The Increased Vulnerability for Fraud, Scams, and ID Theft Attacks on Students….What Can Credit Unions Do?
It is that time of year when students' vulnerability for ID theft attacks goes up exponentially as they head back to school. And this year, they face a dramatically more substantial threat posed by the increased time they spend online taking virtual classes.
The criminals are always excited about the idea of capturing student information and using it as a means to attack them or their parents. Thieves can also potentially gain access to all kinds of financial data from school applications and financial aid documents passing through the internet. Or they might gain access to the students' computers and steal files of personal & financial data. The COVID-19 crisis has definitely made students a prime target (COVID-19 scams targeting college students) for those preying upon our fears and the significant distractions from this national emergency.
So what can credit unions provide in the way of services to help create a safer environment for students and their parents (your members)? There would be nothing quite as powerful as an extensive array of ID Theft & Fraud Protective services. These are the type of services to provide your members' families a means to detect attacks and effortless recovery solutions in case thieves make it past defensive measures. Many credit unions have implemented these kinds of protective services with targeted programs that incorporate these services and generated substantial non-interest income.
Again, with the new distance learning that has affected most many states, your members face an ominous risk for phishing attacks and hacking attacks like never before. Your credit union is also operating at a higher risk in this COVID-19 environment. A recent study by Beazley Insurance indicates that financial institutions and the healthcare industry are prime targets of phishing scams, which has resulted in a 25% increase in ransomware in the 1st quarter of 2020 alone.
What can credit unions do to protect themselves in these unsettling times? Some solutions that protect your members from ID theft & fraud also come with protection for the credit union, such as data breach recovery & restoration services. Although every financial institution is responsible for having a robust incident response plan, it is wise to have another set of expert eyes on the situation to ensure that your credit union addresses every aspect of a breach response.
Republished from CU Weekly dated July 8, 2020. By James McCabe.
As the country continues its battle against the COVID-19 pandemic, there is a war being waged against consumers by criminals who are finding insidious and ingenious ways to wreak havoc.
Researchers at Barracuda Networks noted a 667 percent increase in phishing emails during March alone. These emails were malicious attempts to lure consumers into clicking on dangerous links and subsequently downloading computer viruses that lead to malware, ransomware, and individual ID theft attacks.
By the middle of this past April, the Federal Trade Commission had received over 17,000 complaints. It determined that criminals had already stolen more than $13 million in COVID-19 related scams and attacks.
Several U.S. federal agencies are posting alerts on nearly a weekly basis to warn consumers (your members) about aggressive attacks designed to prey upon the fear and distraction related to the COVID-19 crisis. In May, the Feds issued a joint warning with the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, Department of the Treasury, the IRS, and the Secret Service about COVID-19 CARES Act payment fraud scams.
In June, the FBI has made it clear that hackers are now targeting mobile banking app users to steal their credentials and commandeer bank accounts. Now is the beginning of a dangerous time for anyone who thinks the bad guys aren’t going to find a way to take over our phones and all the personal data they store.
Based on this continuous news about attacks on your members, credit union executives have an excellent opportunity to come to the aid of their members when it counts the most. Why not take this moment to bring members a source of protection from their credit union that they could not afford anywhere else?
Now is the opportune time to bring your members a suite of ID theft and fraud protection & recovery services that provide them and their families, the ultimate safety net against the avalanche of attacks happening around them. Search out the best resource for this kind of protection and give your members a positive message during this time when good news is seldom being heard.
In the wake of the coronavirus pandemic is a tsunami of criminal activity designed to play on your members’ fears and distractions. Perhaps one of the greatest threats is the use of phishing emails to attack members to gain access to all sorts of personal data and financial information. On the heals’ of the formal FBI warning to all Americans about increased criminal attacks related to the pandemic, there are two prominent sources who see phishing emails as one of the greatest threats on the rise
Last week, an article published by The Hill noted that there had been an astounding 667% increase in phishing emails in the previous 30 days alone. This article points out, “These types of emails try to lure individuals into clicking on dangerous links or download attachments that typically include computer viruses.” The article also notes, “as the coronavirus crisis continues, researchers are expecting hackers to grow increasingly sophisticated at using coronavirus to lure individuals.” Furthermore, The Hill reported that even the World Health Organization itself experienced an unsuccessful cyber-attack within the past few weeks, and they are seeing a dramatic increase in hacking attempts.
