Taking advantage of heightened levels of customer trust and satisfaction, along with lowered levels of properly implemented security, credit unions are seeing a rise in email-based scams.

An uptick in phishing campaigns targeting credit union customers intent on harvesting credentials and taking victims for their money has been identified by security researchers at Avanan. The attack spoofs the credit union, attempting to get the victim to access the [fake] credit union website, provide their credentials, and take care of some banking activity the phishing email claims needs to be addressed.

According to Avanan, there are a few factors that aid in the success of this kind of attack:

  • 66% of credit unions lack controls like DMARC to avoid spoofing
  • 92% of them don’t have proper email security in place
  • A majority of credit union customers are happy with, and trust, their credit union

Add all this up and you have scammers lining up to impersonate credit unions, and customers who naturally assume emails claiming that something’s wrong with their account are going to take the prescribed (albeit, malicious) actions.

This alignment of insecurity and ignorance creates the perfect storm for these kinds of scams to thrive. And while you can’t control whether your credit union does or does not have proper security controls in place, you can educate your own users so they don’t become victims while on a company endpoint by enrolling them in Security Awareness Training so they don’t err on the side of simply believing an email is from their credit union… just because it says so.