Bank Sues Cybercrime Victim for Stolen Funds

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Krebs on Security's Brian Krebs reports that North Carolina's Park Sterling Bank (PSB) is suing customer Wallace & Pittman PLLC, a law firm, demanding that it repay a loan the bank had provided Wallace & Pittman with to cover funds stolen by hackers.

The hackers had initiated a fraudulent wire transfer for $336,000 from Wallace & Pittman's account on May 9, 2012, using the account's user name, password, PIN code and security questions. "PSB processed the wire transfer, which was sent to an intermediary bank -- JP Morgan Chase in New York City -- before being forwarded on to a bank in Moscow," Krebs writes.

According to Krebs, the law firm believes the account credentials were stolen via keylogging malware that had been delivered in a phishing e-mail posing as a message from the National Automated Clearing House Association (NACHA).

The bank provided the law firm with a credit for the stolen amount, with the understanding that the loan would have to be repaid by the end of the month. Soon after, though, the law firm filed a complaint against the bank in court, obtained a temporary restraining order keeping the bank from retrieving the money, and removed all funds from its accounts at the bank.

Park Sterling Bank is now suing Wallace & Pittman for the funds transferred plus interest.

In response, the law firm says the credit was never identified as a loan. "Wallace & Pittman said the bank didn’t start calling it a provisional credit until nearly 10 days after it credited the law firm’s account; to backstop its claim, the firm produced an online ledger transaction that purports to show that the return of $336,600.61 to the firm’s accounts was initially classified as a 'reverse previous wire entry,'" Krebs writes.

Additionally, Wallace & Pittman claims PSB's security measures were insufficient, stating, "The bank was aware or should have questioned the legitimacy of an international wire transfer [and] was aware or should have been aware of various schemes involving fraudulent funds transfers, particularly those involving parties located in Russia."

For small businesses with online account access, Krebs offers a list of best practices to avoid a mishap like this here.