Another prominent subject matter expert on ID theft and data breach activities, Mark Pribish, notes in his recent newsletter, “the vast majority of data breach events are the result of phishing emails and not high technology hacking tools.” Mark also references the 2019 Internet Crime Report in pointing out that “phishing scams were the most common type of internet crime last year where 114,000 U.S. consumers lost more than $57.8 million in 2019 as the result of phishing.”
Credit Unions have the opportunity to reach members and sound the alarm about this tidal wave of phishing emails coming at them, thus creating a powerful awareness moment. It would be an incredible time also to consider how you might be able to bring members protective services with high-value propositions. Your members need extra support and guidance during this unique time in our history and providing a positive service right now would also go a long way to increase their loyalty and engagement with your credit union.
Republished from CU Times dated April 3, 2020. By James McCabe.
In a time when security threats are compounding due to the crisis, CUs should show members how they're protecting them.
In December 2019, an article in CPO Marketing acknowledged that the FBI had issued a warning to the auto industry about being a target for cyberattacks. The U.S. automotive industry has become a target for cybercriminals because of the vast amount of personal data it contains. It is rare when you hear the FBI single out a particular industry followed with substantial warnings like this one, which says, "Automotive companies need to develop proactive defensive security measures to deal with all of the risks highlighted by the FBI warning." And ditto for the credit unions who work with auto dealers to be on guard and extend protections to their members.
Although this FBI warning went out to the auto industry, it affects more than just dealers. Credit unions who offer auto loans and members who receive financing are also at risk. The article mentioned above, clearly states that “In particular, when an enterprise shares data or partners with other organizations, it needs to be aware not only of the risk directly posed to its systems but the risk to its partners’ systems as well.” The financial data of members is a part of the automotive industry’s growing risks, and members should be aware so that they can ask the auto dealers how their data is protected.
Members also need to understand that identity theft is not just happening on debit or credit card transactions. Criminals are using stolen data to go beyond the typical financial transactions to pull off much more significant crimes. For example, cyber thieves who use stolen identities for medical fraud and to make big-ticket purchases can create nightmares and years of torment for the victims.
Compounding this specific attack on the auto industry and indirectly, your credit union, the COVID-19 pandemic has made the auto industry and other businesses even more susceptible to attacks, establishing an entirely new dynamic to the threats that already existed. Cyber thieves are using this time as an opportunity to attack while dealerships and other companies are hyper-focused on managing the effects of the coronavirus. As a result, another FBI warning has emerged about coronavirus scams and the need for vigilance and awareness as these attacks increase.
The current state of the world and anticipated new attacks are hitting very close to home for the credit union world, and it warrants a serious new assessment of your credit unions' overall cybersecurity preparedness. There is a new magnitude of fear and distraction within consumers (your members), and unfortunately, this creates the perfect feeding ground for criminals to attack.
Also, imagine the level of criminal activity that will happen when millions of Americans are sent government funds as part of the coronavirus stimulus package. It won’t take the ingenious criminals long to find a way to intercept funds or deceive recipients in some calculated scheme.
All of this allows credit unions to be purposeful in reacting to the FBI warnings and to demonstrate their commitment to looking after their members' well-being. Many credit unions are putting into place a strategy of ID theft protection that provides a heightened level of protection for the whole credit union and its members in a manner that also increases member engagement.
In closing, it is another fantastic opportunity for credit unions to show how they care for their members beyond the walls of the institution and how they differentiate themselves in the financial industry. Bring your members solutions that demonstrate the understanding of their growing risks and offer some expanded education & awareness. They may not immediately connect the FBI’s warnings to the auto industry or about the COVID-19 pandemic to threats that pertain to them, so a credit union centric reminder could be just what members might need. And giving the members a powerful, positive message in this time of fear and trepidation will solidify your relationship with them during the worst of times. Thus, making way for long-term success when the good times return.
We are facing an unprecedented time in our lives with the coronavirus upon us and people taking every imaginable precaution to “be safe” and survive the aftermath. Having three sisters who are nurses and who love to give advice, the basic practices of good hygiene are essential and the best way to avoid this virus. That is as far as this article will go on any medical aspects of this issue.
