Czar mail logo 9225e250e2be53ed378b1bbcb1a770ecf98c994c063c73d0685db9e2194e8a48
Czar Mail of California is an American Company
  • It's private; we don't read your mail.
  • No spam—no filters—no lost good mail.
  • No viruses—no trojans—no key loggers.
  • Only about 4¢ per workday.
  • Free trial—no credit card needed.
Comodo secure seal 133f96ceac619d2317cd9e4e3e9f40f30929fb612c170231cb400953d3546602

Birkenhead-based varnish producer AEV Ltd faces a massive £100,000 loss from email malware.

Aev f907235ab318bf650a4b4f74492a482e01199318b63ecab280a247825f5d9411

A Birkenhead (England) manufacturer of electrical varnishes, AEV Ltd, had £100,000 ($168,000 US) stolen from its bank account. The spammers made two transfers, $30,000 to an account in the Ukraine, and €100,000 to an account in Cypress. What makes this attack stand out is that the company's bank, NatWest, blamed the transfers on AEV's negligence, citing that there were no weaknesses in the bank's security systems.

Although after an investigation, the $30,000 was returned to AEV's account, the bank's executive board had found AEV liable for the €100,000, saying that AEV breached NatWest's terms and conditions which stated that NatWest would never ask for a SmartCard Pin, and had told the company via pages on its Internet banking site and in emails. It said that the money was irrecoverable and extended the company's overdraft, but expected that this would be paid over time.

Jonathan Kemp, director of AEV Ltd, fears the company will go out of business after NatWest refused to refund for fraud. He is angry that a payment so far above the company's credit limit was allowed and cannot believe NatWest allowed this to happen without flagging up the payments. He added, "If we lose this money, I fear the company will go out of business and the 22 members of staff will lose their livelihood." He said the business had comprehensive Avast anti-virus software on both PCs installed by an outsourced IT firm. Trusteer Rapport, the anti-virus software that NatWest recommend users install, was not on either of the PCs as "they slowed the computers down to an unusable level."[This is MONEY]

How did they do it?

It appears that the attackers used an authentic looking email which purportedly came from one of AEV's vendors. When the attachment was clicked on, malware silently and stealthily installed a "rootkit" onto the computer which simply went dormant until it detected an attempt to log onto a financial institution's website.

Later, when AEV's financial controller logged into NatWest's Bankline system, she used a "bookmark" (which had been corrupted by the malware) that took her to a fake website. Unusually, the authentic looking website asked for a SmartCard Pin. This is a number that NatWest requires to be entered into a small card-reader device that account-holders are given by the bank. The device then produces a code that must be entered on line. The SmartCard Pin is not normally requested to be entered directly into the Internet banking site.

The AEV staff member, having seen Internet banking security measures change several times over the years, assumed this must have been some new update. After entering the SmartCard Pin, the website displayed a message that she had entered it incorrectly and requested it again. The fraudsters made the transfers within minutes.[This is MONEY]

How would Czar Mail have stopped it?

Czar mail mailer logo 92718fff7ada274816c3218b9912afd2237f785c618f7228dc27f67525d52111

The malware was delivered in an email which installed the malware onto the staff member's computer. Spammers use carefully crafted emails that appear to be legitimate. Often the emails are so authentic looking, it takes a trained eye to spot the fake, and normal office personnel won't know what to look for, or how to look.

Czar Mail members have to present ID before they can get a mailbox, and criminals won't do that because their identity would be known. When spammers send spoofed emails to Czar Mail's open port, they are immediately rejected: they're never delivered to the recipient's inbox. Legitimate Czar Mail members log onto Czar Mail's secure port with a password (which is done automatically by their email client software), so their identity is verified. Spammers can't spoof Czar Mail members because they don't know the forged sender's password.

This is important: If AEV had been a Czar Mail member, the email would have been rejected at the email server, and no one would ever have clicked on the attachment which installed the malware.