... We had a client call us in a panic one day - they were missing a bunch of money from their ops account. They ended up losing about $500k, half of which they recovered in the short term and all of which they recovered long term.
The intrusion started on the owners pc here in VA. It was an unpatched Windows 7 machine - unpatched b/c he insisted that we have no access or agent on it. He signed a letter laying out the risks. Patching broke on the machine at some point. He subsequently clicked on an email that setup a man in the middle situation. This is how the attackers got into their bank account.
This is how it all went down: Over in eastern Europe, a group of hackers "hired" a bunch of people in depressed parts of the US - mostly in the desert south west.. They ran job ads for people to be "secret shoppers" - you know, the people that go into stores and return something without a receipt and then raise a bunch of hell. For these tasks, the hackers agreed to pay them $2,000/month. They did all the proper paperwork, etc.
After securing the employees, they setup EFT's in the victims main ops bank account to pay all of their "employees". They gave their employees assignments which they carried out. The employees sent their reports back to their "employer". Everything seemed on the up and up.
Come pay day the employees were all paid via EFT out of the victim's account - except they were all overpaid. The hackers sent $20,000 to each employee. Fun fact, most people are essentially honest. Almost all of them called their "employer" and told them what happened. The hackers made all the right noises about "oh wow, how did that happen? Etc, etc, etc...." The hackers then asked the employees to take the difference - $18,000 and send it back to them via Western Union - which sent the money to eastern Europe.
Fun fact about Western Union - once you send the money it's untraceable. Client was able to claw back some of the money from the "employees" bank accounts and their bank made them whole.....b/c EFT transactions were not allowed in the bank account in question. The FBI was of pretty limited use. They took the PC that was compromised and we've never seen it or really even heard from them again.
The owners PC, however, is now patched.
There are many stories like this across the US - The are several parts to prevent this type of issues.
Do Updates in each of your Company's Workstations and Servers and manually review these updates.
Make sure your Antivirus is up to date and it is Active
Make sure there is a good Firewall protection in place
Automate filtering of your email. Your email needs to be clean from Internet Scams!
Follow Standard Operating Procedures (SOPs) on how to properly use Company Resources (i.e. Internet) at all times
Most important TRAIN your STAFF to learn how to spot Internet scams.
Business vulnerabilities and risks have increase dramatically.
Let me know if you would be open to review these issues.