Five Security Measures to Adopt

With no credit union safe from phishing scams, organizations can adopt security measures to better protect the institution and its members. While no measure can guarantee attackers won’t be successful, proactive appropriate security measures can increase the likelihood of stopping an attack. These include:

Train Members and Employees: It may sound simple, however creating awareness and conducting consistent training sessions to educate members and employees on recognizing the signs of phishing scams is critical. Some credit unions are already doing this. For example, Navy Federal Credit Union has an extensive ‘Phishing Scams’ webpage available. And Patelco Credit Union in California created a comprehensive fraud protection site for its members to quickly and easily access, especially when they get a suspicious phone call, email or text.
Alert Members to Imminent Risk: Ensure your members know about potential threats as they arise and arm them with information and the tools and knowledge to protect themselves and their personal information. TLC Community Credit Union in Michigan did just this when it warned members of a recent wave of text message scams.
Detect and Block Malicious Emails: Use email filtering systems to identify and block emails from well-known malicious addresses. Security teams should have a list of known attackers’ email addresses. While this can’t block every suspicious email, it is a first step. Blocking threats from unknown attackers is the next and critical step. AI tools today can enable organizations to analyze emails in real time and take immediate action to prevent malicious messages from reaching inboxes.
Authenticate URLs: Take an extra step to closely look at website URLs. Do not spend time on any website where the URL is inconsistent or includes unfamiliar additions such as “index.html” or “page.html.” A consistent way to identify malicious emails is to check the web address that a link would lead you to.
Leverage Multi-Factor Authentication (MFA): Adding an extra layer of security through MFA, a security measure requiring two or more pieces of identification to authenticate the user, ensures strong access controls, making it more difficult for attackers to gain access. Credit unions can leverage passkeys as an alternative to passwords to achieve MFA in a single step. Designed to protect against phishing attacks, they eliminate the need to manage multiple passwords and are standardized by the FIDO Alliance. Passkey authentication leverages public key cryptography and biometric authentication to verify a user.

Staying one step ahead of cyber attackers is an ongoing effort that requires awareness, and of course, a series of proactive security practices. With these practices implemented, financial institutions can lessen the risks and protect their members’ information and financial resources.

Instant Insights /

Phishing Scams Are Targeting Credit Unions: How to Protect Institutions & Members

Related Stories

Recommended For You