This isn't child's play, it definitely isn't funny and it verywell can cost your institution money. Cyber crooks are busilyscheming up ways to separate your credit union's assets from theinstitution. Here we have rounded up the top five things toreally worry about.

* Patience May Win Out – for the Crooks
After a breach is detected, experts pore over Internet traffic logsand, according to new research from Verizon, with financialinstitutions, the perpetrators often have proven themselves to beremarkably patient. “We see cases where they have probed for weeksand months before they find a way in,” said Jay Jacobs, a Verizonspokesperson.

“In one case, they probed for a year.”

That makes financial institutions very different. Other sectorsstudied by Verizon such as healthcare and retail do not exhibitanywhere near that level of patience on the part of the crooks.

The bad news: because they are willing to keep probing, if thereis a vulnerability, no matter how arcane, they will find it.

Worse news: Jacobs said the crooks' cyber-fingerprints can betraced backwards after an attack but he doubted that even vigilantstudy of logs beforehand would have alerted victim institutionsthat an attack was coming. “It'd be like looking for the needle ina haystack,” he said. * MobilePhishing

It's already come to cellphones, said Ryan Disraeli,vice president of fraud services at Telesign.

Disraeli elaborated: “SMS mobile attacks are now being seen moreoften by users. A fraudster sends an SMS spam message to a user'smobile phone and it appears to be a message from their bank orcredit union. These messages almost always include links, which thetarget will click and it will exploit the device to collect varioustypes of information from a site that looks just like the creditunion's own website. These attacks can be so sophisticated that itlooks as though the bank is sending the message themselves as analert or notification.”

* Credit Union Employees Are Under Attack

Considerable cyber crook focus now is on finding ways to takecontrol of employees' computers, tablets and smartphones. Getinside the firewall, the thinking goes, and a cyber crook can findnumerous ways to loot institutional accounts.

Matters apparently are so grave the FBI has issued a warning about the rising incidence of attacks on financialinstitution employees.

According to many experts, training of financial institutionemployees to recognize and avoid cyber attacks has not always beenrigorous. Even though they are high-value targets, credit unionemployees may fall victim to the same fairly simple phishingattacks that fool consumers. Stepped up training, said the experts,is the must here.

A reality is that most attacks aimed at employees areeasily sidestepped – but employees need to be taught the dangers. * Zombies On Your Computer

Steve Santorelli, a spokesperson for security firm Team Cymru, saidin his opinion the biggest current worry is: “Zombies in yourmachine – drive by downloads that appear as adverts on major, legit websites,that are essentially cross platform. You can't avoid the globalpandemic unless you quarantine yourself: use a dedicated machinefor nothing other than online banking.”

The backdrop is that security experts report that malicious Spamis increasingly ineffective. Filters are catching it and putting itin isolation before it can do harm. Cyber-criminals consequentlyare on the hunt for new attack vectors and contaminatedadvertisements are increasingly popular.

Called “malvertising,”it's not a small problem. Literally millions of machines arealready contaminated, said experts.

A problem: a lot of this malware is so cleverly written itappears to dodge most anti-virus screening. Much of it also now iswritten to infect both Windows and Apple computers.

Santorelli's advice to restrict one computer to nothing butonline banking – meaning no email, no web surfing, no gaming – mayseem extreme. But he insists it's the one way to keep sensitivesessions safe.

* We Are The Enemy

“The real threats to remote banking, quitefrankly, are the users themselves,” said Pierluigi Stella, chieftechnology officer of Network Box USA, a security company based inHouston.

He added: “Too many end users/home users don't deploy properprotections on their computers and access their online bankinginformation without any form of a safety net.”

Many steps are very simple: PIN protect smartphones, forinstance. Password protect home WiFi networks. Be very cautiousabout using public WiFi – at coffee shops or hotels or airports forinstance – and whatever you do, don't use those networks forfinancial transactions.

A reality: credit unions could do much more in terms of advisingmembers on simple security precautions to take. Setting up a PIN ona phone literally takes seconds. But such steps pay hugedividends.