"Namely, whether it is increased use of phishing-based man-in-the-middle attacks, spear phishing or botnets, these evermore sophisticated tools are enabling fraudsters to launch quicker and easier attacks," the RSA executive says, "and target more institutions."

Credit unions included.

For instance, SecureWorks has seen a sharp increase in cyber-attacks on the more than 500 credit unions whose online presence it monitors. Elizabeth Clarke, the Atlanta company's vice president of corporate communications, says SecureWorks' researchers recorded an average of 2,913 attempts on each of its client credit unions per month from mid-April through the end of September, compared with 1,287 per month the previous six months.

"The number of hackers is definitely increasing as cybercrime becomes more profitable and the ability to get into the business is easier than ever," Clarke says. "To be a successful cyber criminal, one doesn't have to be extremely tech savvy anymore.

"The amount of malware and turnkey attack kits for sale on the Internet is amazing. There are countless underground marketplaces available on the Internet where one can buy plug-and-play malware, making it very easy for one to get into the business and begin attacking attractive targets like credit unions."

Meanwhile, Cyveillance, another major provider of Internet monitoring and threat analysis, says it has seen a leveling in the number of traditional phishing attacks but a sharp rise in attacks that blend malicious software and phishing and use well-known brand names to lure consumers.

In fact, says Todd Bransford, vice president of marketing for Arlington, Va.-based Cyveillance, "the number of malware attacks on the Web now exceeds phishing attacks."

Those attacks include keyloggers, pharming Trojans and screen scrapers that steal credentials for later use. The experts note that most of those are root-based kits, making the infected machines essentially uncleanable without being completely re-imaged. And the fraudsters are quick to come up with new variants each time the anti-virus software catches up with them.

Bransford says credit unions make up 30% of the brands his firm sees come under attack but that size does not necessarily determine who's next.

"It seems that the criminal carrying out these phishing attacks are always testing the waters, so to speak, to find targets that are more susceptible," the Cyveillance marketing chief says. "This has created a cyclical environment where phishers move from one institution to the next and back to previous targets.

"We continue to see phishing attacks plague institutions of all sizes."

So, what's a credit union to do? Well, consider safety in numbers.

Henrichsen at RSA says that credit unions, like any financial institution, need to

be able to identify phishing attacks or crimeware targeting them and their members and have a holistic and tested approach to mitigating such threats in a multi-layered way.

That includes investigating, blocking or taking down fraudulent sites with the help of the major anti-fraud networks, or face unpleasant consequences, he says, adding that consumer education can only go so far.

"We have worked with credit unions that, unfortunately, thought they were prepared for phishing or crimeware attacks and, only through living through it first-hand, came to realize the level of capability and partnerships required to actually mitigate these threats effectively," Henrichsen says.

–[email protected]