Fake Sites, Frustrated Members, and Online Fraud
Service Credit Union is an award-winning financial institution with over 333,000 members and $5.1 billion in assets under management. It serves its members through its 50 locations in the U.S. and Germany. The credit union began in 1957 with a mission to serve military, veterans, and U.S. Department of Defense employees. Still, it didn’t consider itself a top target of online scammers, at least in comparison to more well-known financial services brands. A surge in frustrated members calling to complain of falling victim to online fraud impersonating the credit union proved otherwise.
Assistant VP of Information Security Alex Laham and team tracked some fraud to scam websites hosted in Russia. Unfortunately, the fake website’s registrars and hosts would not respond to the team’s requests to shut the sites down.
Offloading Brand Protection to An Expert
Laham wanted to get ahead of these threats to reduce their impact. They needed to stop having members contacting customer service as their alert system.
He needed a proactive reconnaissance way to find brand impersonation attacks quickly. Preferably before they could be launched. He also required proven response capabilities that could make detected scam sites inaccessible by ordinary measures. And because these impersonations went beyond mere typo squatting, he needed sophisticated detection technology beyond just analyzing URLs for lookalike domains. The solution would require a combination of people, processes, and technology he didn’t have in house. So he chose Allure Security’s brand protection-as-a-service.
The Results:
To start, Allure Security’s expert threat research and response team successfully took down counterfeit websites hosted in Russia. This was a relief to the team who had expended significant effort in the past with no success.
Next, within minutes of activating Allure Security brand protection as-a-service, the credit union received an alert on a brand impersonation–a scam they wouldn’t otherwise have identified. Minutes later, Allure Security identified another website clone hosted on a completely different server. Best of all, because the credit union spotted these scams so quickly, they could be mitigated before members fell victim.
In most cases Service Credit Union can now identify brand impersonation attack within minutes of teh domain first being observed on the Internet. By detecting and mitigating impersonations during configuration and testing, the institution eliminates these threats before a single phishing message is sent.
In subsequent weeks, Allure Security detected and mitigated dozens of fake websites impersonating the credit union’s brand. This reduced customer complaints of fake websites to near zero within a month. Along with the reduction in calls, Laham and the team could demonstrate a significant decrease in wire transfer fraud and associated savings connected to the brand protection service. Today, the credit union uses allure security to protect its digital presence across the web and social media–defending and maintaining its brand while reinforcing members’ trust.
Related Articles
-
SharkBot Mobile Banking Trojan Embedded in Banking AppIn a recent mobile malware scan for one of our partners, Allure Security...
-
How to Handle Parked DomainsWhat is a Parked Domain? Many brands are unsure about parked domains with...
-
Fighting Search Engine Phishing: Malvertising and Bing AdsSearch Engine Advertising Risks When consumers search the internet, brands want to be...
-
Webinar: IT Leaders on Online Impersonation FraudSecurity against the Rising Threat of Impersonation Scams Cybersecurity remains a back-and-forth contest...
-
Fraudsters Abuse Dynamic DNS Subdomains For PhishingAllure Security has noted an increase in scammers utilizing dynamic DNS (DDNS) services....
-
Damn Filters Recovers from Poisoned Search Engine ResultsPoisoned Search Engine Results Damn Filters, a leading company in Kansas, sells online...