With the wave of fear going on, it might be a great opportunity for credit unions to look at the financial aspects of this unprecedented time and determine what other ways that members could be supported.
Understanding that the healthcare industry is the leading industry for data breach and ID theft related issues (medical ID theft & fraud), perhaps it might be prudent to look for ways to protect members as they find themselves possibly spending more time in urgent care facilities or hospitals. Criminals know that these healthcare operations are extremely distracted by the potential number of patients which could unfold….hopefully not….but these operations need to be prepared. For an example, in 2019, 40 million Americans were affected by health data breaches.
Members might really appreciate a symbol of protection and concern from their credit union at this time. Although you can’t provide a medical solution to offer, you could provide basic protection against the threats of medical fraud attacks and provide increased member awareness to be on guard. For those credit unions who might already have ID theft & fraud protection incorporated into services it is a fantastic time to remind members of these powerful services.
The coronavirus scams are already in full swing from the criminals and we can all expect it to only get worse as people continue to get bombarded with every imaginable negative news associated with this pandemic…driving up fear and uncertainty.
There are a wide variety of packaged solutions out on the market that incorporate fully managed ID theft & fraud recovery together with strong dark web monitoring to give members the ultimate safety net against criminal medical fraud & ID theft attacks. If nothing else, incorporating these kinds of services signifies to members the intent to be protective in whatever means possible….and help calm fears. It might even be practical to provide these services at no cost to the members for an extended period of time, thus showing a sensitivity to the economic effects of all of this as well.
These unprecedented times call for unprecedented action and credit unions have a powerful voice with their members to guide them and offer a positive message of identity protection and safety while they are dealing with the potential medical dangers at the same time. Any kind of positive news at this time could be received by members in the most significant way and remind them how credit unions uniquely go beyond their walls to enhance the lives of those they serve.
Republished from CU Weekly dated February 21, 2020. By James McCabe.
Over the past year, we have seen a continued incline in data breach events. A few years ago, it was not uncommon for a data breach to make news headlines once every month or two. In 2019, that began to change. The public announcement of a new data breach has become a weekly occurrence. That's because there was a 17% increase in data breach events in 2019 over 2018.
Not too surprisingly, 2020 has started with a series of breach announcements, which is indicating another record year for attacks. But, in addition to the increased frequency of breach events, the growing number of breaches involving "harmless" data is another notable trend that many people have shrugged off as just being annoying. Breaches like the one from Microsoft, which exposed 250 million customer records, didn't alarm as many people because it lacked the SSNs, birth dates, and credit card data that have impacted other breaches, such as those from the healthcare industry.
The recent wave of data breach activities that involve data such as email addresses, mailing addresses, phone numbers, and passwords are the breaches that can be the most dangerous because they're the ones that many consumers ignore and fail to react proactively. Many consumers (your members) do not realize that a non-financial data breach can be just as detrimental because a hacker only needs a small bit of personal data to cause havoc on someone's identity.
Your members need to be aware that criminals are keenly interested in this "non-financial" data to allow them access to more critical data. For example, the stolen Instagram passwords of 419 million users could be the gateway to financial and other sensitive accounts since over 60% of adults use the same login credentials for multiple accounts, and 44% of consumers change their passwords once a year or less.
Hackers also use inconsequential data from breaches such as PhotoSquared App, Estée Lauder, and Arizona Department of Education to round out the data that they previously collected from the same individuals. The breach events of Equifax and Capital One exposed almost every adult (147+ million) US citizen's social security number. Having a closer to complete data file on a person allows criminals to do more damage, which is why there has been such a dramatic increase in New Account and Account Takeover Fraud in the past five years (138% higher in 2019 than in 2014).
Credit Unions have a significant Member-centric focus that sets them apart from other financial institutions. So wouldn’t it be credit union-centric to provide members with education, awareness, and protective services against ID theft & fraud events, unlike other financial institutions? Fighting the ever-increasing complacency of consumers (members) can add another differentiating factor for your credit union. Hundreds of credit unions are implementing value- rich ID theft recovery & monitoring programs for members that set them apart in ways that enhance member engagement and can also generate non-interest income.
