The American Banking Association is asking all banks to be on the alert for "money-mule" attacks -- funds-transfer fraud that most recently has involved exploiting the valid online banking credentials of small and medium-sized businesses. In a typical scenario, the targeted business receives a "spear phishing" e-mail which either contains an infected attachment or directs the victim to an infected Web site.

When victims open the attachment or visit the Web site, malware is installed on their computer that harvests their business or corporate bank account log-in information. The victims in this scheme are called "money mules" because they simply serve as a link between the business bank account and the hacker's bank account. In most cases, the funds disappear into a foreign bank account too quickly for the cyber-theft trail to be detected.

The Financial Services Information Sharing and Analysis Center are advising banks to be alert for large-value payments to previously unknown customers, international payments just under monetary reporting thresholds, new, previously unfunded accounts with high-value, high-volume transactions, previously unfunded accounts with large-value incoming funds that are cashed out as soon as funds are cleared and domestic online bank-account transactions in which the account is accessed from overseas and transactions involve large-value funds.

*Thank you to the American Banking Association for the alert