Given the increasing amount, intensity, and sophistication of "phishing scams", I'm somewhat surprised that they "only" netted $40M ~ ~ emphasis/bolding below is mine ~ Sooz
Dec 11, 2009
FBI: Cyber crooks stole $40M from bank accounts in '09
Computer criminals siphoned an estimated $40 million from bank accounts this year, "a very dramatic increase from past years," the FBI's head of cybercrime tells the Financial Times.
Hackers "are clearly ahead of the defense in terms of antivirus solutions, firewall solutions, etc," said Jeffrey Troy of the FBI.
The primary targets are small and mid-sized businesses that are customers of small and mid-sized banks that aren't using the highest security measures. But individuals are increasingly at risk because of viruses passed along through Facebook, Twitter and other social media site. Compounding the problem is the use of shortened Web links that disguise the full addresses of criminal sites.
The FT elaborates:
Quote:
Targets have fallen victim to "spear phishing" and other tricks. In spear phishing, a misleading e-mail, instant message or social networking communication is aimed at one company or even a single person within that company, frequently a top executive. The message can be tailored convincingly with details of interest to that individual.
One of the most prevalent programs for stealing banking passwords, Zeus, can be bought and modified by anyone for about $700, Cisco Systems said in annual security study released this week.
Through both phishing and silent installs via compromised websites, Zeus has landed on some 3.6m machines. Another virus, URLZone, can rewrite online banking statements so that pilfered money does not appear to be missing.
(Posted by Michael Winter)
http://content.usatoday.com/communities ... ts-in-09/1