‘The Dyre Wolf’ is a sophisticated fraud scheme that has netted more than $1 million from U.S companies. It is anticipated that British companies could subsequently be targeted by this fraud type.
Spam emails with attachments are sent to as many computers as possible within a targeted company. If installed, the malware – a variant of the malware known as Dyre – spreads itself into the company network where it waits until it recognises that a user is navigating to a bank website. A fake screen is then created telling the user that there are problems with the bank’s site and to call a number.
At the end of the phone line is an English speaking operator, aware of the bank that the user is attempting to contact. After obtaining the user’s bank details the operator commences a large wire transfer of money out of the business account.
So far those targeted work in large and medium sized companies, and at present the National Fraud Intelligence Bureau have yet to notice any reports of this type of fraud being reported through Action Fraud.
Prevention
- Ensuring employees are well trained in spotting phishing attacks where unsolicited emails and attachment could contain malware.
- Ensuring all company employees are aware of the scam.
- Do not give banking details to anyone.
- Only use confirmed banking phone numbers or those that have been previously used.
- Do not follow links from an unknown source.
- Do not open attachments on suspicious emails.
- Run regular virus scans on devices.
If you believe that you have been a victim of fraud you can report it online http://www.actionfraud.police.uk/report_fraud or by telephone 0300 123 2040.