Crooks Spoofing Credit Unions to Steal Funds and Login Credentials

Email security provider Avanan revealed in a Thursday report that a new phishing campaign exploits local credit unions to steal money and data. According to Avanan’s research, phishing emails are masqueraded as legit messages from high-profile companies/businesses. They are sent to lure the recipient into sharing login credentials and sensitive data of the spoofed company.

A dramatic rise in Credit Union Spoofing Phishing Campaigns

Check Point firm Avanan claims that since February 2022, there has been a dramatic increase in phishing campaigns impersonating credit unions. The same was observed by the National Credit Union Administration (NCUA), which even advised credit unions to stay cautious about emerging new threats amid the ever-changing geopolitical situation. 

Referring to CISA’s advisory in January regarding Russian state-sponsored cyber threats to critical US infrastructure, NCUA noted that the risk of cyberattacks on US institutions has two-fold.

Hackers Exploiting Undeveloped Email Security

Although all financial and banking institutions are vulnerable to spoofed phishing emails but local credit unions are particularly vulnerable to such attacks due to insufficient security measures, researchers claim.

Reportedly, 92% of the credit unions mainly lack proper security, while 66% lack adequate email security, which makes them at risk of phishing campaigns. Furthermore,

Read More: