Credit Union Fraud: Social Engineering Prevention
By: Ann Davidson, Vice President of Risk Consulting Allied Solutions.
Social engineering is defined as “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.” The use of telephone, email, postal mail and the internet are all vehicles that fraudsters use to steal your members’ personal information. However, online scams and phishing attempts are the most common ways in which fraudsters attempt to perform social engineering on your consumers so they can steal their information.
These member scams are likely to grow in amount and severity throughout 2018, primarily due to these key factors:
- More exposed records: 145.5 million U.S. records were exposed last year from the Equifax data breach alone. With that and other breaches taking place in 2017 (like Deloitte and Sonic Foods), you are looking at a consumer base that is at high risk of identity theft and fraud exposure this year.
- More sophisticated processes: The tools and processes used by criminals to perform these attacks will likely evolve and become more sophisticated in an effort to fall below the radar and have more success in their attempts. In fact, more and more fraudsters are treating these crimes like a business with hired employees and standardized processes.
Case in point: Recent reports have surfaced where scammers are contacting consumers as the Social Security Administration to trick them into giving up their personal information, which would then be used to perform identity fraud or synthetic identity fraud.
Take proactive measures to protect your business and your accounts from these social engineering fraud attempts. For an overview of the scams and frauds that hit your members the hardest watch our webinar on-demand today.
Social Engineering Fraud Prevention for Your Credit Union:
- Monitor employees’ accounts to watch for any suspicious activity, especially those employees that have access to sensitive information.
- Educate employees about ongoing threats.
- Verify deposited checks clear before permitting a withdrawal or transfer.
- Establish a multi-level authentication process for financial transactions or account change requests not performed in person.
- Tell employees to never open or forward emails, links or attachments received from unknown sources.
- Ask your employees to be wary of any prizes or offers made over the phone or through email, especially those that offer to update, correct or solve a computer issue or problem.
- Encrypt private information prior to shredding or destroying documents or storage devices.
- Conduct tests to determine where system vulnerabilities exist and promptly address them.
- Monitor social media outlets to reduce the chance of sensitive information being posted.
Social Engineering Fraud Prevention for Your Members:
- Be cautious of any company you choose to engage in business with.
- Be cautious when asked to wire money.
- Review your account statements frequently.
- Consider giving only to established charities in the event of a disaster.
- Always conduct your own research if someone contacts you with low-risk, high-return investment opportunities.
- Be cautious when buying products online.
- Use strong password protection.
- Don’t respond to emails or messages to provide personal or financial information.
- Report scam attempts:
If you take action NOW to proactively mitigate these fraud risks, you can protect your credit union and members from these attacks. Sign up for Allied's Risk Alert newsletter to stay up-to-date about what's happening in the fraud landscape.
Watch our most recent webinar "Sweetheart Scams, Phishing Attacks, and Member Fraud" to learn more about scams that hit your members the hardest.
Allied Solutions is the NAFCU Services Preferred Partner for Insurance- Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP). More educational resources and partner contact information are available at www.nafcu.org/allied.