Recently there has been an alarm- ing increase in insurance claim
cases where digital forensics and forensic accounting is needed to provide examination of how a money
Small- and medium-sized businesses
– and even individual bank accounts –
are being compromised daily. Losses
can range from the entire balance in
your personal account, to hundreds
of thousands of dollars for a small-to-medium business, and into the millions for large companies.
‘Spoofing’ Emails and
IT Network Compromises
Two common ways money can be
stolen from bank accounts are impersonation or “spoofing” emails, and IT
network compromise. With a little
research, a hacker can identify key
personnel at an office and then spoof
an email to a bank requesting a funds
transfer. In some cases, this is easy to
detect; in other cases it may be virtually undetectable. For example, if an
email account is compromised and is
then used to send the bank an email.
In one such case, the hacker was
using the victim’s email account to
attempt to transfer funds, and was actually carrying on a conversation with
the bank and managing the email so
the victim didn’t see the messages!
“Sniffing” Digital Traffic
A hacker can compromise an IT network
and “sniff” digital traffic for key words
like “bank”. Once they identify the
traffic to a bank site, they can
orchestrate a “man-in-the-middle” at-
tack (aka MIM); this is also known as
The bad guy will force traffic from
the target computer through their own
computer. They watch the target user
log into the bank. Once the target
computer authenticates to the bank,
the hacker waits for the target user to
log off. The hacker then cancels the
log off request and steals the session.
Now the bad guy has access to the
bank site and is authenticated as the
target user. This is not nearly as hard
as it sounds.
In a recent MIM case, the hacker
called the target and asked her to try
connecting to the bank site to “make
sure she could log in”. It was the end
of the day, but this person did so, and
then logged out. When she came
in the next morning, $150,000 was
transferred from her bank to multiple
parties. The bank was able to get
about half of the money back; the
company filed an insurance claim for
the other half.
How You Can Prevent
Banks typically have preventative
measures that you can use. First, use
‘two factor authentication’ if possible.
In the above case, the bank was small;
they now call the company and verify
a transfer first. This could also be ac-
knowledged via text message from
the bank with an authentication code
to validate the transaction. So, ‘two
factor authentication’ requires a sec-
ond step that a hacker will not likely
Another preventative measure a
bank may have is ‘proactive informational account messaging’. The bank
can send you texts or emails when
your account is accessed, when a login
attempt fails, or when a transaction is
performed. These act as a warning of
Key Digital Security Steps:
Mobile Banking Best Practice
n Never do banking on an open WiFi
connection, even your own.
n Never do banking on a shared net-
work, like a plane, coffee shop or
hotel, even if they have a password.
(They are still not secure).
n Assume any network that is not
yours is not secure.
n For your own network, make sure
that you have a strong WiFi pass-
word. Don’t share it. Use a strong
encryption protocol and always
change default router passwords.
Do banking from your own network,
or, if you have to bank when mobile,
use your phone hot spot. Most phones
will actually show you which devices
are connected to your phone, so you
can ensure no one else is on your WiFi.
Hackers and fraudsters know how to get the money in your bank
account. They are targeting individual accounts and businesses
of all sizes.
Do you know who does your banking?
KARL EPPS, ENCE, CEH, CCFE, CHFI, CCPA
EPPS FORENSIC CONSULTING
Karl Epps is an EnCase Certified Examiner (EnCE); Certified Ethical
Hacker (CEH); Certified Computer Forensic Examiner (CCFE);
Certified Hacking Forensic Investigator (CHFI) and a Cellebrite Certified
Physical Analyst (CCPA).
Electronic Money Theft:
How it Happens and How to Protect
Yourself, Your Firm and Your Clients
13880 N. Northsight Blvd., Suite 115, Scottsdale, AZ 85260