Phishing emails have long been a threat for desktop and laptop users within the office; however, the increased use of mobile devices as more employees work remotely has created an additional attack vector for cyber criminals. Common defense tactics or revealing traits of phishing attacks – such as the ability to identify email addresses and URLs that might look suspicious – are often not as noticeable in mobile email, texts,
and messaging apps given the mobile user interface and smaller device screens.
Malicious actors have recognized how reliant we are on mobile devices. They understand that there is a massive blind spot around mobile devices and apps and are targeting them because they present a path of low resistance. Additionally, mobile phishing is often the cheapest way to compromise an individual or an organization. In fact, mobile phishing has increased 37 percent between the fourth quarter of 2019 and the first quarter of 2020, according to Lookout, Inc., a provider of mobile security. Several reports suggest that there is a steady increase in mobile phishing attacks for both consumer and corporate users, across all geographies and industries, and involving both Android and IOS phones.
Learn How to Recognize & Avoid Phishing Scams
Fraudsters are launching social engineering attacks to members by posing as the credit union to obtain online banking credentials. They are defeating out-of-band / 2-step authentication by scamming member into providing this passcode to them. Once they have the passcode, they login to the member’s account and use peer-to-peer (P2P) services, such as Zelle and Payzur, to transfer funds elsewhere.
Fraudsters also have spoofed the credit union phone number and called members asking them to verify information such as card number, PIN and CVV/CVC –which is all they need to counterfeit a card. In a few cases where members refused to provide the passcode, the fraudsters impersonated the members and social engineered the members’ mobile phone carrier to port the members’ mobile phone to a different carrier. This allows the fraudster to receive the passcode by using the “forgot password” feature.
Please Note: ACFCU will never ask you for such private, secure information over the phone, via email or text message. Should you suspect you are being targeted by fraud, or have fallen victim, please contact us as soon as possible. We'll work with you to investigate the matter, ensuring your accounts and funds are safe at the Credit Union.