There has been a significant uptick in spoofs of the US credit unions. Threat actors capitalize on poor security to steal user credentials and money.
"All credit unions, regardless of size, are potentially vulnerable to cyberattacks," the National Credit Union Administration (NCUA) said in February, noting that credit unions should adopt a heightened awareness and conduct proactive threat hunting.
NCUA referred to January's CISA statement on Russian state-sponsored cyber threats to the US critical infrastructure, issued amidst strained relations between the US and Russia over security concerns in Europe. The risk of cyberattacks has only increased since Russia invaded Ukraine.
The Five Eyes, an intelligence-sharing alliance consisting of the US, UK, Australia, Canada, and New Zealand, issued a joint warning, claiming Russian state-sponsored actors, together with cyber gangs, might strike critical infrastructure in the West.
Banks and other financial institutions have recently seen a dramatic increase in attacks. Credit unions are particularly vulnerable, with some reports claiming that 92% of them don't have proper security, and more than 66% of credit unions lack proper email security to protect against phishing.
Avanan, a Check Point company, claims that hackers are taking advantage of such undeveloped email security by spoofing credit unions to obtain credentials from end-users. In recent months, it has observed a 'significant uptick' in spoofs of local credit unions.
Criminals are using a variety of lures to trick users, such as a document alert, an incoming payment notification, and more.
"All of these are designed to get the user to act. When users click the lure, they are taken to a fake sign-in page that imposters the credit union. Once the user types in their credentials, the phisher gains all the information they need to access the user's account. From the recipient's perspective, the website appears unresponsive after they type in their username and password," Avanan said.
Attacks on credit unions can be incredibly costly, with financial risk going as high as $1.2 million for large credit unions.
According to the recent report by cloud security company Zscaler, financial institutions are among the most frequently targeted brands – scammers impersonate popular financial services to extort money and credentials. Last year, Zscaler alone witnessed over 57 million phishing attempts in the financial services industry.
More from Cybernews:
Subscribe to our newsletter