The FBI is warning small and midsize businesses that spear phishing is becoming an ever increasing threat. Over $85 million has been stolen by cybercriminals and only around $45 million has been recovered. The scam starts with a spam campaign that delivers malware. The messages are targeted to individuals responsible for handling financial transactions within a company. Those that fall for the spam find their computers infected with malware that is designed to steal personal info and banking credentials. From there the fraudulent withdrawals begin, all under $10,000 to avoid reporting requirements. The stolen money is then sent to a money mule who is instructed to wire it to the criminals via Western Union.

This scam has two sets of victims, the companies that are being stolen from and the innocent people being used to do the dirty work. Most are recruited via phony “Work from Home” ads. Scammers prey on the unemployed and underemployed, often flooding sites like Craigslist and Monster with fake job openings and also scanning the site for job seekers who have posted contact info and spamming them. What makes this part of the spear phishing scam so sinister is that the mules aren’t just being scammed, they are money laundering, which is a serious criminal offense.

The FBI advises companies to confine their banking activities to a dedicated, locked down computer that is not used for any other purpose and isn’t allowed access email or everyday web browsing. A strong and constantly updated firewall is also a must.