A new risk alert from CUNA Mutual Group states that credit union professionals can be the first line of defense against holiday shipping and package schemes affecting their members.
The combination of increased online shopping, desperation to get deals and tracking purchases create a ripe environment for cybercriminals, the alert states. Scammers craft “very convincing” phishing attacks via email or text messages alerting consumers to order updates, shipping delays and other mishaps. These package delivery attacks can be used to steal personal and financial information and deliver malicious payloads including ransomware.
The alert states that credit unions should consider the following risk mitigation tips in an effort to thwart shipping and package schemes affecting their members:
- remind members not to open suspicious emails, not to click on links or open attachments contained in unsolicited messages, as well as to be cautious before visiting unknown websites;
- remind members not to provide personal or account information when asked;
- remind members to be suspicious of “urgent” or “immediate” responses needed or “unauthorized login attempts” of their accounts;
- be sure there is a system in place to report suspicious messages and that all employees are aware of that process;
- activate two-factor/multi-factor authentication on all systems, including managed service provider software platforms, administrator systems, and end-user systems wherever possible;
- consider prohibiting employees from accessing personal email from all credit union-issued devices and networks;
- back up data regularly and verify the integrity — ensure backups are not connected to the computer or networks that are being backed up (for example, securing backups in the cloud or physically storing offline);
- apply the principles of least privilege and network segmentation — users should be given only the privileges necessary to completes tasks related to their role in the credit union;
- review and understand who is part of the credit union’s incident response team; and in the event of a successful attack, these individuals will be responsible for coordinating the credit union’s response; and
- take action to help protect your members’ personal and financial information by helping them safeguard their transactions by sharing mitigation tips and warning signs of what to look for.
CUNA Mutual Group’s risk alerts, in additional to additional risk-prevention resources, may be accessed on their Protection Resource Center. Log-in is required.