The new report from Guardian Analytics is startling. Its thesis is that shrewd crooks have found techniques to enlist credit union employees in abetting their frauds.
Guardian Analytics, specialists in online banking fraud prevention, is not alleging that the credit union employees are in cahoots with the criminal. Quite the contrary.
The employees believe they are helping a legitimate member consummate a transaction when in fact the member is a crook, said Tiffany Riley, a Guardian Analytics vice president, in an interview.
Guardian Analytics has tracked the scam in multiple cases, across multiple institutions, said Riley, who specifically said credit unions are involved.
The way it works is this: the crook gains control of an account’s login credentials, possibly by phshing, perhaps by social engineering. The crook then meticulously logs on a few times, with no attempt to mask the computer’s identity. Quite the contrary. The crook wants the tracks to be detected and noted, thus creating trust (“this is a known computer”), said Riley.
The crook has not stolen money, not yet. He has transferred amounts between accounts, looked up balances, done all the things a legitimate account holder does.
And then one day the crook logs into the account and toggles into a live chat feature, where he requests help with a wire transfer “The financial institution trusts this user because he already is logged in,” said Riley. “The crook has passed the necessary authentication.”
And the member service representative is just trying to be helpful with a member who claims to be confused with wire transfer procedures and who requests assistance.
Wire transfer amounts were in every case under $8,000, “keeping this under the radar of most FIs,” wrote Guardian Analytics in a case study.
Importantly, noted Guardian Analytics, “in all cases, this was the first time live chat had been used.”
Noted Riley, “a key to preventing this is to look for anomalies.” Accounts with no history of use of live chat or of wire transfers ought to be flagged for further investigation when the member - or is it an imposter? – requests a sizable wire transfer via live chat, said Riley.
But, indicated Riley, Guardian Analytics has a larger point to make in releasing information about this scam. “A financial institution today faces a broad range of attacks. You cannot focus on blocking just one kind. There now are many and many do not involve sophisticated technology.”
