Search
  • Home
  • About RCU
  • Join RCU
  • Locations
  • Contact Us
  • Online Banking
Tips & Information

Applications and Forms

Calculators

Committed to Community

Current Promotions

Member Education/Tips

Member Help

Member Newsletter

Tools & ResourcesTools & Resources

Consumer Tips

FBI Warns of New Fraud Scam

Zeus Variant Can Defeat Two-Factor Authentication

The Federal Bureau of Investigation has issued a warning about a new Zeus malware attack targeting commercial bank accounts, ultimately leading to incidents of corporate account takeover.

The Zeus variant used: a malware called Gameover, which the FBI says is able to defeat several forms of dual-factor authentication.

To protect themselves, the FBI suggests consumers and businesses pay attention to suspicious e-mails. In the case of the Gameover attacks, e-mails purporting to come from NACHA-The Electronic Payments Association contained malicious links. NACHA does not traditionally send e-mails directly to businesses or consumers. Receipt of a direct e-mail from an organization such as NACHA should raise a red flag.

But according to the FBI’s Denver Cyber Squad, it’s not just phishy e-emails and dual-factor get-arounds that have made the Gameover attacks forces to be reckoned with. As it turns out, the fraudsters behind this scheme combined a number of tactics, including the use of money mules and denial of service attacks, to con businesses and banks out of funds.

“After the accounts are compromised, the perpetrators conduct a distributed denial of service (DDos) attack on the financial institution,” the FBI states. “The belief is the DDoS is used to deflect attention from the wire transfers, as well to make them unable to reverse the transactions.”

Over the past two weeks, since the Gameover scheme was discovered, the FBI has tracked fraudulent wire transfers routed to high-end jewelry stores. And here is where the scheme takes its twist. Money mules, which've been hired to visit these stores, where funds have been fraudulently transferred, go to pick up jewels worth the amount of the fake wire.

“A money mule arrives at the store, the jeweler confirms the money has been transferred or is listed as pending and releases the merchandise to the mule," the FBI states. "Later on, the transaction is reversed or cancelled… and the jeweler is out whatever jewels the money mule was able to obtain.”

Related Links
The Latest Scams
ID Fraud
Membership Benefits
Debt Management (Balance)

Top

 
RCU Security & Privacy Programs
Equal Housing LenderNCUAPowered by Intuit