MOUNTAIN VIEW, Calif. (1/17/13)--Member service representatives trying to be helpful to credit union members may fall for a scam that requires taking over a member's online account and tricking the rep via a chat session into helping out with the scam.
Mountain View, Calif.-based Guardian Analytics, an online security vendor that specializes in detecting anomalies, says the scam targets both small and large financial institutions and has migrated to call centers, using older tactics in new ways (cuinfosecurity.com
FraudBlogger Jan. 15).
The scams involve four steps. Cybercriminals:
- Log onto an account using login and password credentials stolen through a Trojan attack or another socially engineered scam;
- Test the account by checking balances and initiating internal funds transfers, but do not initiate an external transaction;
- Initiate a live chat session with the member service representative; and
- Ask the representative for help in scheduling a wire transfer.
The member service rep, believing the chat session is with the accountholder because the session takes place through an already online authenticated process, helps complete the wire transfer.
Guardian also found that many compromised accountholders are also victims of work-at-home scams that involve one-time deposits to online accounts. Later the cybercrooks remove funds from the accounts. It is not clear whether the credentials are provided voluntarily or stolen.
The company advises financial institutions to:
- Educate members and staff. When the credit union discovers suspicious activity, communicate with other departments, including the frontline call center and member service staff so they know an account is flagged for suspicious activity.
- Look for anomalies in behavior. Most transactions were less than $8,000, not enough to raise suspicion, but the way the wires were scheduled was atypical behavior.
- Review the process for accepting wire requests. Set transaction limits and add more authentication methods.