The National Credit Union Administration (NCUA) doesn’t issue an alert lightly. In fact, it’s been six years since the last time they did.
In August, they issued a new alert all about Business Email Compromise, and the increased rate at which they’re seeing cybercriminals use it as a method to victimize US-based credit unions. The number of complaints associated with this scam increased to the point that the FBI created a recovery asset team to address them in February 2018. Between then and May of this year, the team recovered more than $331 million based on the complaints they received.
Business Email Compromise is a social engineering technique used by cybercriminals in which they pose as a business or member of a business in order to execute fraudulent payments.
In layman’s terms, a cybercriminal will write an email pretending to be from your credit union, and request that a payment be processed – instead of to a legitimate source, the payment will go to them.
A popular form of Business Email Compromise is CEO Fraud. This is a form of Business Email Compromise where a cybercriminal impersonates a high-level executive (often the CEO). Once they convince the recipient of the email (employee, customer or vendor) that they are legitimate, they then attempt to get them to transfer funds or confidential information.
Business Email Compromise can be carried out a number of ways:
“Credit unions can take steps to prevent this type of fraud and should report such fraud, when it occurs, to the FBI’s Internet Crime Complaint Center,” said NCUA Chairman Rodney Hood in the alert. “Credit unions that report incidents to the Internet Crime Complaint Center promptly increase their opportunity to recover funds that have been wired under fraudulent pretenses.”
According to the National Association of Federally-Insured Credit Unions (NAFCU), cybersecurity is a systemic risk that affects all levels of business, government and ordinary people. It is such a high-risk area for credit unions that the NCUA placed cybersecurity as a top focus for exams. As the cybersecurity world continues to evolve, it’s important that your credit union is prepared for possible threats. The NAFCU FFIEC Cybersecurity Assessment Tool is available to members here along with other cybersecurity resources.
1. Defend Your Organization
2. Have Your Personnel Contribute To Cybersecurity
No matter how good your prevention steps are, breaches are inevitable. User education plays a big part in minimizing the danger, so start here:
3. Keep An Eye Out For Warning Signs
Security Awareness Training should include teaching people to look for red flags. Here are the most common things to watch out for:
4. Test Against Phishing
KTG provides compliant IT managed services as well as managed security solutions designed to meet the compliance standards required by the NCUA. If you’d like to learn more about how we can help your credit union implement a robust technology & cybersecurity management solution, reach out to us today.
Like this article? Check out the following blogs to learn more: