch of malware-infected computers to "click" on a bank's website until it's too overwhelmed to respond to legitimate users.

The effect is pretty similar to a barricade across the entrance to your bank: You can't get in, but your money is still safe inside the bank.

But what if thieves used a DDoS attack as cover for a more harmful attack that did actually compromise customer checking accounts? That appears to be exactly what happened to a customer of Bank of the West, according to a report from security blogger Brian Krebs:

A Christmas Eve cyber-attack against the website of a regional California financial institution helped to distract bank officials from an online account takeover against one of its clients, netting thieves more than $900,000.

At approximately midday on Dec. 24, 2012, organized cyber crooks began moving money out of corporate accounts belonging to Ascent Builders, a construction firm based in Sacramento, Calif. In short order, the company's financial institution -- San Francisco-based Bank of the West -- came under a large distributed denial of service (DDoS) attack …

There were 62 individuals suckered in to acting as "mules" for the stolen money, according to Krebs.

It's standard operating procedure for scammers to recruit unsuspecting individuals and businesses ("make big money working from home!") to accept a substantial deposit from thieves and wire the bulk of it overseas, keeping a portion for themselves as payments. Typically, the money clears and the mule completes the transfer, only to have the authorities catch up with them and claw back the money, leaving them on the hook for most of the losses.

Obviously, you never want to agree to accept and transfer cash as these mules did. Aside from the legal implications of engaging in what amounts to money laundering, what good are promised payoffs if they're going to be clawed back later?

Another important step to avoid having your account on the receiving end of this type of coordinated attack is having up-to-date antivirus software installed on your computer. Krebs writes that the thieves may have gained access to Ascent Builders' bank logins using malware surreptitiously installed on its computers. And you don't want that happen to you, especially on Christmas Eve.

What do you think? Do you worry about online thieves draining your accounts? What precautions do you take to prevent that from happening?

Follow me on Twitter: @claesbell.

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
Ray Basten
February 25, 2013 at 3:24 pm

I like the ones that start out with "Your..." instead of "You're..." Don't even have to think twice they are strictly scams. (You would think they would learn better English LOL)

February 25, 2013 at 3:01 pm

YOU should give your State AG a call, along with a letter with documentation about what happened. This was an attempted fraud, larceny by deception, and conspiricy to defraud.
The local police do not have the resources to follow up on these types of cases.
Push the issue with your states AG, and even go to the press. The AG does not like to hear in the press that they are not doing their job.
The people doing this to you are doing this to many others too. It costs us all money and resources, even if, like in your case they do not succeed.

February 25, 2013 at 2:56 pm

People with a concience and a pulse with do what right by not letting temptation make them a victim that would cause them dearly. If it's too good to be true, it's a lie.

February 25, 2013 at 2:44 pm

I apparently am never targeted by the smart hackers! The scam emails I get are always to stupid to even be believable. They never do their homework either. The most popular one I get is the Nigerian's who need to get money "honestly" into the country! Yeah right then open a bank account!! I have also been getting one that recently about unclear info on my bio on a website I visit. They need me to clarify my personal info for them. Kick is I never filled out the bio on that particular website anyway! So if they got anything out of it at all it would be a miracle! Go figure!

February 25, 2013 at 1:55 pm

im glad to be reading finally, an explanation to the cryptic messages in my email for the transfer of $$$. i never completed the transactions.i was very wary of the 'easiness' of making such a large sum of money. im glad i smarted up to the scam. now i know how it is set up and who goes down for the crime. thank god it wasnt me. yeah if it looks to good to be true, it probably is.

February 25, 2013 at 1:48 pm

I agree with Jordan. The authorities simply do not pay any attention.

I got a call from J&R electronics about a Samsung phone I had "ordered" in the middle of the night. I never ordered it. Someone lifted my CC details at a local restaurant or store. The bogus sale was stopped and J&R had the shipping address the thieves were having the phone sent to. The police said, "You stopped it. No crime, no foul." Yet they ALL know who the perps in this example were and where they live! Go figure.

February 25, 2013 at 1:19 pm

Like they say: Anytime something looks to be too good to be true, it probably is.

February 25, 2013 at 12:55 pm

Unfortunately the FBI, banks, insurance companies and many other entities that should care and should have a maximum effort to secure their financial institutions and personal data of customers, simply can't be bothered. Then they wonder why cybercrime is escalating exponentially.

February 25, 2013 at 12:50 pm


Some of us may understand your writing a little better if you learn the value of putting commas and periods into your sentences. Thanks.

February 25, 2013 at 11:18 am

I am sorry to here this happen I was caught up in one of these same scams two years ago they send me checks fex ex I cash them go to a western union to see how they treat you and report it back to a person keep 10% OF THE monies send the rest to an address after I was contacted by the bank I tried to contact the FBI they didnt care then they started sending me postal money orders they look so real I still have them Contacted FBI still didnot care so I learn If it sounds to good to be true its a scam. just like all the ones that say you inherited millions stay away from them