BATON ROUGE, La. (3/8/11)--Computer hackers from the Ukraine made unauthorized transfers totaling nearly $527,000 from LES FCU, Baton Rouge, La., in September 2009 through the credit union's commercial account with Capital One, according to a lawsuit filed in U.S. District Court Thursday.
The hackers transferred the money by slipping an e-mail attachment with malware past a credit union accountant, according to the complaint filed against Capital One by the credit union's insurer, Fidelity & Deposit Co. of Maryland. The insurer reimbursed LES FCU for $321,873.
More than $200,000 of the siphoned funds were recovered before they could be claimed by the criminals at wire transfer locations worldwide, the court documents said.
Capital One is alleged to have permitted the unauthorized transactions after an LES FCU accountant received an e-mail purporting to be from the Internal Revenue Service (IRS) around Sept 14, 2009, according to the complaint.
The e-mail was from "a den of thieves," who directed the accountant to "an official-looking" website, said the complaint filed Thursday. At that website, a "key logger program" was secretly downloaded to the accountant's computer. The program allowed the thieves to obtain the credit union's Capital One user IDs and passwords.
On Sept. 16, the accountant accessed the credit union's Capital One account and noticed that nine unauthorized transfers had been made Sept. 15. Capital One mailed notifications to the credit union regarding the nine wire transfers processed, but did not attempt to contact the credit union directly. At 9:15 a.m. Sept. 16, LES FCU contacted Capital and reported the unauthorized transfers