Sunday, July 29, 2012

Using a Mass Spam Attack to Hide a Cyberheist

Clever trick: "Cyberheist Smokescreen: Email, Phone, SMS Floods".

Here's the basic idea:
Many businesses request some kind of confirmation from their bank whenever high-dollar transfers are initiated. These confirmations may be sent via text message or email, or the business may ask their bank to call them to verify requested transfers. The attack that hit my inbox was part of an offering that crooks can hire to flood each medium of communication, thereby preventing a targeted business from ever receiving or finding alerts from their bank...
If you run a small business and one day find yourself on the receiving end of one of these email, SMS and/or phone floods, I’d advise you to find a mobile phone that isn’t being blocked and alert your financial institution to be especially vigilant for suspicious transactions.
(Via Bruce Schneier.)