Internet security and virus protection providers McAfee reveals that cyber-criminals are targeting banks and corporations as they migrate to the Single Euro Payments Area. The transaction server used for the scam system is based in Moscow and uses variations of the Zeus and SpyEye Trojans to infiltrate targeted corporate accounts with the intention of starting Sepa Credit Transfers to mules across the EU.
The campaigns, which capitalise on the automated channels developed by banks to distribute Sepa payments, have already targeted two German banks with a specially designed JavaScript payload in an attempt to steal EUR61,000. The system is hard-coded to facilitate Sepa transactions up to a maximum of EUR100,000 and a minimum of EUR1,000.
Ryan Sherstobitoff, a threat researcher at McAfee said: “The fraudsters are looking for different angles to exploit: these can be anything from the processing times in ACH payments that allow them to get funds to mules quickly, to the lack of two-factor authentication associated with out-going wires. In this case, the fraudsters have evolved from automated wire transactions to different types of payment channels.”
Whitepapers
Related reading
Central banks best suited to issue digital currencies
By Aaran Fronda A recent report by the Official Monetary and Financial Institutions Forum (OMFIF) said that central banks rather than private ... read more
Instant payments: innovations inbound for corporates
In 2020, instant payments look set to continue their current trajectory to become the biggest trend in payments. While these schemes already offer numerous benefits to corporates, leveraging innovations such as APIs and request to pay will go some way to unlocking their full potential, argues Michael Knetsch
Obstacles exist for banks to meet ECB’s instant payments goal
The cost of joining instant payment platforms will be one of many hurdles banks and payment services providers must overcome to meet ... read more
Banks must be aware of “biases” in data used to train ML models
Financial institutions need to be conscious of biases in the historical data that is being used to train machine learning (ML) models, ... read more