Fraudsters Steer Clear of Federal Credit Union pmiquel December 2, 2024

Fraudsters Steer Clear of Federal Credit Union

Sleepless Nights and
Overburdened IT Teams

A federal credit union managing $3.06 billion in assets, serving over 185,000 members, and employing 500 people originated in a federally funded research and development center. Ten staff members at the center pooled an initial $5 investment to form the credit union, and since then, they have expanded to serve 19 counties.

Like at all credit unions their accounts were the occasional targets of fraud attacks. Cards and account information would be lost to social engineering schemes or breaches at other vendors. Though an issue, the levels of fraud were low and manageable. That changed when the credit union switched from their custom digital banking platform to a standard cloud-based platform. 

New Digital Banking Platform and Increased Fraud Attempts

This switch coincided with a dramatic increase in fraud attempts. Spoof websites and social engineering attacks via phone calls and SMS messages extracted login information from members at a much higher frequency. 

Various teams handle fraud response and mitigation, but the team responsible for addressing brand impersonation attacks consisted of only three people. Moreover, fraud mitigation was just one of many responsibilities of this team. With such limited resources, reacting to the influx of fraud proved an unworkable burden.

The team spent countless hours contacting domain registrars and web hosting providers to take down the fake sites. However, when the number of fraudulent sites exceeded 100 per month, it became overwhelming. 

“We’re in business to be a credit union. We’re not in business to fight digital fraud. We have data centers to run. We have networks to maintain, and new projects to work on. But we need to drop everything, because our members are getting defrauded, and we didn’t want our members to lose out.”
VP Information Security

Worse, fraudsters would republish copies of the same website under new domains. They maintained two or three versions of the spoof site and quickly created new copies after takedowns. This suggests using automated phishing kits as a driver of the rising levels of fraud.

The impersonation attacks were so frequent that the VP of Information Security had to wake up every three hours each night to scan for new fake websites. This was the only way the team could quickly identify newly published spoofs and begin takedown campaigns. If left until morning, the fraudsters would have several hours to deploy their social engineering schemes and target thousands of members.

With the team overwhelmed and literally losing sleep, they sought a solution provider who could help.

The Solution

Protecting Brand Integrity with Threat Monitoring and Decoy Data

Each attack prompted the question

"Why didn’t you do more?”

The driving force in seeking out a cybersecurity provider was three-pronged. First, the financial losses as a result of fraud were rising and making an impact on the financial health of the credit union. Second, fraud mitigation consumed a larger and larger share of the team’s time. That was time that would have otherwise been spent supporting the needs of the business. Third, fraud attacks on members directly damaged the brand reputation. Members expect financial institutions to safeguard their data and assets. Each attack prompted the question, “Why didn’t you do more?”

They partnered with Allure Security to search for, identify, and remove fake website and social media threats. Allure Security used an AI-powered solution with computer vision to scan the internet for brand spoofs in a way that mimics human interaction.

This allowed the recognition of brand imagery and catching spoofs that other solutions miss. Then, Allure Security’s veteran takedown team executed takedown campaigns for each spoof uncovered. Rather than sit back and wait, they performed as many follow-ups as necessary to remove the content as quickly as possible.

Decoy Data Undermines Social Engineering Spoofs

Allure Security also used decoy data to undermine social engineering spoofs while the takedown campaign was underway.  Website AI-generated user data that appears genuine to the fraudster is fed to the spoof website. Eventually, when they attempt to use the data to access accounts, they will be unsuccessful. This decoy data has the effect of diluting any real member data they extract and placing a burden on the fraudster to weed through the fake accounts. Most fraudsters will lack the time or motivation to do so and abandon their newly gathered data.

The hope is to use this decoy data in conjunction with their digital banking platform provider to alert the team of emerging website spoofs. If the banking platform provider were to receive login attempts from pre-determined fake accounts, they can trace that data back to an uncovered website spoof. Then they can take action to limit access. Though this capability is not yet in place, it is the goal.

“The faster you prove you're not getting anywhere defrauding us, the faster fraudsters will give up and move on.”

VP Information Security

The Results

Once the Allure Security team was on board and on mission, the credit union saw immediate changes. The security team responsible for brand impersonation no longer had to commit limited time and resources to takedowns. Now, Allure Security proactively searches for and confronts online threats, and the internal team simply forwards any additional information they receive from members. This allows them to return their focus to their primary responsibilities with confidence that their members are protected. 

Perhaps the biggest relief,
the VP of information security could finally get
a full night’s rest.

After two months of consistent effort, the volume of brand impersonation attacks died down. Rather than spinning up new iterations of the fake website after a takedown, the fraudsters began to move on to other targets. Today, there is still the occasional brand impersonation attack, but it is greatly diminished. The Allure Security team continues to maintain their watch and address these attacks as they arise.

Related Articles