Go to:

July 2018
< Jun Aug >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Why Cybercriminals Target Small Credit Unions
Wednesday, July 1, 2015 6:30 AM

A recent Credit Union Journal article notes that according to cybersecurity experts, small to mid-size credit unions and regional banks could be at greater risk of SMS phishing and phone attacks than their big-bank counterparts.

"Oftentimes people talk about threats than can happen with malware, but we are talking about attacks that actually do happen," said AdaptiveMobile Head of Data Intelligence and Analytics Cathal McDaid. AdaptiveMobile is an Ireland-based global mobile security firm protecting more than 1.3 billion subscribers.

"What we found is that these cyber criminals really tend to focus in on smaller credit unions and banks," said McDaid.

One reason cybercriminals focus on small regional financial institutions is that the crooks use the same area code when calling members in attempts to gain entry into their accounts. Hackers use the fact that mobile and landline numbers are geographically allocated to target their attacks.

"In the last two or three years, increasing defense against SMS phishing has led to a re-emergence of mainstream voice phishing attacks via cell phone numbers," noted McDaid. The best first step against fraud, he said is cross-referencing the number received against the number on the back of the physical card or the number on the credit union website.

"Another reason for the targeted attacks, for better or worse, is that credit unions may not respond as quickly as larger banks," he said. "The cybercriminals believe they have a longer time period to make the attack successful."

Educating members is critical in defending against these attacks. McDaid noted that credit unions should have a dedicated page on their websites that outlines typical attack attempts and encourages members to call the credit union if suspicious activity is discovered.

"When credit unions get their intel from their security provider, they should always take a look at unusual account transaction activity around certain time periods," said McDaid.

AdaptiveMobile is currently evaluating ongoing cyberattacks and may release a similar report at the end of the year. McDaid said these crooks tend to target different regions of the country using different methods. In 2013, for example, New York state had a high rate of SMS attack attempts.

"There is no easy answer," said McCaid. "These gangs wouldn't be doing this if they weren't making money."

More information about this article.