Five Slovenians arrested for $2.5M email banking fraud | Naked Security

Five Slovenians arrested for $2.5M email banking fraud |.

By Lisa Vaas

Slovenian police on Thursday raided 12 homes and arrested five Slovenian citizens in connection with sending malware-packed email to small and medium businesses’ accounting departments.

The email was spoofed to look like it came from a local bank or, in one case, the state tax authority, and it typically warned of a late payment.

The fake tax letter fictionalized a change of legislation that would financially affect the targeted victim. The email came with an attachment that carried a trojan.

The RAT (Remote Administration Toolkit) contacted a controlling server that frequently changed network location.

Once a target clicked on the attachment and installed the RAT, the cybercriminals could observe activity on the infected system.

With stolen credentials and, sometimes, if the victim didn’t remove the smart card containing a bank-issued certificate from a reader after use, the victimized companies’ bank accounts were laid wide open for ransacking.

According to a release from SI-CERT (the Slovenian national CERT [Computer Emergency Response Team]), the gang usually raided bank accounts on Fridays or the day before a national holiday.

That gave the crooks enough time to queue bank transfer orders unobserved during weekends and holidays, provided that the victim did not shut down the computer or remove the smart card from the reader.

The bank robber gang employed 25 money mules to transfer almost €2 million ($2.57M, £1.7M).

They also concocted a nonexistent British insurance company to hide behind as they hired money mules in a work-at-home scam.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s