Several firms in the United States lost more than US $11 million in online scams where banking credentials were stolen and used in fraudulent wire transfers to companies in China.

According to the FBI, the criminals managed to compromise the computers of people who could initiate funds transfers using phishing e-mails designed to trick the recipients into revealing online banking credentials or into visiting a Web site hosting malware that steals the information from the computer.

Over the past year, there were 20 such incidents affecting companies and public institutions in the U.S. that tend to have accounts at local community banks and credit unions, some of which even use third-party service providers for online banking services.

The stolen money, according to the agency, is transferred to a bank account owned by one of a number of “economic and trade companies” located in China and immediately withdrawn or transferred again.

“It is unknown who is behind these unauthorized transfers, if the Chinese accounts were the final transfer destination, or if the funds were transferred elsewhere, or why the legitimate companies received the unauthorized funds,” the FBI alert says.

In addition to the unauthorized wire transfers to China, criminals also were found to be sending domestic Automated Clearing House and wire transfers to money mules in the U.S. within minutes of the overseas transfers. It is unclear, however, where that money ends up.