Banking Blog

Finance Blogs » Banking » Hackers empty $900K bank account

Hackers empty $900K bank account

By Claes Bell, CFA · Bankrate.com
Monday, February 25, 2013
Posted: 9 am ET

In itself, a distributed denial of service, or DDoS, attack on a bank's website is little more than costly hooliganism. It essentially consists of hackers ordering a bunch of malware-infected computers to "click" on a bank's website until it's too overwhelmed to respond to legitimate users.

The effect is pretty similar to a barricade across the entrance to your bank: You can't get in, but your money is still safe inside the bank.

But what if thieves used a DDoS attack as cover for a more harmful attack that did actually compromise customer checking accounts? That appears to be exactly what happened to a customer of Bank of the West, according to a report from security blogger Brian Krebs:

A Christmas Eve cyber-attack against the website of a regional California financial institution helped to distract bank officials from an online account takeover against one of its clients, netting thieves more than $900,000.

At approximately midday on Dec. 24, 2012, organized cyber crooks began moving money out of corporate accounts belonging to Ascent Builders, a construction firm based in Sacramento, Calif. In short order, the company's financial institution -- San Francisco-based Bank of the West -- came under a large distributed denial of service (DDoS) attack …

There were 62 individuals suckered in to acting as "mules" for the stolen money, according to Krebs.

It's standard operating procedure for scammers to recruit unsuspecting individuals and businesses ("make big money working from home!") to accept a substantial deposit from thieves and wire the bulk of it overseas, keeping a portion for themselves as payments. Typically, the money clears and the mule completes the transfer, only to have the authorities catch up with them and claw back the money, leaving them on the hook for most of the losses.

Obviously, you never want to agree to accept and transfer cash as these mules did. Aside from the legal implications of engaging in what amounts to money laundering, what good are promised payoffs if they're going to be clawed back later?

Another important step to avoid having your account on the receiving end of this type of coordinated attack is having up-to-date antivirus software installed on your computer. Krebs writes that the thieves may have gained access to Ascent Builders' bank logins using malware surreptitiously installed on its computers. And you don't want that happen to you, especially on Christmas Eve.

What do you think? Do you worry about online thieves draining your accounts? What precautions do you take to prevent that from happening?

Follow me on Twitter: @claesbell.

«
»
Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
147 Comments
NicerthanCynthia
March 29, 2013 at 4:09 pm

Amazing how some folks are so ready to attack someone, anyone when the detect (incorrectly in this case)any opportunity. Too bad some people don't try lifting others up instead of knocking them down and kicking in their teeth for no good reason.

SmarterThanSmarterThanCynthia
March 28, 2013 at 5:20 pm

C'mon now, no need to be both obtuse and narcissistic at the same time. Don't put so much emphasis on the word "small". It implies that you are overcompensating with an attempt at over induced intellect due to a lack of size elsewhere.

Jonathan Kwanza.
March 28, 2013 at 10:15 am

Yeah the Tricksters from West Africa are really Given us a Bad Name thereby making legitimate users from Ghana to Suffer the Cost of all those 419 Scammers that are all over the Southern Coast of West Africa with a few of them emailing from Small Northern Towns and Cities Especially Tamale and Bolgatanga.

So Western Viewers and Internet Users be careful of Internet emails Coming out of West Africa Especially Ghana and Nigeria.

SmarterThanCynthia
March 27, 2013 at 11:54 pm

Cynthia, maybe your 7 year old daughter can help you with some reading comprehension. What she said did not imply Russia or China were small countries, half wit.

tubesquare
March 27, 2013 at 3:35 pm

i always watch my bank statement online for this type of thing and never respond to any email stuff. BTW, watch your kid, home, business with this app called tubesquare in itunes and be safer.

Cynthia
March 27, 2013 at 3:33 pm

Traci, can you explain to me how is Russia and China are "all those other small countries". Do you know that Russia and China are the biggest countries in the world? Get some kindergarden education lessons-my 7 years old daughter knows more than you

Da B
March 27, 2013 at 12:46 pm

Here's what you might do if you get an obvious scam offer. Accept offer and E-mail scammer that you got to have the cashier check or whatever immediately or No deal.
I got an offer for my 1973 volkswagen Beetle for $6,000.00 even though it was only worth $ 2,000.00 at the very most. The scammers gave me some malarkey about they needed the auto in Nigeria and had the check to cover costs and for me to keep a couple of thousand after sending them $ 500.00 for transfer fees or "whatever".
They sent the cashier check ,I put in my bank, it cleared but I never spent any money. After 8 working days the bank said the check was counterfeit - Surprise SURPRISE! lol After making sure I was Not charged for depositing a bad check, The scammers were out of $10.00 they paid for FedEx to deliver the fake check.
They have not bothered me since ...

Matt Damon
March 27, 2013 at 11:16 am

So wait, you mean to tell me that the lottery email, inheritance email and the business investment emails I have gotten from Nigeria have all been lies!!!!! I don't believe it.

Matt
March 26, 2013 at 8:40 pm

Sometime during january of this year my phone recieved a text message saying i won 500 dollars please sign up to recieve ur reward supposively from bank america. Knowing i have to worse credit in us history probably, made me think before acting. Being a smarter than average phone user i used my knowledge to see the number that sent the message to me. I received a voicemail from a hispanic female. Well after that i made very bad threats and remarks in hopes that female never tries to steal money from us again. Thanks american for reading this. Keep on moving so u never stop!

Traci
March 26, 2013 at 7:38 pm

The biggest one's doing this are from Nigeria, Ghana, Russia, China and all those other small countries. Rarely if ever you will find the scammers from India! Personally I believe my money is more safer with me then in an bank.