CUNA Mutual Group is warning credit unions that the cyberthreat landscape became “significantly more active across the board” in 2021. Plus, more targeted attacks against credit union staff within mortgage departments have occurred, with bad actors spoofing internal staff emails within the credit union’s mortgage department and requesting wire transfers to pay other financial institutions.
In a risk alert, CUNA Mutual said that 77% of organizations faced business email compromise, or BEC, attacks in 2021. BEC often includes payroll redirect, supplier invoicing fraud and fraudulent wire instructions connected with a credit union mortgage or lending department.
The most common type of BEC attack is spoofed email account (71%) followed by spear phishing at 69%, according to the risk alert. The scams often focus the request as “urgent” or “pay immediately” in hopes that the employee does not take time to scrutinize the request.
In addition to the urgency of the message, some red flags include:
- request to keep transaction confidential;
- communication only through email and refusal to use other communication channels;
- request of change in direct deposit information or for payments to be made to a different account;
- requests that typically come from a high-level executive or authority within your organization; and
- requests that often coincide with requestor being out-of-the-office as the fraudster has accessed calendars.
The risk alert states that credit unions should consider the following risk-mitigation tips:
- train staff on BEC and fraudulent instruction scams, including how to protect their email and credentials;
- avoid sharing credit union organizational structure and emails on public websites;
- establish procedures to call the title company/closing agent using a reliable phone number to verify the legitimacy of wire transfer instructions;
- require staff to follow established procedures for handling internal wire transfer requests;
- confirm the legitimacy of the request by verifying with the C-suite executive;
- authenticate requests using a different communication (out-of-band) channel such as verifying face to face or calling the requestor’s phone extension or cell phone;
- have an alert on all incoming emails that originate outside of your credit union such as: caution: this email originated from outside your organization, do not click links or attachments unless you recognize the sender and know it is safe;
- limit the number of staff that have authority to perform or approve wire transfers; and
- provide ongoing staff training with penetration testing.
CUNA Mutual Group’s risk alerts, in addition to additional risk-prevention resources, may be accessed in their Protection Resource Center. Log-in is required.