Sold a Lemon in Internet Banking
An online bank robbery in which computer crooks stole $63,000 from a Kansas car dealership illustrates the deftness with which cyber thieves are flouting the meager security measures protecting commercial accounts at many banks.
At 7:45 a..m. Monday, Nov. 1, 2010, the controller for Abilene, Kansas based Green Ford Sales, Inc. logged into his account at First Bank Kansas to check the company’s accounts. Seven hours later, he logged back in and submitted a payroll batch for company employees totaling $51,970. The bank’s authentication system sent him an e-mail to confirm the batch details, and the controller approved it.
The controller didn’t know it at the time, but thieves had already compromised his Microsoft Windows PC with a copy of the ZeuS trojan, which allowed them to monitor his computer and log in to the company’s bank account using his machine. Less than an hour after the bookkeeper approved the payroll batch, bank records show, the thieves logged in to Green Ford’s account from the same Internet address normally used by the dealership, using the controller’s correct user name and password.