More cybercriminals have been launching phishing campaigns spoofing credit unions for data and money theft, reports TechRepublic.
Phishing incidents involving local credit union impersonation have significantly increased since February, according to an Avanan report. Threat actors have been using varying techniques, including wire transfer codes, document alerts, and payment notifications, in an effort to lure targets into providing their credentials. Avanan discovered phishing emails involving online statement and document viewing, important notices, money requests seeking to stop alleged wire transfers, and an ACH debit offer, all of which redirect to a union-spoofing sign-in page. Attackers could collect credentials entered on the page to use for future attacks. Organizations could protect themselves from such phishing attacks by implementing cybersecurity systems that adhere with financial rules and feature social engineering attack mitigation capabilities, said Avanan. Meanwhile, users have been urged to examine email addresses where credit union messages have been sent from, as welll as exercise increased caution over credit union-related communications.
While AeroBlade’s techniques are more sophisticated in many ways, security pros say the initial attack vector was a common spearphishing attack – something U.S. companies must do a better job protecting against.