Cyber scheme could get you to give up bank details by phone

by Cory Bennett - 04/02/15 5:41 PM ET

An Eastern European cyber crime ring of unprecedented sophistication has stolen more than $1 million from several large and medium-sized U.S. companies, IBM Security researchers said Thursday.

Over the last year, the cyber crooks have established an elaborate system that lures employees into calling live phone operators and telling them their banking details.

“The attackers are several steps ahead of everyone,” said IBM Senior Threat Researcher John Kuhn in a blog post.

{mosads}The researchers dubbed the complex efforts “The Dyre Wolf.”

“Since its start in 2014, Dyre has evolved to become simultaneously sophisticated and easy to use, enabling cybercriminals to go for the bigger payout,” Kuhn said.

The process starts by sending employees fraudulent phishing emails containing infected links or attachments.

If malware gets on the employee’s computer, it lies dormant until the user browses to a bank website. The malware then creates a spoof replica of the Web page informing the user the site is having difficulties. The fake page provides instructions to call a phone number.

“The attackers … know when victims will call and which bank to answer as,” Kuhn said.

If the target actually calls the number, an English-speaking operator answers. Under the guise of gathering basic account information, the operator gets the banking details necessary to start a large wire transfer out of the account.

“As soon as the victim hangs up the phone, the wire transfer is complete,” Kuhn said.

The intricate nature of the plot is indicative of the robust Eastern European cyber operations.

An elaborate dark Web market, dubbed the “cyber arms bazaar,” operates across the region, where cyber crooks swap techniques, malware and hacking tools.

Most cyber crime worldwide can be traced back to the market in some fashion.

“An experienced and resource-backed cyber crime gang operates Dyre,” Kuhn said. “It was used in wide-stroke attacks for the past year and has now moved into a more brazen stage of attacking corporate accounts via the incorporation of skilled social engineering schemes.”