Credit Union Phishing Attacks on the Rise Again

The latest fraud report from the RSA Anti-Fraud Command Center shows that, after a decrease in September, phishing attacks on credit unions jumped back to 40 percent of all financial institutions struck. (See RSA’s complete report:)

The earlier drop in the credit union numbers, which was thought by RSA’s Senior Product Marketing Manager Jens Hinrichsen to be an anomaly, has proven to be just that.

See Also: Cybersecurity for the SMB: Steps to Improve Defenses on a Smaller Scale

Another notable highlight: the emergence of Internationalized Domain Names (IDNs) to spoof website names by using alternate alphabets (i.e. Cyrillic), where letters correspond to their Latin counterparts. “A spoofed phishing domain which is based on an IDN can look exactly like a genuine bank’s domain written in standard code,” the report says. Once the phishing attack is initiated, however, it is treated and stopped just like any other phishing attack and does not present a greater danger to the user.

The report also shows that the number of brands attacked remained constant from September, signaling that the same brands were attacked more frequently than before. And attacks on regional banks are at a record-low 17 percent of all attacked institutions.

The worldwide distribution of attacked entities remains relatively unchanged from June to October. The share of U.S. brands is always very dominant, and October is the ninth consecutive month in which UK institutions occupied the second spot with 16 percent of the phished entities. The top seven positions in the list remain unchanged for the fourth consecutive month. Peru and Costa Rica are new to the list, as Latin American institutions have experienced increased attacks in the past six months. They both account for 1 percent each of the global banking brands attacked by phishing.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.