Hacked Victims Unwittingly Call Their Assailants and Help Rob Themselves

The scheme, dubbed Dyre Wolf, has cost organizations more than $1 million, according to IBM's Security Intelligence, which discovered the attack.

The perpetrators begin the trickery with targeted spear phishing emails. Then comes malware “and good ol' chatting-on-the-phone social engineering to go after organizations that use wire transfers,” reports Engadget.

An unsuspecting employee opens an infected email attachment. The malicious code inside contacts the attacker's server and then downloads and installs the Dyre malware. Dyre hijacks the user's address book and mails itself throughout the employee’s organization.

“Then things get real fun. When a victim with an infected computer attempts to log in to a banking site monitored by the malware, it throws up a new screen that says that the site is experiencing issues and presents a phone number for that person to call to make their transaction,” according to Engadget.

With all credentials in hand, the cybercriminals run a wire transfer through a series of international banks to evade authorities.

The unique deceit here is the complete circumvention of digital ID verification. The attackers do not break through security doors. They get the keys directly through the victim.