Iowa Banks Stung by $2 Million Cyberfraud
An international wire fraud scheme has netted international cybercriminals $2 million and left three Iowa financial institutions looking for answers.
One of the banks, the Storm Lake-based branch of MetaBank a subsidiary of a publicly traded company disclosed the breach to its shareholders in December. The other two banks have not been identified, the Des Moines Register reported.
Using a series of sophisticated cybercrime tactics, the thieves were able to pose as bank customers and request several wire transfers of about $500,000 each to accounts they'd set up in Hong Kong.
First, the criminals identified account holders they wished to steal from, and sent them emails containing corrupt attachments that, when opened, infected the victim's computer with keystroke logging software , allowing the hackers to gain access to the target's username and password.
The criminals also sent similar spear-phishing emails to employees at one of the companies, such as a credit reporting agency, that stores the victim's security questions and answers used to verify their identity.
Then, impersonating the target, the criminals -- with the victim's passwords, usernames, Social Security number and security answers in hand -- called the victim's phone company and had all calls forwarded to their disposable cellphone.
With all the bases covered, the crooks were able to make off with $2 million, and the customers never saw it happening.
"Email and the electronic age has just made these things easier for the thieves to pull off," Vaughn Noring, bank bureau chief for the Iowa Division of Banking, told the Register. "Now they can be living in a country on the other side of the globe and steal from you."
Unfortunately, these multipronged, international scams are not uncommon. The method behind these heists are similar to large-scale hacks that have occurred in recent months, including one that stole sophisticated security tokens from the security firm RSA last month.