Members are often confused and bewildered about how to combat the risks that they know they are facing with the rapid advancement of data technologies. Cell phones and other mobile devices are especially a concern since they are typically the storing mechanism for everything about an individual. This is particularly true of the Millennial generation. Now is the opportune time for credit unions to investigate the introduction of member protective services and education/awareness programs that will help members protect ALL of their data - even their seemingly "harmless" personal information. Because as we know, there's no such thing as a "harmless" data breach.
Republished from CU Times dated October 21, 2019. By James McCabe.
Instead of offering free checking accounts that in fact come with fees, consider data and identity protection services.
Recent news about the growing number of credit unions replacing “free” checking with checking accounts that include more value-added features is a clear indication that credit unions are listening to what their members really want. Consumers and credit union members want something of real value and they’re willing to pay for it.
As recent articles published in 2019 have pointed out, many credit unions have seen the pitfalls of pushing “free checking.” Often, members who have free accounts begin to feel “nickel-and-dimed” and misled due to fees such as check reorders, ATM transactions and overdrafts. Also, as stated by Ron Shevlin, a director of research for Cornerstone Advisors, “Free checking is not a springboard for a deeper relationship.”
Furthermore, in 2018, Cornerstone Advisors published survey results that indicated millennials want and are willing to pay for non-financial services that come as valued-added features with their accounts at financial institutions. According to the study, the majority of millennials want value instead of free – especially when it comes to services that provide data and identity protection. These value-added services are excellent ways for credit unions to facilitate more profound relationships.
With October being National Cybersecurity Awareness Month, it’s a perfect time for credit unions to consider offering valuable protections that members want, such as mobile phone insurance, ID theft protection and child ID theft protection. These are the kinds of protective services credit unions should strongly consider offering to their members and attaching perhaps to a checking account to build value that goes far beyond “free checking.” These services can help credit unions significantly increase member engagement and loyalty, as they become a safe harbor for the members’ wealth, identities, phones and families.
The same members who have no problem paying as much as $15 a month for subscriptions such as Netflix, Amazon Prime and Hulu will appreciate “value checking” accounts versus accounts with perceived, fake, “free” services. Credit unions have a unique opportunity with their members to create the ultimate engagement opportunity and prevent members from seeking these services from a less trustworthy online resource.
The increasing dangers presented by the recent avalanche of data breach events such as Capital One, DoorDash and Zynga (publisher of mobile games such as Words with Friends), creates an environment of uncertainty for all consumers – including your members. This is the perfect time to enhance your services to protect members beyond the walls of your institutions and provide them with peace of mind. Embed more valuable protective services into your financial account offerings and secure your membership for years to come.
Over the past couple of years there has been an average of 15 million or more people attacked by an ID theft or fraud event in the United States. Last year, the average cost to individuals facing these events had DOUBLED from 2017 to 2018. Yet, are consumers doing enough to protect themselves as their vulnerability to these events grows from the endless avalanche of data breaches?
Our society has created great ways to deal with other personal dangers like car accidents, heart attacks, and home fires. We willingly spend thousands of dollars per year to have protective services & insurance in place, just in case these calamities might occur in our lives.
Interestingly, we are much more likely to experience an ID theft or fraud event than many other common catastrophes:
The FTC reports that 64% of Americans have had their data compromised from a data breach and 31.7% of these breach victims end up having an ID theft or fraud event happen to them. This number has continued to increase over the years despite the availability of so many ID theft companies offering protective services. Jon Iannarelli, a retired FBI Special Agent and well-known presenter on cybersecurity has stated, “Nearly every company will experience a data breach. It’s no longer a question of if it’s going to happen, it’s when.” And, as quoted years ago by Mark Pribish, a recognized ID theft and data breach expert, this simple fact remains: “no company or service can ever guarantee an individual will not become a victim of an ID theft event.” With the number and magnitude of data breaches happening over the past several years (i.e. Equifax, Uber, US Government, Marriott, etc.) it is nearly certain that the majority of consumers, your credit union members, will become a victim of ID theft or a fraud event. Add to this, the most recent data breach by Capital One, affecting 100 million consumers, and it is clear that some kind of member ID protection service needs to be considered.
