Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

CU System
Social engineering scam fooling service reps
MOUNTAIN VIEW, Calif. (1/17/13)--Member service representatives trying to be helpful to credit union members may fall for a scam that requires taking over a member's online account and tricking the rep via a chat session into helping out with the scam.

Mountain View, Calif.-based Guardian Analytics, an online security vendor that specializes in detecting anomalies, says the scam targets both small and large financial institutions and has migrated to call centers, using older tactics in new ways  (cuinfosecurity.com FraudBlogger Jan. 15).

The scams involve four steps. Cybercriminals:

  • Log onto an account using login and password credentials stolen through a Trojan  attack or another socially engineered scam;
  • Test the account by checking balances and initiating internal funds transfers, but do not initiate an external transaction;
  • Initiate a live chat session with the member service representative; and
  • Ask the representative for help in scheduling a wire transfer.
The member service rep, believing the chat session is with the accountholder because the session takes place through an already online authenticated process, helps complete the wire transfer.

Guardian also found that many compromised accountholders are also victims of work-at-home scams that involve one-time deposits to online accounts. Later the cybercrooks remove funds from the accounts. It is not clear whether the credentials are provided voluntarily or stolen.

The company advises financial institutions to:

  • Educate members and staff. When the credit union discovers suspicious activity, communicate with other departments, including the frontline call center and member service staff so they know an account is flagged for suspicious activity.
  • Look for anomalies in behavior.  Most transactions were less than $8,000, not enough to raise suspicion, but the way the wires were scheduled was atypical behavior.
  • Review the process for accepting wire requests. Set transaction limits and add more authentication methods.
RSS





print
News Now LiveWire
#creditunions celebrate #EarthDay2015 by being green aware with e-statements, hosting shred events, planting trees
4 hours ago
From @WSJ: 33% of companies say it took them more than 1 yr to discover a data breach. http://t.co/a0MxV68X6t http://t.co/lkglx6WvKs
8 hours ago
.@CAMCouncil taps into @MICreditUnions' career, tech training resources http://t.co/sotnfCUgIo
9 hours ago
#Inflation ticks up in March, still relatively flat #NewsNow #Market http://t.co/PyAvwdkJ4M
10 hours ago
#NewsNow Ill. league groups elect board, exec officers http://t.co/KAG8MtbGsv
10 hours ago