Byron Acohido reports:
A rising swarm of cyber-robberies targeting small firms, local governments, school districts, churches and non-profits has prompted an extraordinary warning. The American Bankers Association and the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking.
The reason: Cybergangs have inundated the Internet with “banking Trojans” — malicious programs that enable them to surreptitiously access and manipulate online accounts. A dedicated PC that’s never used for e-mail or Web browsing is much less likely to encounter a banking Trojan.
And the bad guys are stepping up ways to get them onto PCs at small organizations. They then use the Trojans to manipulate two distinctive, decades-old banking technologies: Automated Clearing House (ACH) transfers and wire transfers.
The FBI says it has investigated more than 200 cases, mostly in 2008 and 2009, in which cyber-robbers executed fraudulent transfers totaling about $100 million — and successfully made off with $40 million.
The victims are mostly small to midsize organizations using online bank accounts supplied by local community banks and credit unions, FBI analysis shows. “The bad guys are still out there breaking into customers’ computers,” says Steven Chabinsky, deputy assistant director of the FBI’s Cyber Division.
Banking and tech security experts say many more cases of ACH and wire transfer fraud are going unreported mainly because the attacks are new and there are no laws setting forth the rights of online business account holders, the way consumer-rights laws protect accounts held by individuals. The result: Many cases end in civil disputes in which small businesses often lose.
Read more on USA Today.