FBI press release (November 3, 2009)
"As part of a continuing effort to identify the latest cyber crime trends and warn the public, the FBI today released the following information:
"Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts. In a typical scenario, the targeted entity receives a 'spear phishing' e-mail which either contains an infected attachment, or directs the recipient to an infected website. Once the recipient opens the attachment or visits the website, malware is installed on their computer. The malware contains a key logger which will harvest each recipient’s business or corporate bank account login information...."
Not long after that, whoever's spreading the malware opens another user account with the stolen information - or starts a transfer of funds directly, by posing as the user.
There's more in the press release, including these links:
- About banking securely online: http://www.us-cert.gov/reading_room/Banking_Securely_Online07102006.pdf
- Guarding against malicious software: http://www.us-cert.gov/nav/nt01/
- A detailed analysis of work-at-home 'opportunities' to receive transfers and forward money overseas (it's a scam): http://www.ic3.gov/media/2009/091103-1.aspx
Bottom line? If it looks too good to be true, it probably is.
None of this advice is particularly new: but it seems to require a reminder now and again.
A tip of the hat to FBIPressOffice, on Twitter, for the heads-up on this press release.