TruStage: Trending Risks Drive Significant Losses for Credit Unions
Knowing which emerging risk is right around the corner is a challenging task and one that can’t be taken lightly. Unfortunately, risks and losses fluctuate at the same time bad actors produce new innovative tactics often deploying age-old schemes with new twists.
While every credit union has its own unique risk footprint; it is critical for you to know which risks and losses are rapidly evolving that could impact your operations and bottom-line.
Unfortunately, many credit unions - just like yours - have been impacted with six- and seven-figure losses. These losses are within well-known functional risk areas involving account takeovers, fraudulent checks/deposits and with interactive teller machines (ITMs) and automated teller machines (ATMs). Money mules, who are individuals that knowingly or unknowingly transfer or move illegally acquired money on behalf of someone else, are often used to improve the success rate of these scams.
And, once these bad actors find something that works, it isn’t long for them to advance their schemes and tactics into other credit unions throughout the country. The good news is that we can learn from these losses and help ensure that the frequency and severity is significantly minimized at other credit unions by implementing proper loss controls.
Specifically, these six loss areas have been wreaking havoc over the last 12-18 months.
Account Takeovers
Fraudsters have launched sophisticated social engineering attacks against credit union members to scam them into providing their login credentials, including two-factor authentication passcodes.
These fraudsters are typically:
- Manipulating your members getting them to provide login credentials, and 2 factor authentication passcodes required to reset passwords using the “forgot password” feature, by sending fraudulent text alerts that appear to come from the credit union and/or by calling members - spoofing the credit unions phone number – and impersonating a credit union employee.
- Targeting your call center employees and getting them to reset member passwords and change member contact information.
- Simply asking the member for missing pieces, such as 2-factor authentication passcodes, as they already have the member’s username and password from previous compromises.
Then the fraudsters have used external transfer service to transfer funds out of compromised member accounts to external money mule accounts. However, a recent trend has the compromised member accounts and money mule accounts at the same credit union.
Fraudsters often recruit money mules through social media for an opportunity to earn easy money. Once the money mule accounts are opened, the fraudsters launch their social engineering attack against existing members to scam them out of their login credentials. The fraudsters initiate large dollar member-to-member transfers from the compromised member accounts to the money mule accounts. The money mules withdraw the funds through various means.
Fraudulent Checks & Deposits
the numerous payment options available today, fraudulent paper checks and deposits have surged over the last few years. In fact, fraudsters have been using age-old tactics and scams to carry out their transactions – things like washing, altering, and counterfeiting checks.
A key driver to these losses has been the significant problem with stolen mail activity – with common access coming through targeting and breaking into blue collection postal mailboxes or robbing postal workers of their keys. Once they have access to the mail, their search for actual checks begins and when found they’ll use them to carry out their fraudulent schemes.
Three losses that have seen significant increases in both frequency and severity are:
- Stealing and altering members’ issued checks or manufacturing fraudulent checks using info from legitimate checks? to gain access to cash. In many cases, your members’ checks are being negotiated elsewhere to bypass some of your authentication controls.
- Another tactic is recruiting money mules to open accounts at credit unions to cash fraudulent U.S. Treasury checks?.
- And lastly, opening fraudulent business accounts in the name of the payees listed on stolen Treasury checks, depositing these checks,? and then cashing out before they’re returned.
ITMs & ATMs
Another well-known risk area right now involves ITMs and ATMs. Significant six- and seven-figure losses have been occurring throughout the country in 2024 and continue into 2025.
- Interactive teller machine (ITM) fraud - Fraudsters are using the self-service feature to make unauthorized withdrawals from member accounts – primarily using counterfeit debit cards. In some cases, credit unions have discovered deep insert skimmers on their ITMs.
- ATM jackpotting - ATM jackpotting cases impacting credit unions has seen a significant uptick. Most cases involve fraudsters connecting a device, referred to as a black box, to the ATM’s dashboard. Once installed, fraudsters issue a command for the ATM to dispense cash until empty. Money mules are typically recruited to retrieve the cash.
- ATM smash & grabs - A resurgence in ATM burglaries where criminals use a blow torch or other forced entry to open the ATM’s money chest or steal it altogether is occurring in several states.
Its critical for each credit union to address these emerging loss trends along with their potential loss impact. You should take a proactive approach by implementing important loss controls rather than wait for a loss to occur.
Remember, when risk management is effective, typically nothing bad happens. Yes, it is difficult to show the value of nothing happening. But if you’re blindsided by a problem or loss, your bottom-line and reputation usually takes the hit. Don’t let not knowing which emerging risks are around the corner take the blame. Use these latest loss trends to help you assess your organization’s risks and implement controls to keep you safe.
TruStageTM Fidelity Bond policyholders can learn more about these threats, check out TruStage risk resources and RISK Alerts located within the Business Protection Resource Center at trustage.com. Remember, if you have a question or would like a more detailed consultation on this emerging risk, you can also contact a TruStage risk consultant via email at riskconsultant@trustage.com or at 800.637.2676.
To learn more about money mules, watch this on-demand TruStage virtual event – Money Mules & their Schemes.
By Ken Otsuka, Sr. Consultant, Risk and Compliance Solutions, TruStage
« Return to "MCUL Newsroom"
