Are you confident in your ability to spot phishing attacks? Realistically, not many can confidently answer yes to that question.

Though phishing attacks have been around for quite some time, cybercriminals are becoming ever more sophisticated in their efforts, continually finding new ways to target their victims.

In fact, a report released by Avanan stated that since the beginning of 2022, credit unions are being imitated by phishing attacks at a greater rate than ever seen before.

With over 83% of organizations experiencing phishing attacks in 2021 and additional six billion attacks expected to occur throughout 2022, phishing emails remain the most popular form of cyber fraud and local credit unions along with their members appear to be the latest hot target.

Why credit unions are extra vulnerable

While all banks and financial institutions need to be vigilant, credit unions are particularly sensitive to these attacks. One reason is that phishing attacks work best when the targets are unsuspecting.

Most people have become accustomed to regular scam emails from fraudsters impersonating the bigger banks, however, emails from a local credit union may not rank too high on the ‘spoof’ radar. This is because credit unions are generally perceived as more trustworthy and therefore many could be fooled into believing they have received a safe email, without investigating further.

Another reason why credit unions may have become popular for these phishing attacks is that many are ill-equipped to protect against cyberattacks. With the Avanan report stating that more than 66% of credit unions lack proper email security to protect against phishing, cybercriminals are well aware that these institutions and their members are easy prey.

What are the risks of phishing attacks?

Credit union accounts are often considered less ‘risky’ than bank accounts that include features such as ATM withdrawals, direct debit and online shopping capabilities.

It is this complacency, however, that is exactly what puts credit unions and their account holders at greater risk.

Cybercriminals do not discriminate so if there is potential for financial gain, they will find their way to it. Following years of lockdown, with very little to spend money on, those fortunate enough to do so will have managed to build a sizeable savings account, in their local credit union, that these fraudsters will be very happy to relieve them of.

How cybercriminals are impersonating credit unions

Phishing Emails

Phishing emails are designed to look like they are coming from a seemingly legitimate and well-known source. These have evolved over the years to include smishing and vishing formats.

Regardless of the channel used, the sole purpose is the same – to obtain personal private information and to defraud the end user.

Here are just some examples of how phishing attacks are imitating credit unions in 2022:

• A common form used is when an email is sent to the end-user impersonating the credit union and includes links to view documents such as statements. The link included, when clicked, will redirect to a webpage where it will ask for personal information to be entered.
• Another version will send an email with details of a wire transfer of funds that is about to happen. In order to stop this transfer, it requires the recipient to pay a fee.

Smishing

Smishing involves using SMS or text messages to impersonate credit unions. The goal, again, is to convince the recipient to reply with personal information or to redirect them to a URL where they can enter personal credentials.

Here are just some examples of how smishing attacks are imitating credit unions in 2022:

• The victim receives an SMS asking them to reply ‘No’ if they wish to stop a transfer of funds. Upon a reply of ‘No’, the scammer initiates further communication where they will aim to direct the recipient of the text to part with personal details.
• In a slight twist, another example is where the text may state that an account is being closed and to call a number to prevent this from happening. Again, from here the victim is engaged in further conversations where credentials can be extracted.

Vishing

Vishing attacks are those conducted over the phone. Fraudsters will call and claim to be an employee of the credit union who requires personal information. With the ability to mask a number or spoof the caller ID, it is easier than ever for cybercriminals to use this method.

Again, these attacks use fear as the key factor in extorting valuable information. In some cases, the caller pretends to be a credit union staff member who wishes to confirm a fictitious withdrawal. To stop the funds from being withdrawn, the account holder must first verify the information.

How to spot the warning signs of phishing attacks

As with anything prevention is better than cure and these attacks need to be identified before any damage is done.

Here are some red flags to be aware of:

Phishing Emails

• Check the email address of the sender – is it recognisable? Does the domain match?
• Are there any grammar mistakes throughout the body of the email?
• Does the greeting used by the sender appear normal?
• Is the request within the email unusual?
• Are they using scare tactics to prompt immediate action? (eg. your account will be locked if you do not reply)

Smishing Messages

• Double-check the phone number used – does it match the website phone number?
• Are the language and tone used in the text normal?
• What is being asked within the message?
• Is there an urgency to act?

Vishing Calls

• Is the phone number used the correct number listed for that credit union?
• Does the reason for the call make sense?
• Will the caller answer questions to verify they are who they claim to be?
• Is the caller overly persistent in their request for information?

Protection from phishing attacks

Cybercrime is continuing to grow and everyone is a potential target, whether it is the credit union, its employees or its many members.

A full, comprehensive cybersecurity plan is essential to any organisation or individual who wants to protect themselves from these threat actors and to ensure that they don’t become just another statistic on a cybercrime report.

Calnet IT Solutions can provide this protection for your business, your customers, your staff, and yourself. We have been managing and securing companies across Ireland since 2003. As a certified Microsoft Gold Partner, we have the experience and the expertise to support your business with all of your cybersecurity needs.

Contact us today to find out how our proactive, affordable and reliable services can help safeguard your business against phishing attacks and any other potential cyber threat.