Your Customer: The New Insider Threat

The bad guys could be recruiting your customers, too

1:35 PM -- Everyone's paranoid about the insider threat -- the disgruntled employee or the sneaky, malicious contractor leaking out, or walking off with, your sensitive or valuable data. The last person you're probably worried about turning on you is your customer.

But that's just what happened to ABN AMRO, which is reeling this week after Dutch authorities arrested 14 of its customers who allegedly gave cybercriminals access to their accounts so that the bad guys could move and hide money they stole in phishing scams against other ABN AMRO bank customers. (See Alleged Phishing 'Mules' Arrested.)

The 12 men and two women who were busted were basically "mules" for Russian and Ukrainian criminals, and they transferred the stolen money to Russia and elsewhere overseas. They also apparently got a healthy cut of the funds. The illegal income came from the cybercriminals duping other customers into visiting fake ABN AMRO Websites that stole their account security information.

Of course not all organizations have an accomplice as appealing to cybercriminals as the banking customer, with an account that can be "bought" for money-laundering. But the ABN AMRO case demonstrates just how wide a net the organized electronic underworld can cast, and how banks need to watch out not only for their customers being victimized by identity theft -- but also for their helping perpetrate it.

— Kelly Jackson Higgins, Senior Editor, Dark Reading