By: Dan Draz, VP, Risk Program Management, PSCU

Financial crime threats are evolving on a daily basis as attackers attempt to exploit credit unions, employees and members. One fraud technique becoming even more prevalent is social engineering, which leverages the power of persuasive conversation as a fraudster deceives credit union employees and members into performing compromising actions or sharing confidential information.

To help stop social engineering fraudsters in their tracks, it is critical for credit unions to understand the dangers of social engineering and provide educational materials and resources to members and employees.

Security is on the Line

In many cases, fraudsters use psychological techniques to manipulate their targets. The perpetrator may misrepresent their identity – often impersonating an authority figure – to establish trust with the unsuspecting individual. In many cases, this deception starts with a phone call. 

A former colleague often said: “You can’t see a badge over the phone.” In other words, do not trust someone’s stated identity without proper verification. Social engineers routinely claim to be members of the IRS or FBI, or representatives of the victim’s employer or bank. Fraudsters even masquerade as credit union members to manipulate employees into bypassing authorization controls.

Unfortunately, a common refrain among fraud victims is, “My phone’s caller ID said it was from my bank.” Bad actors often program caller ID systems to display the name of a recognizable individual or organization. This spoofing tactic increases the odds that a target will accept the call and trust the fraudster. 

Persuasion Spans Platforms

The tried-and-true telephone remains a powerful tool for criminals who want to feign identities, steal sensitive information and loot bank accounts. However, social engineers take advantage of additional attack vectors enabled by new technologies. With the proliferation of internet-based tools in our personal and professional lives, fraudsters now target victims across various channels. Social engineering extends to social media and professional networking websites – exploiting users’ willingness to connect with unknown individuals.

Through fake profiles, criminals attempt to connect and ingratiate themselves with targets who are eager to network. These fraudsters establish rapport and extract valuable personal or employer information from their unknowing victims. Given these platforms’ social engineering risks, business networking and information-sharing protocols should be a defined part of your organization’s social media policy.

A Persistent Threat

Across communications mediums, criminals employ social engineering tactics in tandem with other types of fraud, including hacking, phishing, malware and spoofing. Virtually everyone has received these fraudulent calls, texts, emails and social media messages. Even if a small portion of targets fall for the social engineer’s tactics, the stolen information generates significant profits. The fraudster benefits from this cycle, while the impacted organizations and individuals face devastating consequences.

As the battle against social engineering continues, proactively equip your credit union, employees and members with fraud prevention tools and training. Resources and white papers from trusted industry partners like PSCU can help make sure your credit union is well equipped to not only combat, but also ideally stop fraudsters in their tracks. Awareness is key to blocking social engineering attempts and defending confidential information and account access. 

Dan Draz is the Vice President of the Risk Program Management team at PSCU. Via the Enhanced Fraud suite of solutions that he oversees, his team provides “concierge-level,” anti-fraud, risk mitigation, and member/customer experience services for PSCU partners enrolled in the Enhanced Fraud Services-Consulting and Enhanced Fraud Services-Monitoring solutions. With 38 years of sophisticated anti-fraud, investigations, and risk mitigation experience exclusively in the private sector, Dan is widely recognized as a thought leader in the enterprise fraud risk management space and has been published extensively in industry, news, and trade publications. He has an M.S. in Economic Crime Management and has been a high-profile Certified Fraud Examiner (CFE) for more than 28 years.