Just like a heart attack, car accident or natural disaster, there are steps that individuals can take to lessen the likelihood of becoming a victim, but there are no fail-proof ways of completing avoiding the occurrence. This is why consumers have medical, auto and homeowners insurance - to help them financially recover in the event of such misfortunate happenings. And, this is why it’s imperative that consumers have similar recovery protection from ID theft and other fraud events.
So, credit unions have an opportunity to ramp up their focus on this growing problem and distinguish themselves by how they protect their members. Credit unions should pursue programs & services that are available to provide much needed awareness & education to members about the growing dangers they face. And there are services available that can provide invaluable safety nets of protection for members with incredible value propositions.
Imagine being able to bring your members full recovery and restoration services for any kind of ID theft or fraud at rates as low as $4 or $5 per month, which would also include all forms of monitoring. In sharp contrast to what they pay for auto insurance or homeowners insurance, this is an unparalleled value that will further engage members and solidify their loyalty to your credit union.
The value of your members protecting their identities should be far greater than many other things that they gladly pay a higher monthly cost for, such as Netflix, Amazon Prime and ATM Fees outside of the credit union and CO-OP network. A little education and awareness makes this clear to members and allows the credit union, who they trust, a means to now protect their members from the fast growing dangers associated with an identity theft or fraud event…affording them true peace of mind.
*Insurance Information Institution
**Bloom, Ester. CNBC; “Here’s How Much the Average American Spends on Healthcare”
Federal Trade Commission Consumer Sentinel Network Data Book 2018
The avalanche of data breach events in the U.S. continues to plague businesses of all sizes. The headline news only captures the larger company breach events, but there are thousands of small to medium size businesses who face devastating consequences from criminal attacks….and we just don’t hear about it. In fact, 53 percent of mid-sized businesses have already experienced a data breach, according to a recent Cisco SMB Cybersecurity Report.
Many credit unions serve the financial needs of small to medium size businesses (SMBs) with services that help them maintain and grow their hopes and dreams. According to recent studies, lurking in the dark are criminals who are focused on infiltrating these SMBs and creating a nightmare from which many cannot recover. These organizations often have smaller cybersecurity budgets and may not be able to afford a chief security officer (CSO) or in-house security team able to take on protective and response duties.
Today, there are breach recovery and ID theft protection services available that can help protect SMB owners from a possible collapse of their life’s dream. Credit unions have the opportunity to offer this type of service to their SMBs, which can provide the ultimate safety net for your business members. These services would also create greater member loyalty and a superior “business engagement” program.
Recent statistics from the National Cyber Security Alliance indicates that your business members are the most vulnerable to cyber- attacks. And according to a recent CU Times article, the number of data breaches in 2019, so far, indicate a record breaking year ahead of us. Now is the time to take action.
Do your due diligence and research to find solutions that allow you to more completely serve your SMB accounts by supporting their financial and cyber security needs. There are solutions that go far beyond cyber insurance to create a comprehensive cybersecurity preparedness that ensures your business members survive and properly respond when faced with a breach disaster. Let’s face it, SMBs need to be focused on their day-to-day issues and they do not want to be burdened with financial stress or the outside threats from would-be criminals.
Credit unions can differentiate themselves in these stressful times to provide a unique solution to SMBs and position themselves for more loans and revenue in the future, which can help maximize engagement with businesses, as well.
As the data breach tidal wave continues within the US and internationally, the likelihood of an SMB executive or a key employee having a personal ID theft event is growing and expanding. As SMB executives & employees receive more and more breach notices, the individual threats are escalating and, more importantly, the consequences of an attack today is more devastating than ever before. According to recent statistics from Javelin Strategy Research, out of pocket costs for victims more than doubled in two years. Therefore, SMBs are also in dire need of credit union services that would extend ID theft recovery programs to all employees, or at least the primary employees and company executives.
Again, credit unions have access to service providers who can make it possible for them to provide this kind of critical SMB support for ID theft attacks against their business member’s employees/management. These ID theft recovery services often can go hand-in-hand with finding the best data breach recovery services from service providers. Incorporating both data breach and ID theft recovery services into your overall business member account services will create a differentiator from other competing financial institutions…to help grow the number of businesses you serve.
