ACH Fraud , Fraud Management & Cybercrime

ACH Fraud Hits Texas County

Tax Assessor's Office Loses $200,000 to Scheme
ACH Fraud Hits Texas County
A Texas tax assessor's office has lost $200,000 in an ACH fraud corporate account takeover scheme.

The attack on the Gregg County, Texas, tax assessor's office began on Nov. 23, and authorities from the U.S. Secret Service, the Texas Department of Public Safety and the Gregg County District Attorney's office are investigating the crime. A workstation in the tax office was infected with Zeus, a trojan designed to steal online banking credentials. The malware was activated when an employee in the target agency clicked on a link in an email or on a website.

The county's tax assessor and collector Kirk Shields says a Gregg County employee who mistakenly unleashed the program was suspended for violating county cybersecurity policy. Shields also says his tax office has gone back to the old-fashioned paper deposits to avoid future cyber theft. In fact, a countywide halt has been placed on all ACH fund transfers for any county office.

"As long as I'm tax collector, we will never go back to sending out money electronically again," Shields says.

Russian Attack

The international attack is believed to have originated in Moscow, and the cyber thieves hijacked local tax payments from an ACH transfer totaling $690,000, of which all but $200,000 has been retrieved. Shields says authorities are investigating whether other Texas counties could also be victims. This cyber crime is the first of its kind Shields has experienced in his 14 years as tax collector.

The Gregg County, Texas, tax assessor's office collects taxes for 13 entities in the county, including five school districts, six towns, a local college and the emergency services provider for the county.

Discovering and stopping the transactions began on the Friday after Thanksgiving, when Shields learned of the infiltration. He says that's when all the activity started from the county's end and with the banks. Investigators traced the malware to an associated website located in Moscow. Because of the ongoing investigations, Shields wasn't able to give further details, including which of the seven taxing entities were victims.

The theft occurred when the payments were being moved from Shields' office to Texas Bank and Trust for distribution. The crime was discovered in progress, when a bank in Tennessee that was receiving funds contacted Texas Bank and Trust, Gregg County's bank of record. Between the arrival of the ACH transaction file at the bank and the time it was processed, Shields says the Russian cyber criminals began changing the routing and account numbers for certain entries within the ACH file.

The Year of ACH Fraud

The looting of the tax assessor's account is just one of many recent corporate account takeovers made in the U.S. by foreign hackers aimed at looting bank accounts via ACH and wire fraud. How it typically happens: An individual at the business receives an email that is loaded with an executable file containing malware. The unsuspecting employee opens the email, infecting the computer with malware -- most often of the Zeus trojan variety that is designed to steal online banking credentials.

Law enforcement agencies are actively investigating these cases, and members of one criminal gang were arrested recently both here in the U.S. and in Europe.

Some of the most prominent cases:

Legislation Pending

Earlier this fall, Senator Charles Schumer, (D-NY) produced a Senate bill to be discussed in the new year. Schumer's proposed amendment to Regulation E would give municipalities and school districts the same level of protection as consumers.

Schumer introduced S. 3898, on Sept. 29, and extends the Electronic Fund Transfer Act's Reg. E protections. Under the bill, the Board of Governors of the Federal Reserve System would define which entities fall into the categories of "municipality" and "school district."

Schumer's proposed legislation would cover a municipal office such as the Gregg County tax assessor, but does not extend protection to commercial businesses.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.