The new report from Guardian Analytics is startling. Its thesisis that shrewd crooks have found techniques to enlist credit unionemployees in abetting their frauds.
|Guardian Analytics, specialists in online banking fraudprevention, is not alleging that the credit union employees are incahoots with the criminal. Quite the contrary.
|The employees believe they are helping a legitimate memberconsummate a transaction when in fact the member is a crook, saidTiffany Riley, a Guardian Analytics vice president, in an interview.
|Guardian Analytics has tracked the scam in multiple cases,across multiple institutions, said Riley, who specifically saidcredit unions are involved.
|The way it works is this: the crook gains control of anaccount's login credentials, possibly by phshing, perhaps by socialengineering. The crook then meticulously logs on a few times, withno attempt to mask the computer's identity. Quite the contrary. Thecrook wants the tracks to be detected and noted, thus creatingtrust (“this is a known computer”), said Riley.
|The crook has not stolen money, not yet. He has transferredamounts between accounts, looked up balances, done all the things alegitimate account holder does.
|And then one day the crook logs into the account and togglesinto a live chat feature, where he requests help with a wiretransfer “The financial institution trusts this user because healready is logged in,” said Riley. “The crook has passed thenecessary authentication.”
|And the member service representative is just trying to behelpful with a member who claims to be confused with wire transferprocedures and who requests assistance.
|Wire transfer amounts were in every case under $8,000, “keepingthis under the radar of most FIs,” wrote Guardian Analytics in acase study.
|Importantly, noted Guardian Analytics, “in all cases, this wasthe first time live chat had been used.”
|Noted Riley, “a key to preventing this is to look foranomalies.” Accounts with no history of use of live chat or of wiretransfers ought to be flagged for further investigation when themember – or is it an imposter? – requests a sizable wire transfervia live chat, said Riley.
|But, indicated Riley, Guardian Analytics has a larger point tomake in releasing information about this scam. “A financialinstitution today faces a broad range of attacks. You cannot focuson blocking just one kind. There now are many and many do notinvolve sophisticated technology.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
