Republished from CU Times dated February 18, 2021. By James McCabe.
As if 2020 wasn’t bad enough, we have entered 2021 with another looming danger that continues to expand and wreak havoc in your members’ lives. I call it the “cyber-demic,” a cyber-warfare that’s spreading like we haven’t seen before, caused by hackers who are leveraging COVID-19 to steal, sell and damage your members’ identities. Even more unsettling is that unlike the pandemic, there’s no vaccine to slow down these attacks that are rapidly spreading and will continue to haunt individuals and businesses alike.
A detailed article from TechRepublic about the 2021 Experian Data Breach forecast painted a grim picture of what’s yet to come:
What is your credit union doing to support your members in the midst of these 2021 predictions? Your members face significant risks on several fronts, and attacks can strike without any warning.
As COVID-19 continues to headline the news, the vaccine rollout will present opportunities for criminals to prey on the fear, confusion and misinformation that your members are confronting. The advent of contract tracing organizations is creating new avenues for criminals to steal your members’ personal health information (PHI) – for example, thieves may pretend to be contract tracers to maximize the amount of information they can steal. Health records continue to be the most valuable data to resell on the black market, a trend that opens your members up to vicious attacks of all kinds.
With COVID-19 protocols requiring more and more of your members to set up work-from-home environments, along with the evolution of the 5G network, cyber-hackers have numerous opportunities to attack. These technological hacking geniuses know all the vulnerabilities of home networking. The extensive connectivity of 5G technology makes your members more vulnerable to being caught off guard. According to the 2021 Experian Data Breach Industry Forecast, with the technological control of a house’s security and other devices, criminals will more regularly hold a household hostage in exchange for money, valuable information or just for the potential fame.
Add to all of this the fundamental uncertainty of day-to-day restrictions and potential new mandates on the public, and it is easy to understand why your members are wondering how to best protect their lives, families and assets. Credit unions have always demonstrated their ability to step forward and provide sound financial advice and guidance in uncertain times. And now, more than ever, members need extra support and guidance from their credit union.
Have you considered new ways to protect members outside the walls of your credit union with new services that could include ID theft and fraud recovery, and robust protective monitoring? This monitoring could include Dark Web monitoring to alert members when their non-financial data (i.e. PHI) is being attacked or used against them. You could also offer members mobile phone protection and perhaps some well-positioned discount programs to save them money. These kinds of services are available, and several components can extend to their whole family. Bringing these enhanced services goes a long way to increase member engagement and generate non-interest income, and it’s something hundreds of credit unions are doing today.
Cybersecurity preparedness has been a mantra of the NCUA for over seven years. Yes, the vulnerabilities of data breaches are ever-present for credit unions, and fraud is getting worse all the time. But the “front-line” targets beyond the credit union are your members, and they require serious help. Why not heed the cyber-demic warnings of the 2021 Experian Data Breach Industry Forecast and do what other financial institutions aren’t doing – bring more protection and guidance to members to expand their faith and trust in their faithful credit union?
Republished from CU Times dated October 19, 2020. By James McCabe.
Over the past nine months, our country has experienced an unprecedented pandemic that featured a transmittable virus that spread "like wildfire" to millions of Americans. Unfortunately, the world's criminals have preyed upon this fast-spreading viral disease to create the spread of criminal activity that has moved as swiftly as the virus itself.
With October being National Cybersecurity Month, it is disheartening to say that Americans, including thousands of your members, face the worst ever epidemic of ID theft & fraud. It is a tidal wave of criminal attacks hitting your members from so many directions, which makes them defenseless if they are in the sights of the bad guys.
We've seen the warnings for all of these attacks coming from so many sources. The FBI, CIA, Homeland Security, and other national watchdogs have been trying to expose the criminals and their many forms of assault on innocent individuals.
In March, we saw the first signs of attack coming via the Phishing email avalanche that hit Americans with a 600% increase in just one month.
Then in April, we were all alerted to the several devious ways that crooks were creating Stimulus Check Scams against Americans (including your members) who were desperately in need of the funds to stay afloat.
There was a critical alert announced in May from several Federal Agencies that the coronavirus pandemic was helping to facilitate "malicious attempts leveraging stimulus-themed emails and text messages to obtain personally identifiable information and bank account details from individuals." The IRS, Homeland Security, and Secret Service, among others, are particularly concerned about the intrusions happening within healthcare organizations and are encouraging heightened controls, especially on teleworkers operating in unsecured places.
In May, the Institute on Aging also released a warning about criminals aggressively targeting the elderly. Elders, who maintain the vast majority of the nations' wealth and face more isolation from being the pandemic's highest risks, have become an appealing prey for cybercriminals. Elder members need some focused attention at this time and it would benefit credit unions to show them some special support.
A Beazley study released in June also indicated that businesses are also highly targeted by sophisticated thieves. Phishing scams and the confusion of the virus have made it an excellent opportunity to drive up ransomware attacks on a wide variety of industries. Credit Union members are also affected, as many of them are consumers, employees, and owners of these vulnerable businesses.
Perhaps one of the most alarming warnings came in June by the FBI, when they announced that there had been significant attacks on mobile banking apps and fake banking apps developed by criminals. COVID-19 has caused more people (your members) to bank remotely and has increased mobile banking usage. According to the FBI, "Hackers are increasingly aiming at mobile banking app users to steal credentials and commander bank accounts."
In light of this mountain of evidence that credit union members are facing unprecedented levels of risk for ID theft and fraud events, the question becomes, "What will credit unions do to help them?" The answer starts with an awareness campaign that educates members about what is happening around them with cyber hacking, phishing emails, stimulus scams, and various fraud attacks. Now is the time to create an "eye's wide open" moment for members to be on guard and ready to defend themselves.
