"High Roller" op turns to Europe's SEPA system

Share this article:

Fraudsters who launched a campaign to target high-value bank accounts have begun exploiting the Single Euro Payments Area (SEPA) system to con victims.

Similar to the United States' Automated Clearing House (ACH) electronic payment system, which perpetrators of “Operating High Roller” also abused earlier this year to commit fraud, SEPA streamlines fund transfer processes among European banks.

Researchers at McAfee published findings on the fraud ring in June, and found that attackers were using Zeus and SpyEye to intercept wire transactions throughout European banks in late 2011. High-net worth business and personal accounts in the United States and the Netherlands were eventually targeted as well, according to an October report.

The latest analysis shows that attackers have tried to carry out fraudulent SEPA transactions at two banks in Germany, Ryan Sherstobitoff, threat researcher at McAfee, told SCMagazine.com Tuesday. 

“The goal of SEPA is to simplify transborder transactions, so it makes sense for them to target it since they can [get] larger transfers without the typical complexities of intercepting a wire transfer,” Sherstobitoff said.

Attackers have coded the malware so that when users login to targeted banking sites, they see a “please wait” message, which leads them to believe their settings are being updated. While victims wait to access the banking site, a remote server logs in to their account and initiates a SEPA transaction.

“The next time the victim logs in, [the web inject] alters the balance to avoid showing them that money has been deducted from the account,” Sherstobitoff said.

Fraudsters attempted to transfer €61,000, or around $78,000, to mule accounts through fraudulent SEPA requests, according to log files McAfee retrieved from one targeted bank.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Phishing campaign passes off Pony Stealer trojan as 'overdue invoice'

The malware has previously been used to steal $220,000 worth of bitcoins from victims.

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.