An email address that’s used for online banking and business purposes can be highly valuable for cybercriminals. A recent incident that occurred in Dubai demonstrates that access to a Gmail account is all a crook needs to empty his victim’s bank account.
According to Emirates 24/7, an Indian expatriate from Dubai found that $15,000 (€11,500) were missing from his bank account. When he called his bank to clarify the matter, the financial institution informed him that he had personally authorized the transfer.
It turned out that the money was transferred to a Westpac bank account in New Zealand to one Garry Albert Frazer, possibly an unsuspecting money mule.
The attacker broke into the victim’s Gmail, which he was using to communicate with the bank, and requested money to be transferred. All the information the cybercrook needed to make the request was found in the email account.
When the bank requested a written document to authorize the transaction, the attacker forged the victim’s signature after finding a scanned copy of his passport.