Of course, credit unions can go the extra mile for members, which is what credit unions are known for, and incorporate protective ID theft and fraud services as part of their member-owned accounts. Hundreds of credit unions nationwide have begun to provide their members with this "ultimate safety net of protection." Programs are readily available to make this happen while also providing the opportunity to generate much needed non-interest income to offset growing fraud loss, pandemic-related revenue gaps, and secure funding to maximize institutional protection as well.
All of this being said….wouldn’t NOW be a good time to give members a positive solution to fight this spreading crime wave? Where else would you want your members to go than the credit union they trust?
Republished from CU Weekly dated July 8, 2020. By James McCabe.
As the country continues its battle against the COVID-19 pandemic, there is a war being waged against consumers by criminals who are finding insidious and ingenious ways to wreak havoc.
Researchers at Barracuda Networks noted a 667 percent increase in phishing emails during March alone. These emails were malicious attempts to lure consumers into clicking on dangerous links and subsequently downloading computer viruses that lead to malware, ransomware, and individual ID theft attacks.
By the middle of this past April, the Federal Trade Commission had received over 17,000 complaints. It determined that criminals had already stolen more than $13 million in COVID-19 related scams and attacks.
Several U.S. federal agencies are posting alerts on nearly a weekly basis to warn consumers (your members) about aggressive attacks designed to prey upon the fear and distraction related to the COVID-19 crisis. In May, the Feds issued a joint warning with the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, Department of the Treasury, the IRS, and the Secret Service about COVID-19 CARES Act payment fraud scams.
In June, the FBI has made it clear that hackers are now targeting mobile banking app users to steal their credentials and commandeer bank accounts. Now is the beginning of a dangerous time for anyone who thinks the bad guys aren’t going to find a way to take over our phones and all the personal data they store.
Based on this continuous news about attacks on your members, credit union executives have an excellent opportunity to come to the aid of their members when it counts the most. Why not take this moment to bring members a source of protection from their credit union that they could not afford anywhere else?
Now is the opportune time to bring your members a suite of ID theft and fraud protection & recovery services that provide them and their families, the ultimate safety net against the avalanche of attacks happening around them. Search out the best resource for this kind of protection and give your members a positive message during this time when good news is seldom being heard.
Republished from CU Times dated April 3, 2020. By James McCabe.
In a time when security threats are compounding due to the crisis, CUs should show members how they're protecting them.
In December 2019, an article in CPO Marketing acknowledged that the FBI had issued a warning to the auto industry about being a target for cyberattacks. The U.S. automotive industry has become a target for cybercriminals because of the vast amount of personal data it contains. It is rare when you hear the FBI single out a particular industry followed with substantial warnings like this one, which says, "Automotive companies need to develop proactive defensive security measures to deal with all of the risks highlighted by the FBI warning." And ditto for the credit unions who work with auto dealers to be on guard and extend protections to their members.
Although this FBI warning went out to the auto industry, it affects more than just dealers. Credit unions who offer auto loans and members who receive financing are also at risk. The article mentioned above, clearly states that “In particular, when an enterprise shares data or partners with other organizations, it needs to be aware not only of the risk directly posed to its systems but the risk to its partners’ systems as well.” The financial data of members is a part of the automotive industry’s growing risks, and members should be aware so that they can ask the auto dealers how their data is protected.
Members also need to understand that identity theft is not just happening on debit or credit card transactions. Criminals are using stolen data to go beyond the typical financial transactions to pull off much more significant crimes. For example, cyber thieves who use stolen identities for medical fraud and to make big-ticket purchases can create nightmares and years of torment for the victims.
Compounding this specific attack on the auto industry and indirectly, your credit union, the COVID-19 pandemic has made the auto industry and other businesses even more susceptible to attacks, establishing an entirely new dynamic to the threats that already existed. Cyber thieves are using this time as an opportunity to attack while dealerships and other companies are hyper-focused on managing the effects of the coronavirus. As a result, another FBI warning has emerged about coronavirus scams and the need for vigilance and awareness as these attacks increase.
The current state of the world and anticipated new attacks are hitting very close to home for the credit union world, and it warrants a serious new assessment of your credit unions' overall cybersecurity preparedness. There is a new magnitude of fear and distraction within consumers (your members), and unfortunately, this creates the perfect feeding ground for criminals to attack.
Also, imagine the level of criminal activity that will happen when millions of Americans are sent government funds as part of the coronavirus stimulus package. It won’t take the ingenious criminals long to find a way to intercept funds or deceive recipients in some calculated scheme.
All of this allows credit unions to be purposeful in reacting to the FBI warnings and to demonstrate their commitment to looking after their members' well-being. Many credit unions are putting into place a strategy of ID theft protection that provides a heightened level of protection for the whole credit union and its members in a manner that also increases member engagement.
In closing, it is another fantastic opportunity for credit unions to show how they care for their members beyond the walls of the institution and how they differentiate themselves in the financial industry. Bring your members solutions that demonstrate the understanding of their growing risks and offer some expanded education & awareness. They may not immediately connect the FBI’s warnings to the auto industry or about the COVID-19 pandemic to threats that pertain to them, so a credit union centric reminder could be just what members might need. And giving the members a powerful, positive message in this time of fear and trepidation will solidify your relationship with them during the worst of times. Thus, making way for long-term success when the good times return.
Jim McCabe, Senior Vice President, Identity Theft Services at Vero.