‘Tis the Season for Cyber Attacks


Here’s a not-so-fun fact: Did you know that cyberattacks are estimated to increase by as much as 60 to 70% during the holidays? That’s worse than a lump of coal in your stocking.

During the holidays, fraud is a heightened concern, however, credit unions work year-round to ensure their members’ data and money are secure.

“We remain vigilant throughout the holiday season and are on the lookout for increased attempts at email phishing, social engineering, and identify fraud,” said Sean Murphy, Chief Information Security Officer with BECU. “We are especially focused at our member contact points: in our customer service centers, online portals, and in our neighborhood financial centers. We also continually monitor our networked resources for any cyber-attack indicators and unusual behavior.”

Strategic Link partner, IP Services, manages credit unions’ cybersecurity and IT systems. They have several recommendations credit unions should implement to keep members’ data safe at the holidays (and year-round).

“Educate members on best practices regarding use of their cards,” said Scott Alldridge, IP Services CEO. “Make tools like member alerts and fraud alerts readily available and educate members on phishing and how to recognize it.”

Credit unions can also compile a list of resources and tips to help members monitor their own accounts, along with steps to take if they suspect fraudulent activity.

“Make sure your cybersecurity program at your credit union is following all the best practices it should be in providing the highest level of security posture possible, including having all IT systems and software patched with the latest releases and that all configurations are in a known secure state,” Alldridge advised.

Murphy said that during the holidays, BECU sees an increase in attempts to steal personal information that is used to open lines of credit. They also see more spoofing attempts by criminals hoping to fool customers into providing information that leads to account access.

“On an individual level, we should all be skeptical when we see emails with links that provide offers for gift cards, discount airfares or extra-special giveaways,” Murphy explained. “Phone calls are also a source where a healthy dose of skepticism and scrutiny are needed. My advice, even during the uptick in risk during the holidays, is to remember the phrase, SHUT UP.”

When shopping online, IP Services recommends members only enter information onto a secure site – meaning the very first part of the website address should start with HTTPS://. Don’t shop on a site that doesn’t have that as part of the URL.

And Murphy also stressed that members should be on the lookout for fake versions of legitimate sites. Fake sites will have unusual URLs, odd contact information, or bad web design. He also recommends using mobile apps over websites to make purchases, as they are the safest, most secure channels for online shopping.

If something fishy should show up on an account, members should report it to their credit union immediately, and the credit union should notify authorities.

“Cancel or freeze the account until an investigation is performed to determine if there is actual fraud activity,” Alldridge said. “And provide extra training and best practices to your members on avoiding, detecting, and reporting fraudulent activity.”

Shoppers should also avoid entering personal information over public wifi, which can be intercepted and readable by an attacker.

Murphy also noted during the holidays there’s an uptick in charity scams and fraud. It’s something members should be aware of.

“Fraudsters are not beneath spoofing decent and trustworthy organizations, like the Salvation Army or Red Cross,” Murphy said. “Instead of a crime against a purchase transaction, the criminals and fraudsters steal information and money by preying on the good intentions of individuals. The holiday season is a likely time where our guards are down and our desire to be charitable is at its highest.”

Posted in Article Post.