Many companies falling prey to hackers who have turned thieves

Excerpt:

" On a regular business day in June, boxes of what appeared to be anti­virus software were delivered to two branches of a remittance agency in Kuala Lumpur and Muar.

On the box was a note, purportedly from the chief executive officer, telling the supervisors the company was undergoing a security upgrade and asking them to install the disks in every computer in their office.

The branches should have checked if the note and boxes really came from headquarters. They did not. They came from hackers.

And in one weekend, the hackers moved as much as RM6mil from their branches to remitters in Paraguay, China and some parts of Europe.

The branches had installed backdoor access for hackers to gain entry into every aspect of their network. For a month, these hackers studied the offices’ process of clearing and moving money.

On a weekend when no one was in the office, they struck.

By the time the employees came back to work on Monday, they had discovered that their computers had moved out the money.

The money had been cleared out on the in­­ternational side before they even knew they had been hacked, said LE Global Services executive director Fong Choong Fook, whose private cybersecurity firm employs hackers to test the network security of major banks."

Rest of article in The Star: http://www.thestar.com.my/news/nation/2016/10/13/cyber-crooks-who-steal-millions-many-companies-falling-prey-to-hackers-who-have-turned-thieves/

IMHO: As one of the increasing number of people using handphones and notebooks, each of us at different levels of understanding the intricacies of information technology, I cannot help but feel helpless in the fast advancing IT. We are continuously tempted by new Apps which invariably require us to agree to provide personal details and for them to access your contacts and other information in other sites, before we are allowed to install them. Just imagine the ease those with better IT knowledge can access confidential details with which they can hack into our phones or notebooks. Phishing is a common tactic used and it has been increasing improved to fool us into thinking any request for passwords is from genuine source. For example, while going into a site, you are informed that your username or password is incorrect. How are we to know whether we have actually made a mistake or that message is phishing for them?

Link