Operation High Roller Targets North American Banks

Print
Email
Reprints
Comment
Twitter
LinkedIn
Facebook
Google+

A "major" U.S. bank is being targeted by a group of international criminals involved in a so-called Operation High Roller scam. The con targets treasury customers as well as the wealthy in a scheme to move tens, if not hundreds, of thousands of dollars overseas through wire transfers.

The revelation was made by threat researchers at Santa Clara, Calif., internet security company McAfee in an assessment of the complex threat in a recently published third quarter report. Similar attacks were announced in June as a part of a joint investigation by Guardian Analytics and McAfee.

Ryan Sherstobitoff, one of the McAfee researchers, was coy about describing the large American bank, so as not to violate any privacy pacts his company has with the bank.

The software being used in the crime, a combination of SpyEye and Zeus malware, infects potential victims' machines through carefully crafted emails that lead an intended target to click on either an attachment or a malicious website. That means that these networks of criminals already know who they're trying to scam — down to the names of treasury managers at multi-million dollar businesses.

The attacks have been running since the beginning of the year, and most likely originated in Russia and Eastern Europe, says Sherstobitoff.

The earlier scams, which affected roughly 109 U.S. businesses, simply locked corporate and treasury customers out of their internet banking portals for about two days while wire transfers were conducted from their accounts.

These latest attacks, discovered in September, can now copy even a consumer's online banking credentials while the victim is logging on, then present the user with a screen that asks that person to wait, while automatically filling out and completing a wire transfer. Afterwards it covers that transfer's tracks.

"This is the first confirmed instance where these types of [thieves] are targeting a U.S. financial institution," says Sherstobitoff. "Where before the problem in the U.S. was really manual account takeovers that required the human element, in this case, it's fully automated, where [victims] are stalled with a message while the malware is making the fraudulent wire transaction."

He says that McAfee discovered the targeted U.S. attack after finding SpyEye software loaded with a Javascript payload containing specific instructions naming the top 10 U.S. bank and how to route its online banking security.

Operation High Roller is more prevalent in Europe, where criminals are already moving past wire transfers to send cash to different countries through SEPA, a system not unlike the ACH network, Sherstobitoff says.

After all, he says, with these sort of attacks, Europe acts as an early warning system for what will eventually come across the Atlantic.

JOIN THE DISCUSSION

SEE MORE IN

'Dodd-Frank Is Like the TSA': Comments of the Week
American Banker readers share their views on the most pressing banking topics of the week. Comments are excerpted from reader response sections of AmericanBanker.com articles and from our social media platforms.

(Image: iStock)

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Already a subscriber? Log in here
Please note you must now log in with your email address and password.