Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

CU System
Social engineering scam fooling service reps
MOUNTAIN VIEW, Calif. (1/17/13)--Member service representatives trying to be helpful to credit union members may fall for a scam that requires taking over a member's online account and tricking the rep via a chat session into helping out with the scam.

Mountain View, Calif.-based Guardian Analytics, an online security vendor that specializes in detecting anomalies, says the scam targets both small and large financial institutions and has migrated to call centers, using older tactics in new ways  (cuinfosecurity.com FraudBlogger Jan. 15).

The scams involve four steps. Cybercriminals:

  • Log onto an account using login and password credentials stolen through a Trojan  attack or another socially engineered scam;
  • Test the account by checking balances and initiating internal funds transfers, but do not initiate an external transaction;
  • Initiate a live chat session with the member service representative; and
  • Ask the representative for help in scheduling a wire transfer.
The member service rep, believing the chat session is with the accountholder because the session takes place through an already online authenticated process, helps complete the wire transfer.

Guardian also found that many compromised accountholders are also victims of work-at-home scams that involve one-time deposits to online accounts. Later the cybercrooks remove funds from the accounts. It is not clear whether the credentials are provided voluntarily or stolen.

The company advises financial institutions to:

  • Educate members and staff. When the credit union discovers suspicious activity, communicate with other departments, including the frontline call center and member service staff so they know an account is flagged for suspicious activity.
  • Look for anomalies in behavior.  Most transactions were less than $8,000, not enough to raise suspicion, but the way the wires were scheduled was atypical behavior.
  • Review the process for accepting wire requests. Set transaction limits and add more authentication methods.
RSS





print
News Now LiveWire
.@LACULeague in @DailyComet: #creditunions' "old" benefits attractive to new generation http://t.co/AzOv3nB7IB
1 day ago
At @FTC request, court halts operations of an alleged debt-relief scammer calling itself “FTC Credit Solutions.” http://t.co/qMsDBmKExH
1 day ago
.@daytondailynews : The secret is out about #creditunions http://t.co/Aqu3pFTROV @DayAirCU @CODECreditUnion
1 day ago
.@CUNA's @Nussle on @SenatorReid :(2of2)On behalf of more than 102M #CU members,I thank him 4 his leadership over the yrs/wish him the best.
1 day ago
.@CUNA CEO Nussle on Sen. Reid’s decision not 2 seek re-election (1of2): Sen. Reid has a long history of #CU support throughout his career.
1 day ago