Five Slovenians arrested for $2.5M email banking fraud |.
By Lisa Vaas
Slovenian police on Thursday raided 12 homes and arrested five Slovenian citizens in connection with sending malware-packed email to small and medium businesses’ accounting departments.
The email was spoofed to look like it came from a local bank or, in one case, the state tax authority, and it typically warned of a late payment.
The fake tax letter fictionalized a change of legislation that would financially affect the targeted victim. The email came with an attachment that carried a trojan.
The RAT (Remote Administration Toolkit) contacted a controlling server that frequently changed network location.
Once a target clicked on the attachment and installed the RAT, the cybercriminals could observe activity on the infected system.
With stolen credentials and, sometimes, if the victim didn’t remove the smart card containing a bank-issued certificate from a reader after use, the victimized companies’ bank accounts were laid wide open for ransacking.
According to a release from SI-CERT (the Slovenian national CERT [Computer Emergency Response Team]), the gang usually raided bank accounts on Fridays or the day before a national holiday.
That gave the crooks enough time to queue bank transfer orders unobserved during weekends and holidays, provided that the victim did not shut down the computer or remove the smart card from the reader.
The bank robber gang employed 25 money mules to transfer almost €2 million ($2.57M, £1.7M).
They also concocted a nonexistent British insurance company to hide behind as they hired money mules in a work-at-home scam.