Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

CU System
Social engineering scam fooling service reps
MOUNTAIN VIEW, Calif. (1/17/13)--Member service representatives trying to be helpful to credit union members may fall for a scam that requires taking over a member's online account and tricking the rep via a chat session into helping out with the scam.

Mountain View, Calif.-based Guardian Analytics, an online security vendor that specializes in detecting anomalies, says the scam targets both small and large financial institutions and has migrated to call centers, using older tactics in new ways  (cuinfosecurity.com FraudBlogger Jan. 15).

The scams involve four steps. Cybercriminals:

  • Log onto an account using login and password credentials stolen through a Trojan  attack or another socially engineered scam;
  • Test the account by checking balances and initiating internal funds transfers, but do not initiate an external transaction;
  • Initiate a live chat session with the member service representative; and
  • Ask the representative for help in scheduling a wire transfer.
The member service rep, believing the chat session is with the accountholder because the session takes place through an already online authenticated process, helps complete the wire transfer.

Guardian also found that many compromised accountholders are also victims of work-at-home scams that involve one-time deposits to online accounts. Later the cybercrooks remove funds from the accounts. It is not clear whether the credentials are provided voluntarily or stolen.

The company advises financial institutions to:

  • Educate members and staff. When the credit union discovers suspicious activity, communicate with other departments, including the frontline call center and member service staff so they know an account is flagged for suspicious activity.
  • Look for anomalies in behavior.  Most transactions were less than $8,000, not enough to raise suspicion, but the way the wires were scheduled was atypical behavior.
  • Review the process for accepting wire requests. Set transaction limits and add more authentication methods.
RSS





print
News Now LiveWire
Maine credit unions put Food Mobile on the road to relieving hunger in rural areas http://t.co/R0xpt6BAZE
10 hours ago
.@TheNCUA's Matz: PALS should be exempt from Military Lending Act proposal #NewsNow http://t.co/Vy9uNhOIEr
10 hours ago
#NewsNow Iowa loan growth 3 times national bank rate http://t.co/fUvudPLg5d
13 hours ago
.@ICBA tallies its Home Depot data breach costs: $90M, 7.5M cards http://t.co/iJgRDC2AKZ
14 hours ago
.@icul's Jury elected treasurer of @WOCCU exec committee http://t.co/HEF1UChN8f
15 hours ago