IBM security researchers have uncovered a sophisticated fraud scheme operated by an Eastern European cyber gang, which combines phishing, malware and phone calls to convince victims that they are dealing with an actual bank.
The scheme, nicknamed “The Dyre Wolf,” (Shout out to all you Game of Throners) has netted slightly north of $1 million from large and medium-sized U.S. companies. Although the amount stolen is small compared to other recent heists, it presents a new level of sophistication. Attackers target company employees with spam emails containing an attachment with malware. When downloaded the malware remains dormant and “waits until it recognizes that the user is navigating to a bank website and instantly creates a fake screen telling the user that the bank’s site is having problems and to call a certain number. If users call that number, they get through to an English-speaking operator who already knows what bank the users think they are contacting. The operator then elicits the users’ banking details and immediately starts a large wire transfer to take money out of the relevant account.”
Once the transaction is complete, the hackers begin quickly transferring the money through a number of accounts so it cannot be traced. What sets this scheme apart from others is the use of an actual live operator. IBM has not released the list of companies affected or the location of the hackers.