The Threat of Fraudulent Wire Transfers to Financial Institutions

In today's digital age, financial institutions face an increasing number of threats from cybercriminals. One form of fraud involves the unauthorized use of bank accounts for wire transfers, a problem exacerbated by detailed online tutorials shared among criminals. Understanding these threats and their implications is crucial for all financial institutions.

Bank Log Vs. Bank Drop

Knowing the difference between a bank log and a bank drop as key terms used by fraudster is foundational knowledge.

A bank log refers to the hacked bank account information belonging to a client or victim. These accounts typically contain substantial amounts of money and can be purchased online through illegal websites. After purchasing, the fraudster logs into the account without the owner’s knowledge and transfers the money to a “bank drop” or converts it to cryptocurrency.

A bank drop is a personal bank account used to receive money from a hacked bank log. This account can belong to a client or be created specifically for this purpose then sold. These accounts facilitate quick conversion of the transferred money into cryptocurrency, making it difficult to trace.

The Anatomy of a Fraudulent Wire Transfer Tutorial

A recently uncovered tutorial provides a step-by-step guide on how to perform unauthorized wire transfers using compromised bank logs. Here’s a breakdown of the process as outlined in the tutorial:

1. Acquiring Bank Account Logs: Fraudsters first purchase compromised bank account details (referred to as "logs") from online sources, often advertised as legitimate sellers of low-balance logs at attractive prices.
2. Logging into the Account: Using the acquired login information, the criminal gains access to the bank account.
3. Initiating a Wire Transfer: The tutorial instructs the user to navigate to the wire transfer option within the online banking interface.
4. Bypassing Security Measures: If the log includes an advanced access code (a secondary authentication method), the criminal can bypass this security step. If not, they are instructed to alter the associated phone number to their own to receive the code.
5. Email Alerts: Any security alerts sent to the email associated with the bank account are intercepted and deleted by the fraudster to avoid detection.
6. Completing the Transfer: The wired money is then transferred to an account controlled by the criminal, typically reflecting within 30 minutes.

Figure 1: Tutorial sent by a fraudster on Telegram on how to wire transfer.

The FAQ: Insights into Fraudulent Operations

The tutorial also includes a Frequently Asked Questions (FAQ) section that provides additional insights into the operational details and risks involved in these fraudulent activities. Here are important points:

1. Direct Deposit Loading: This method can be used to load various accounts, including CashApp, USA bank accounts, and prepaid card accounts with online access.
2. Transfer Reflection Time: Direct deposits typically take 24 hours to reflect in the targeted account.
3. Daily Limits: Each account has a daily limit for transfers, usually around $10,000. Exceeding this limit can lead to detection and potential blocking of the account.
4. Chargebacks: Direct deposits do not have chargebacks, but criminals are advised to withdraw the funds immediately to minimize risk.
5. Bank Suitability: Not all bank logs are suitable for direct deposits. Recommended banks include Huntington Bank, Woodforest Bank, FNBO Bank, and Bluefcu Bank, among others.

Figure 2: Includes a Telegram message with a FAQ session regarding direct deposit.

Conclusion

The detailed tutorials and FAQs shared among cybercriminals highlight the ease with which these fraudulent activities can be carried out and the significant risks they pose to financial institutions. Understanding these threats and implementing comprehensive security measures are essential steps in protecting institutions and their customers from potentially devastating fraud.