The FBI is warning small- and medium-size U.S. businesses to be on guard against cybercriminals who are stealing banking credentials and sending fraudulent wire transfers to Chinese companies.
In a press release issued April 26, the FBI noted 20 incidents between March 2010 and April 2011 in which financial information of small- to medium-size companies was compromised.
The frauds are perpetrated via targeted phishing emails or malicious emails sent to an employee who has the authority to transfer funds on behalf of the company, the FBI said. Once the target employee's network is hacked, the thieves are able to harvest the corporate banking credentials -- using notorious malware like the Zeus Trojan -- and initiate the wire transfers.
Stolen funds, ranging between $50,000 to $985,000, are held at "intermediary banks typically located in New York," and then transferred to economic and trade companies located in the Heilongjiang province, including the Agricultural Bank of China and the Industrial and Commercial Bank of China.
In all, the criminals netted about $11 million during the past year.
The size of the target is crucial to how successful these wire fraud schemes have been. By going after small companies, the online criminals have been able to successfully steal smaller amounts of money -- but usually remaining somewhat inconspicuous, at least until now.
As the battle between online thieves and law enforcement moves forward, it will be interesting to see if the trend of cybercriminals going after smaller businesses continues, or whether massive companies will remain the top targets.