GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

ISOs no longer need bank sponsorship in Europe: Are you ready to go?

Caroline Hometh
RocketPay LLC


Industry Update

Fitzsimmons leaves First Data for Cynergy Data

FBI warns banks of new cyber threat

InspirePay's new way to pay

Fiserv sues FIS over alleged patent infringement

Trade Association News


An interview with Kevin Smith

Ken Musante
Eureka Payments LLC

The business of being social

Research Rundown

Meet The Expert: Alan Kleinman

Selling Prepaid

Prepaid in brief

Gift cards reinvigorate ATM channel

The slam dunk of stadium cards

David Parker
Polymath Consulting


Prepaid opportunities ahead

Patti Murphy
ProScribes Inc.


Street SmartsSM:
Hard lessons and easy pickings

Bill Pirtle
C3ET Credit Card Consortia for Education & Training Inc.

You're never too small for an HR department

Alan Kleinman
Meritus Payment Solutions

Durbin - the aftermath

Adam Moss and Jeffrey Shavitz
Charge Card Systems Inc.

Skimming through the holiday season

Nicholas Cucci
Network Merchants Inc.

Riding the POS life-cycle wave

Dale S. Laszig
Castles Technology Co. Ltd.

Company Profile

Alpha Card Services Inc.

New Products

Next-gen reader expands mobile

ROAMpay G3X Swipe
ROAM Data Inc.

An open SDK for mobile payments

Pay Anywhere SDK
North American Bancard


Belief makes dollars and sense


10 Years ago in
The Green Sheet


Resource Guide


A Bigger Thing

The Green Sheet Online Edition

January 23, 2012  •  Issue 12:01:02

previous next

FBI warns banks of new cyber threat

A new year brought a new Internet security threat with it, according to recent FBI warnings. The new threat is a phishing scheme dubbed "Gameover" that attempts to get people, often in financial institutions, to open fake emails purportedly from NACHA - the Electronic Payments Association. Once the emails are opened and a link in the message is activated, malicious software embedded in the website attached to the link infects the recipient's computer and gives criminals access to the recipient's bank accounts.

The virus

The FBI said Gameover is a virulent improvement on the more familiar Zeus malware that was created several years ago and targeted at banks. The Gameover phony emails tell the recipient, often a banking executive identified through social networking channels such as LinkedIn, that NACHA has found a problem with a bank account or an automated clearing house (ACH) transaction. The message contains a link that supposedly leads to a solution for the problem; the link instead leads to a bogus website where the Gameover malware is downloaded and begins accessing banking information from the computer it has infected.

It may seem natural to some banking officials to open electronic mail purportedly from NACHA because the association is in charge of developing, administering and governing the important ACH network.

When thieves gain entry to a financial institution, they typically launch a distributed denial of service (DDoS) attack though which a legion of computers suddenly flood the bank's server with traffic that prevents legitimate users from accessing the site. Under the cloak of the DDoS attack, the criminals begin transferring money from accounts.

The FBI believes the DDoS draws attention from the money transfers and makes it impossible to reverse the transactions. Worse, the agency believes the malware has the ability to defeat several kinds of dual-factor authentication.

The scam

The FBI said in some instances the thieves are transferring the funds to jewelry stores to pay for gems, which their agents pick up and deliver back to them for conversion to cash. Often the agents who pick up the jewels, called "money mules" by law enforcement, are not aware of the criminal activity they are participating in, the FBI said. They are frequently people who work out of their homes who applied for a seemingly legitimate job through the Internet. Other victims include the merchant jewelers who, when schemes are discovered and the transactions with the jewelers are reversed or canceled, are forced to absorb the loss of the jewels, the FBI noted.

NACHA response

In a statement issued late in 2011, NACHA said it is requesting "financial institutions, billers/merchants, and payment providers ensure that their front-line staff - those who interact with customers - understand the sustained and evolving nature of these attacks."

NACHA said the phony emails often claim to be from actual NACHA employees or departments and often include a counterfeit NACHA logo along with NACHA's mailing address and phone number. "NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions," the association stated. "NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive."

NACHA stated it is not the only organization criminals are using as a phony front for their thefts. The association said similar phishing attacks are occurring using bogus emails supposedly sent by the Federal Reserve Bank, the Internal Revenue Service, other federal agencies, commercial financial institutions, payment organizations, technology companies and other businesses.

NACHA urged people who suspect they have received an improper email purporting to be from NACHA to forward the message to to help in the capture and prosecution of the thieves.


Kevin McAleavey, a researcher and developer of the KNOS secure operating system, noted in a recent blog, "Like so many other dangerous exploits and malware, once again the target is Windows-based systems that are used for Internet access as well as business use, but Gameover goes far beyond the level of mayhem commonly found in ordinary day-to-day infections and poses a particular risk to smaller operations without their own security 'geeks' at the ready. Now that the criminals have honed their skills, they're turning to the weakest link in businesses in order to rack up their cash flows."

McAleavey and other security experts recommend using dedicated computers never used for navigating on the Internet for financial transactions, so when criminals do gain access to company computers there is no financial information to steal.

The FBI advises those who think they have been victimized by the Gameover scheme to file a complaint with the FBI's Internet Crime Complaint Center.

For additional news stories, please visit and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios