Skip to content

TruStage RISK Alert: Social Engineering Fraud Drives Increases in Account Takeovers

There have been increasing reports of credit union members being scammed out of their login credentials through social engineering resulting in account takeovers.

Social engineering remained the biggest (92%) threat to individuals and a major (37%) path of attacks on organizations, according to a report from Positive Technologies.

Social engineering is a form of manipulation fraudsters use to scam your members out of their login credentials. There are several different ways that fraudsters get your members’ personal information.

• Phishing, in which the hacker uses email to trick someone into giving them access to some kind of account, login, or financial information;
• Vishing, which is the same but through voice, such as a phone call;
• Impersonation, which is done on-site, through email, or text; and
• SMiShing, which occurs through SMS text message.

Scammers use any means they can to trick members into sharing user info:

• Fraudulent emails and other messages that look like they’re from legitimate companies.
• Messages with fake links to your credit union online banking
• Misleading pop-ups and ads that say your device has a security problem
• Scam phone calls or voicemails that impersonate tech support
• Fake promotions that offer free products and prizes
• Unwanted calendar invitations and subscriptions

Once fraudsters have access to the member’s account, they typically change the member contact information through online banking. The fraudster has now locked the member out of their account and has exclusive access to commit fraud.

For more information and detailed risk mitigation tips, read the full alert at:
(Password and log-in required)

Recent News

Join Our Mailing List

Keep up with the latest industry info, advocacy updates, member spotlights and upcoming events.