Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 8th, 2010

Over 3 Million Dollars Stolen From School’s Bank Account, 500,000 Still Missing

Cybercrooks managed to transfer over three million dollars out of the bank accounts of the Duanesburg Central School District over the course of three days in December. The bank managed to recover $2,5 million of the stolen funds, but $500,000 are still missing.

Duanesburg is a town in Schenectady County, New York, with a population of under 6,000. The Duanesburg Central School District serves around 1,000 students and has an annual budget of under $15 million.

District officials learned of the fraudulent transfers when a NBT Bank employee called them on Dec. 22 to confirm several pending overseas transfers totaling $759,000. After stopping the unauthorized transactions, the bank also notified the district that an additional $1,190,400 was transferred out of its accounts on the previous day and another $1,862,400 on December 18.

The district contacted the FBI and the New York State Police, who immediately opened an investigation into the incident. Meanwhile, the bank got in touch with overseas financial institutions and was able to recover $2.5 million of the illegally transferred money.

“Thanks to NBT Bank’s aggressive pursuit of the stolen funds, we are fortunate that the vast majority of the money has been recovered. However, $497,200 of Duanesburg taxpayers’ money is still missing, and we are committed to doing everything in our power to recover the remaining funds,” the district officials wrote in a letter to parents and community members.

The circumstances that led to the compromise of the bank account are yet to be determined, but chances are that it started with a malware infection, like in many similar cases reported last year. However, there are certain aspects of this incident that suggest the fraudsters are not very skilled in such hits.

For starters, the money was transferred in high amounts. In previous cases, the attackers kept transfers under $10,000 to avoid automated systems flagging them. Furthermore, the money was transferred directly to overseas accounts, which made it possible for the bank to recall it. Skilled fraudsters transfer the stolen money to the accounts of local individuals known as “money mules,” who then withdraw and wire it outside of the country. Wire transfers cannot be reversed.

As a precaution, the district closed all of its accounts and opened new ones with restrictions for online access. It is not clear what these restrictions are, but the FBI and the American Bankers Association recently recommended that online banking be made from dedicated computers.

Credit: Softpedia News

Share this item with others:

More on CyberInsecure:
  • HSBC Banking Group Lost 370,000 Customers Details
  • Trojan Plunders $480k From Cumberland County Redevelopment Authority Online Bank Account
  • Hackers In Taiwan Compromised 50 Million Personal, Government And Firms Records
  • Bank Of NY Mellon Corporation Loses Clients Details Backup Tapes
  • Massive ID Fraud And Cheque Scam In NYC, Corporations, Institutions, Hospitals, Schools Affected

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Over 3 Million Dollars Stolen From School’s Bank Account, 500,000 Still Missing

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.