FBI warns of phishing funds flowing to China

The FBI is warning that small and medium businesses (SMBs) are being targeted by phishers, who have directed over $20m in banking funds into Chinese accounts.

The FBI's Internet Crime Complaint Center has issued the alert (PDF) after tracking a series of fraudulent transfers to the Heilongjiang province in China, near the border with Russia.

The attackers use Zeus, Spybot or other malware to introduce code onto the victims' machines and harvest banking information.

Once inside a target PC, the attackers arrange wire transfers to seemingly legitimate Chinese business accounts, typically held by the Agricultural Bank of China, the Industrial and Commercial Bank of China, and the Bank of China.

Attempts to send over $20m to the province have netted around $11m in actual losses so far.

"The unauthorised wire transfers range from $50,000 to $985,000. In most cases, they tend to be above $900,000, but the malicious actors have been more successful in receiving the funds when the unauthorised wire transfers were under $500,000," said the FBI.

"When the transfers went through successfully, the money was immediately withdrawn from or transferred out of the recipients' accounts."

It is not known who is behind the attacks, or even if the money stolen stays in China. The attacks are, however, highly organised; orders to money mules in the US are typically issued within minutes of funds arriving in the accounts.

Companies, and the banks handling their accounts, are warned to be on their guard against any transfer of funds to the Chinese cities of Raohe, Fuyuan, Jixi City, Xunke, Tongjiang and Dongning.