Computer Intrusion - Better Business Bureau Trojan Horse $187,000 Loss In June 2007 FI investigators were notified by treasury management that a client had their checking account compromised. As part of the compromise, three fraudulent ACH transfers were completed to another FI. Client discovered that there were three unauthorized ACH withdrawals from their checking account: $188,000, $103,000, and $98,000. Treasury management immediately initiated an ACH dispute forms and attempted to recover the funds for client. It was discovered in that the $103,000 transfer rejected since the account number was invalid at the receiving institution. The ACH was credited back to the FIís account.

Corporate investigator spoke with an investigator at another institution who indicated additional funds were being returned electronically back to the client. The other FI was investigating their client due to recent attempted to wire the funds to Eastern Europe. FIís corporate investigations spoke with another institutions investigator who explained that their client already wire transferred $177,400 to Eastern Europe the same day the ACH was received, but was still holding $4,000 to be returned to the FI. It was determined that the client had a Trojan horse program on several of their computers. The virus is downloaded to a computer after the user receives an e-mail that appears to be from the Better Business Bureau. The e-mail explains that the company received a complaint, and that they need to click on the attachment to see the particulars. When the attachment is opened, the Trojan horse program was downloaded. The program remains dormant until the user logs on to the online business banking website. When the user logs into the online system, the Trojan horse program uses keystroke logging technology to obtain the username and password. The suspects then log on to the system and initiated the ACH transfers.

An e-mail was sent by corporate investigations to the BBB to inquire as to law enforcement involvement into the scheme. A law enforcement officer responded to the e-mail and explained that there was a task force assigned to this case investigating the situation. Suspect 1, president of the ACH receiving business, was contacted and asked about the $188,000 deposit made into suspects account. Suspect 1 advised that he had responded to an online job listing website business opportunity that was advertised. The ad specifically asked for business owners or those having access to business accounts in the US. The employer was looking for individuals to become collaborators in a worldwide investment program. Suspect 1 received a financial investments agreement, which identified the terms and responsibilities of the position of a financial investment agent. Basically, Suspect 1 would receive deposits to his business account and then forward the funds, as instructed, to specific business operations and investments. Suspect believed the opportunity was legitimate and chose to take part in it. Suspect 2 was contacted and asked about the $98,000 deposit made to suspectís business account. Suspect 2 responded to the same online job advertisement and researched the opportunity and believed that it was legitimate. The other FI closed the account of Suspect 2 because of this matter.

Suspect 2 has since opened a new business checking account with another bank, which received a deposit similar to the previous fraudulent ACH deposit. Suspect 2 was advised to find out where the deposit came from and to confirm that it was legitimate. FI suffered a loss of $187,000.