By ALICIA A. CALDWELL and PETE YOST, Associated Press Alicia A. Caldwell And Pete Yost, Associated Press – Mon Nov 22, 6:35 pm ET
WASHINGTON – Sitting at a computer somewhere overseas in January 2009, computer hackers went phishing.
Within minutes of casting their electronic bait they caught what they were looking for: A small Michigan company where an employee unwittingly clicked on an official-looking e-mail that secretly gave cyberthieves the keys to the firm's bank account.
Before company executives knew what was happening, Experi-Metal Inc., a suburban Detroit manufacturing company, was broke. Its $560,000 bank balance had been electronically scattered into bank accounts in Russia, Estonia, Scotland, Finland and around the U.S.
Operating from Eastern Europe and other overseas locations, the thieves used malicious software, known as malware, to infect the computers of unsuspecting users in the United States by e-mail, the malware-infected e-mails were written to look like they came from a company manager or colleague who might send an e-mail message to everyone in a company, such as the head of human resources.
When the e-mail recipient clicked on an embedded link to a website or opened an attachment, a Trojan horse virus called Zeus installed itself and gathered usernames, passwords and financial account numbers typed by the victims on their own computers, the hackers then used this information to move the victims' money electronically into bank accounts set up in the United States by the money mules.
The money mules set up shell bank accounts to receive the money, then they withdrew the funds from the shell accounts in amounts they thought were small enough to elude detection by banks and law enforcement. In some cases, the cyberthieves bombarded telephone numbers attached to the targeted accounts with calls to block the company from calling to verify the transactions.
The mules sent most of the stolen funds overseas electronically to accounts controlled by the ring leaders; the mules usually kept 8 to 10 percent as their cut.