The St. Louis, Missouri-based firm first learned that things weren't quite right on Wednesday, May 30, 2012, when the company's payroll manager logged into her account at the local bank and discovered that an oversized payroll batch for approximately $180,000 had been sent through late Tuesday evening.
The money had been pushed out of Primary Systems' bank accounts in amounts between $5,000 and $9,000 to 26 individuals throughout the United States who had no prior interaction with the firm, and who had been added to the firm's payroll that very same day. The 26 were "money mules," willing or unwitting participants who are hired through work-at-home job schemes to help cyber thieves move money abroad. Most of the mules hired in this attack were instructed to send the company's funds to recipients in Ukraine.
"The payroll manager contacted me at 8:00 a.m. that day to ask if I'd authorized the payroll batch, and I said no, it must have been a bank error," saidJim Faber, Primary Systems' chief financial officer. "I called the bank and said they said no, they did not make an error. That was a helluva wake-up call."[...]