Then the landlord rang again: “Hey mate, your rent wasn’t paid,” Ballesty recalls his landlord saying, knowing he made the online transfer himself.
“So I thought, I’ll send it again, just in case, then sort it out with the bank.”
Once more, a payment was made and a receipt issued, but the money didn’t arrive.
The Commonwealth Bank traced the transfers and advised both had been hijacked and, invisibly to Ballesty, deposited into a third party’s account with another bank. A computer at Ballesty’s business – All Mounting and Diecutting Services, on Sydney’s northern beaches – was infected, the bank explained.
A banking trojan – malicious software – had been installed on it without his knowledge. Ballesty was just one of thousands of people across Australia and the world to have their business bank account fleeced by cyber criminals.
Such malware is often distributed via infected email or instant message links sent via spam, attachments, pirated software or visits to infected websites.
“It got out of control, they were intercepting it while I was doing stuff [online],” Ballesty says.
Along with the rent, other smaller amounts were taken: a total of $18,000 stolen in less than a week.
Australian banks have been quietly working to deal with the problem, in particular a trojan called Carperb, which has infected about 150,000 PCs in Australia. Once installed, it presents a fake transaction page and allows the attacker to view the victim’s browser in real-time.
Source: WAToday.com.au | by: Lia Timson