Risk alert: Fraudsters are impersonating credit union vendors, suppliers

A new risk alert from TruStage warns that fraudsters are impersonating vendors and suppliers used by credit unions.

How it works: Credit unions receive a spoofed email appearing to come from the vendor/supplier with updated banking information for paying invoices by ACH or wire, the risk alert states. The fraudulent emails do not request payment from credit unions, however as legitimate invoices are received from the actual vendors/suppliers, credit unions may be tricked into remitting payment by ACH or wire using the updated, fraudulent banking information allowing the fraudsters to intercept payments.

The fraud is discovered when the actual vendor or supplier contacts the credit union inquiring about a delinquent payment, and losses have reached mid to high six figures, according to the risk alert.

Risk mitigation for credit unions:

  • Alert accounts payable staff at the credit union of this vendor impersonation scam.
  • If your credit union receives an email purportedly from a vendor/supplier with updated banking information for remitting payments, the instructions should be verified by calling the vendor/supplier using a reliable phone number.

Steps for recovering funds:

  • Contact the institution where the transfer was sent in an attempt to recover the funds. The institution will likely require an indemnification agreement before returning any funds.
  • Report the fraud to the FBI by filing a complaint through the Internet Crime Complaint Center (IC3). IC3’s Recovery Asset Team (RAT) tracks the funds down and works with financial institutions to freeze the funds for the victims.

In 2022, RAT initiated the Financial Fraud Kill Chain on 2,828 business email compromise complaints involving domestic transfers with potential losses of over $590 million. A monetary hold was placed on approximately $433 million, which represents a 73% success rate, according to TruStage.

TruStage risk alerts, in addition to additional risk-prevention resources, may be accessed in their Protection Resource Center. Log-in is required.

Leave a Reply