The Federal Bureau of Investigations (FBI) reports that cyber criminals are committing ACH/wire transfer fraud by responding to employment opportunities posted online.

More than $150,000 was stolen from one U.S business by a cyber criminal using wire transfers. The business received an email in response to a job posting placed on an employment website. The email contained embedded malware that allowed the attacker to obtain online banking credentials for the person authorized to conduct financial transactions for the company. Account settings were changed to allow wire transfers to the Ukraine and two domestic accounts. The malware was connected to the ZeuS/Zbot Trojan that is often used to defraud U.S. employers.

How to protect data from theft, destruction or corruption:

1. Set up safeguards. The safeguards should include a protocol demanding that employees not respond to unknown emails or open unusual, unknown, or unrequested attachments.
2. Run a virus scan prior to opening all email attachments.
3. Consider using separate computer systems to conduct financial transactions.
4. Make sure employees know how to report suspicious activity. If an employee detects suspicious activity, remove all computer systems that may compromise the network and disconnect Ethernet cables or other network connections.
5. Make sure your organization has a back-up or contingency plan to recover compromised systems.

Anyone who believes they are a target of attacks originating from job postings should report to the IC3's website at www.IC3.gov.

Information from the FBI and Chubb.