ALEXANDRIA, Va.–NCUA is cautioning that the use of cloud-based email services is making CUs vulnerable target for cybercriminals, and credit unions are being urged to take steps to protect themselves.
In a new Risk Alert, the agency reminded that phishing emails designed to steal account credentials through cloud-based email services have proven to be among the most effective types of business email compromise (BEC) scams.
The agency warned that cybercriminals using phishing kits to target victims on cloud-based services, analyze accounts, impersonate email communications, fraudulently demand (and receive) payments, compromise address books, send more phishing emails – and more.
The Risk Alert listed 12 strategies CUs can deploy to prevent BEC fraud, but said the top three are enabling multi-factor authentication for all email accounts; disabling basic or legacy account authentication that does not support multi-factor authentication; and using caution when posting information on social media and company websites, especially job duties and descriptions, hierarchal information, and out-of-office details.
Additional Warning
Finally, the Risk Alert reminded that wire transfer fraud incidents are also increasing, as more transactions are being conducted through virtual environments have tilted that way. NCUA listed numerous operational, transactional, and physical and logical controls for limiting wire fraud risk and incidents.
The full Risk Alert can be found here.