Banking Blog

Finance Blogs » Banking Blog » Hackers empty $900K bank account

Hackers empty $900K bank account

By Claes Bell ·
Monday, February 25, 2013
Posted: 9 am ET

In itself, a distributed denial of service, or DDoS, attack on a bank's website is little more than costly hooliganism. It essentially consists of hackers ordering a bunch of malware-infected computers to "click" on a bank's website until it's too overwhelmed to respond to legitimate users.

The effect is pretty similar to a barricade across the entrance to your bank: You can't get in, but your money is still safe inside the bank.

But what if thieves used a DDoS attack as cover for a more harmful attack that did actually compromise customer checking accounts? That appears to be exactly what happened to a customer of Bank of the West, according to a report from security blogger Brian Krebs:

A Christmas Eve cyber-attack against the website of a regional California financial institution helped to distract bank officials from an online account takeover against one of its clients, netting thieves more than $900,000.

At approximately midday on Dec. 24, 2012, organized cyber crooks began moving money out of corporate accounts belonging to Ascent Builders, a construction firm based in Sacramento, Calif. In short order, the company's financial institution -- San Francisco-based Bank of the West -- came under a large distributed denial of service (DDoS) attack …

There were 62 individuals suckered in to acting as "mules" for the stolen money, according to Krebs.

It's standard operating procedure for scammers to recruit unsuspecting individuals and businesses ("make big money working from home!") to accept a substantial deposit from thieves and wire the bulk of it overseas, keeping a portion for themselves as payments. Typically, the money clears and the mule completes the transfer, only to have the authorities catch up with them and claw back the money, leaving them on the hook for most of the losses.

Obviously, you never want to agree to accept and transfer cash as these mules did. Aside from the legal implications of engaging in what amounts to money laundering, what good are promised payoffs if they're going to be clawed back later?

Another important step to avoid having your account on the receiving end of this type of coordinated attack is having up-to-date antivirus software installed on your computer. Krebs writes that the thieves may have gained access to Ascent Builders' bank logins using malware surreptitiously installed on its computers. And you don't want that happen to you, especially on Christmas Eve.

What do you think? Do you worry about online thieves draining your accounts? What precautions do you take to prevent that from happening?

Follow me on Twitter: @claesbell.

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
February 26, 2013 at 2:50 am

I deal with Bank of America. Someone in Canada used my Debit card to purchase tires. I went to use my Debit card at Barnes and Nobles and they let me know my bank wouldn't accept it. Next day to the bank I went and learned about the Canada purchase. They asked me if I went out of the country. Being an old lady I told them I never leave my little town here in Maryland. I had to sign a statement that I didn't use the account our of the country, and within a two week period the bank restored the money. Their security office watches for out of country purchases that look suspicious. Seeing my account is used mostly for medicine and groceries they wisely stopped payment so no one else could use it. I got a new account and learned a lot. I would never use any online company to use my personal account. If the banks cannot stop this type of crime, how are any of us going to do it. Last month my son had someone steal his credit card account two days before Xmas and ran up $2000 in two hours. He is still trying to his bank to clear it and restore his money. Scary world we are living in.

Lyla Cavanaugh
February 26, 2013 at 2:10 am

I had a $2,000 Toshiba computer I took into Best Buys for service. Like a dummie I also gave them the wire that plugs in this computer. I did not know this wire could not be replaced. Ofcourse it was "stolen, went missing." The repair guy acted like he didn't know anything. I wound up having to throw the whole computer out.

February 25, 2013 at 11:09 pm

Moe, Funny

Dane Moser
February 25, 2013 at 9:37 pm

Hackers tried taking a little over $1,500 from the bank I belong to. The bank called me and asked if I authorized this transaction. The hacker tried taking my money from Iraq, and I live in PA.

February 25, 2013 at 7:51 pm

It never ceases to amaze me the number of people trying to get rich quick (any way they can) and then holler "foul" when it does not happen. Someone "found" a ladies handbag and picked a person at random to split the money with if said person would put up collateral, which the person did. Then, when she realized she had been scammed, she called the police. What about her trying to steal someone else's money? Did she think that was okay?

Dottie Sinkler
February 25, 2013 at 7:51 pm

I agree, no more Pay Pal for me either. They allowed someone to hack my account to the tune of more than $2,000. My bank refunded my money but shame on Pay Pal to have allowed this in the first place. The person who hacked my account lived thousands of miles from me. AFTER it was hacked Pay Pal sent me an E-Mail asking me if I had made the purchase. Up until that time I had used Pay Pal without any problems but one mix-up like this and I will NEVER use Pay Pal again.

janet elsey
February 25, 2013 at 7:37 pm

Yeah, paypal is useless. too many people have their scam down perfectly; i never use them anymore

February 25, 2013 at 7:23 pm

Why do people not know that if someone takes money out of your bank account, the bank must replace it since you were not the one who authorized the money to be taken? Works same way for credit cards too. These identity theft protection companies are just falsely scaring people and they are ripoffs.

February 25, 2013 at 7:16 pm

My account was compromised while my computer was in the hands of Geeksquad. Someone from Korea purchased something [don't know what] from Ebay and ran it through my Paypal account.
The money was returned by the bank but no more paypal for me.

February 25, 2013 at 7:09 pm

I already have a hacker on my bank account,It's my old lady