Sepa migration vulnerable to cyber-criminals

McAfee says criminals attacking Sepa migration

Internet security and virus protection providers McAfee reveals that cyber-criminals are targeting banks and corporations as they migrate to the Single Euro Payments Area. The transaction server used for the scam system is based in Moscow and uses variations of the Zeus and SpyEye Trojans to infiltrate targeted corporate accounts with the intention of starting Sepa Credit Transfers to mules across the EU.

The campaigns, which capitalise on the automated channels developed by banks to distribute Sepa payments, have already targeted two German banks with a specially designed JavaScript payload in an attempt to steal EUR61,000. The system is hard-coded to facilitate Sepa transactions up to a maximum of EUR100,000 and a minimum of EUR1,000.

Ryan Sherstobitoff, a threat researcher at McAfee said: “The fraudsters are looking for different angles to exploit: these can be anything from the processing times in ACH payments that allow them to get funds to mules quickly, to the lack of two-factor authentication associated with out-going wires. In this case, the fraudsters have evolved from automated wire transactions to different types of payment channels.”

Related reading

Leave a comment