A Birkenhead (England) manufacturer of electrical varnishes, AEV Ltd, had £100,000 ($168,000 US) stolen from its bank account. The spammers made two transfers, $30,000 to an account in the Ukraine, and €100,000 to an account in Cypress. What makes this attack stand out is that the company's bank, NatWest, blamed the transfers on AEV's negligence, citing that there were no weaknesses in the bank's security systems.
Although after an investigation, the $30,000 was returned to AEV's account, the bank's executive board had found AEV liable for the €100,000, saying that AEV breached NatWest's terms and conditions which stated that NatWest would never ask for a SmartCard Pin, and had told the company via pages on its Internet banking site and in emails. It said that the money was irrecoverable and extended the company's overdraft, but expected that this would be paid over time.
Jonathan Kemp, director of AEV Ltd, fears the company will go out of business after NatWest refused to refund for fraud. He is angry that a payment so far above the company's credit limit was allowed and cannot believe NatWest allowed this to happen without flagging up the payments. He added, "If we lose this money, I fear the company will go out of business and the 22 members of staff will lose their livelihood." He said the business had comprehensive Avast anti-virus software on both PCs installed by an outsourced IT firm. Trusteer Rapport, the anti-virus software that NatWest recommend users install, was not on either of the PCs as "they slowed the computers down to an unusable level."[This is MONEY]
It appears that the attackers used an authentic looking email which purportedly came from one of AEV's vendors. When the attachment was clicked on, malware silently and stealthily installed a "rootkit" onto the computer which simply went dormant until it detected an attempt to log onto a financial institution's website.
Later, when AEV's financial controller logged into NatWest's Bankline system, she used a "bookmark" (which had been corrupted by the malware) that took her to a fake website. Unusually, the authentic looking website asked for a SmartCard Pin. This is a number that NatWest requires to be entered into a small card-reader device that account-holders are given by the bank. The device then produces a code that must be entered on line. The SmartCard Pin is not normally requested to be entered directly into the Internet banking site.
The AEV staff member, having seen Internet banking security measures change several times over the years, assumed this must have been some new update. After entering the SmartCard Pin, the website displayed a message that she had entered it incorrectly and requested it again. The fraudsters made the transfers within minutes.[This is MONEY]
The malware was delivered in an email which installed the malware onto the staff member's computer. Spammers use carefully crafted emails that appear to be legitimate. Often the emails are so authentic looking, it takes a trained eye to spot the fake, and normal office personnel won't know what to look for, or how to look.
Czar Mail members have to present ID before they can get a mailbox, and criminals won't do that because their identity would be known. When spammers send spoofed emails to Czar Mail's open port, they are immediately rejected: they're never delivered to the recipient's inbox. Legitimate Czar Mail members log onto Czar Mail's secure port with a password (which is done automatically by their email client software), so their identity is verified. Spammers can't spoof Czar Mail members because they don't know the forged sender's password.