Small-to-medium sized businesses and public institutions are being targeted by fraudsters that compromise corporate banking credentials and transfer corporate funds to Chinese economic and trade companies located near the Russian border, warns the FBI.


In a fraud alert issued by the Bureau and compiled with the help of FS-ISAC and IC3, the feds explain that twenty such incidents have been identified since March 2010, and that the total attempted fraud amounts to approximately $20 million, but that the actual victim losses are $11 million.

The attachers typically acquire corporate banking credentials via phishing or by tricking an employee into installing information stealing malware such as the ZeuS and Spybot Trojans or a backdoor that allows them to access the computer remotely.

"When the authorized user attempts to log in to the user’s bank Web site, the user is typically redirected to another Web page stating the bank Web site is under maintenance or is unable to access the accounts," says in the fraud alert. "While the user is experiencing logon issues, malicious actors initiate the unauthorized transfers to commercial accounts held at intermediary banks typically located in New York. Account funds are then transferred to the Chinese economic and trade company bank account."

These Chinese companies are all located in the Heilongjiang province in the People’s Republic of China - near the Republic's border with Russia - in port cities such as Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning.

The names of these companies usually include in their name the name of the port city in which they are registered, and often also use words such as “economic and trade,” “trade,” and “LTD.” They appear to be legitimate businesses, and have bank accounts with the Agricultural Bank of China, the Industrial and Commercial Bank of China, and the Bank of China.

"The unauthorized wire transfers range from $50,000 to $985,000. In most cases, they tend to be above $900,000, but the malicious actors have been more successful in receiving the funds when the unauthorized wire transfers were under $500,000," explains the FBI. "In addition to the large wire transfers, the malicious actors also sent domestic ACH and wire transfers to money mules in the United States within minutes of conducting the overseas transfers. The domestic wire transfers range from $200 to $200,000."

Whether these bank accounts are the final destination of the wired money is unknown. The FBI urges financial institutions to keep a close eye on money transfers to companies located in those Chinese cities - especially when their clients have had no prior transaction history with these companies.