Credit unions should look to maximize the kind of services they can bring to their SMB members. Research your providers and find those who can bring your business accounts a suite of services to drive your value proposition as high as possible. There are residual non-interest income opportunities which credit unions can generate with a strong account value of high quality and relevant services for their business members. Hopefully potential future legislation could pave the way for credit unions to be more aggressive with commercial loans. Therefore, a stronger bonding with business accounts can result in expanded loan opportunities and access to all the business’s employees as well. The non-interest income possibilities could allow your credit union to also be more aggressive in lowering loan rates or increasing interest rates on business account deposits.
The increasing threats of data breach events for SMBs isn’t going to go away. Criminals know that these small companies are the low-hanging fruit for attack. It is time for credit unions to expand their vision and look at new services to attract these vulnerable SMBs. To sum it up, the benefits to your credit union, as a result of stronger business account offerings, include an expanded fee income stream, a greater engagement level for long term dealings, and a differentiator that attracts more businesses.
Don’t ignore the signs of the times and miss a significant opportunity to better serve and support the life-blood of American growth and prosperity...SMBs.
I Repeat…..“Only Three Things are Certain in life: Death, Taxes, and…Data Breaches”
In 2015, I wrote an article about the certainties of our lives being affected by a data breach event. Similar to death and taxes, there are steps that we can take to mitigate its effects on our lives, but there is no way to fully prevent it from occurring. Funny how some things just don’t change….it’s nearly four years after I wrote the initial article and the certainty of data breaches occurring is as true today as it was back then. This article explains why. Credit unions would serve their members well to provide protection against the fallout of breach events…which just keep happening. I have only added a few new points (in parenthesis) to the article below, but the original message remains the same.
If Benjamin Franklin were alive today, I believe this would be his new take on his famous quote. He would recognize the inevitable fact that data breach events, like death and taxes, cannot be stopped. They certainly can be deterred and delayed, but based on the avalanche of data breach events in the past eighteen months, as well as the industry forecast for more to come, Franklin would warn, “Be prepared.” (Over a billion people were breached in just one month last year… between November 2018 and December 2018)
We hear about the growing laundry list of companies who are focused on finding the magic pill that will give businesses and financial institutions, as well as individuals, a sense of peace and security. These companies all pinpoint individual elements of data breach exposure and create products or services sold as “preventative” solutions. Whether it is credit monitoring services, software encryption programs, EMV chip cards, document destruction, protective data storage offerings, etc., they’re all one dimensional solutions, fighting a multi-multi-multi-dimensional problem. (Blockchain technology was the 2018 “end-all solution” for ID theft….but it too has not failed to guarantee safety)
So many former and current FBI leaders, and other criminal investigation experts, have warned about the pure fact that it is not a matter of IF you will experience a data breach, but rather WHEN it will happen. Security firms and experts on data breach, ID Theft, and cyber security all understand that the root of the problem is actually inherent in the world’s rapid technological advancements and the public desire for increasingly more data mobility & accessibility. These factors, coupled with the human element (social engineering), are the real reasons that data breach and ID theft events are not stoppable.
The human element is responsible for almost 70% of all data breaches, even though cyber theft events get the lion’s share of headlines in major news reports. The human element consists of much more than international organized crime or the local bad guys trying to hack into your business. It is the disgruntled employee, the negligent vendor, the absent-minded manager, or simply the misplaced laptop or thumb drive of personal data…..and the list could go on.
So when faced with the inevitable truth about data breach and ID theft events, what is the best way for your credit union to be prepared for WHEN it happens?
Without neglecting your efforts to “deter” these events through proper policies, awareness programs, and compliance, it is imperative to have a strong and sound plan for mitigation and restoration/recovery. Incorporate strategies and solutions to help maximize your credit union’s preparedness for, and ability to, support members in their time of need, and for your institution in its time of the unthinkable. An interesting trend that was recently revealed by a Scottsdale, AZ firm, Cornerstone Advisors, indicates that consumers, especially millennials, are turning to credit unions or other financial institutions for non-financial services such as ID theft protection. And, as reported in a CU Times article, the majority of millennials are willing to consider buying bundled services at attractive prices.
The good news for your credit union is there are resources to help you accomplish all of this, while also providing an opportunity to generate non-interest income as you educate your members and provide them with protection against these data breach certainties. Something perhaps even Franklin would applaud and consider “a penny saved”…. a lot of pennies!