FBI warns Idaho residents, businesses of new phishing scam

The FBI’s Cyber Squad says Idaho residents and businesses should watch out for a new phishing scheme.
A new phishing campaign involving personal and business bank accounts, financial institutions and jewelry stores has been discovered by the FBI Denver Cyber Squad.
The campaign involves a variant of the “Zeus” malware called “Gameover.” People receive emails pretending to be legitimate emails from the National Automated Clearing House Association. The email advises a user there was problem with the automated clearing house transaction at the user’s bank and a transaction was not processed. Once the user clicks on the link, the user’s computer is infected with the Zeus or Gameover malware. The malware tracks the user’s real time strokes on the keyboard and steals the user’s online banking credentials.
One such email send Thanksgiving Day to an Idaho Statesman reporter’s work email account said it was from the Electronic Payments Association. It said an ACH payment — ACH stands for Automated Clearing House — transfer of funds had been rejected. Next to “Reason for rejection,” the email said, “Please refer to the report below for more information,” and then provided a link to what purports to be a Microsoft Word document.
The FBI said the thieves use the account information to make wire transfers of the user’s money. A portion of the wire transfers are being transmitted directly to high-end jewelry stores. Investigation has shown the perpetrators contact the high-end jeweler requesting to purchase precious stones and high-end watches. They say they will wire the money to the jeweler’s account and someone will come to pick up the merchandise. The next day when a money mule arrives at the store, the jeweler confirms the money has been transferred or is listed as “pending” and releases the merchandise to the mule. Later on, the transaction is reversed or canceled, and the jeweler is out whatever jewels the money mule was able to obtain.
After the user’s account has been compromised, the thieves conduct what’s called a distributed denial of service attack on the user’s financial institution. Investigators believe the attacks are used to deflect attention from wire transfers as well to make the institutions unable to reverse the transactions if found.
The FBI is asking consumers to be cautious of opening email from senders or email addresses that are not familiar.