The fall signals back to school for many and back to fraud for cybercriminals looking to capitalize on students, distracted shoppers, people away from home and the holiday season cusp.
Autumn not only brings on phishing and other related social engineering attacks geared to the season but also extends many trending fraud and malware.
As cybercrime continues to climb, consumers and businesses will likely observe elevated levels of malicious emails and phishing heading into fall.
“Right now the growing threats to many people are what has been extremely successful [for cybercriminals] this year, in particular ransomware and phone scammers,” Paul Kubler, digital forensics and cyber security examiner, for New York based cybersecurity firm LIFARS. “I see this increasing as consumers are continuing to fall victim to these threats in growing numbers.”
Here are some trending and seasonal threats that we see:
1. Out of footprint activity.
Credit unions will start to see out of footprint activity because many college students head out of town for school. “We like to encourage credit unions to encourage members to keep contact information updated so we know where people are, where they are transacting and doing activity. It’s very important to do that,” John Buzzard, strategic technical fraud account executive for Rancho Cucamonga, Calif.-based CO-OP Financial Services, said.
The main goal of fraudsters is to mimic legitimate cardholder activity. Therefore, anytime members are away for an extended time, notifying issuers helps issuers detect possible fraudulent transactions.
Criminals today regularly purchase card numbers based on zip codes and they use those to counterfeit cards fraudulently within the same zip codes. It creates a huge problem for card issuers when they do not understand what legitimate activity is, as opposed to fraudulent activity.
Buzzard also suggested it is a great opportunity for credit unions to educate their membership about school relocation or extended travel notifications. “It’s a process where you notify your card issuer that you plan to be out of your normal area for a time so they could be aware of it for fraudulent activity.”
2. College student scams.
Students with new emails and modest experience become prime targets as well. This might take various forms.
Scammers try to take advantage of the influx of new students by luring new laptop owners with fake Microsoft security emails and calls, or impersonating new schools to steal personally identifiable or sensitive personal information.
Stolen credit cards credential theft can increase as students try to save money by buying books from unsavory dealers and sites, Kubler warned. Outright textbook piracy may also come with free viruses and other malware.
Then there is tuition wire fraud that attempts to coax money out of victims by convincing them they have an unpaid tuition bill.
3. Bogus email and phishing schemes.
During the back-to-school months, criminals are likely to instigate a common email fraud scheme that involves sending a message that promises a reward, such as a gift card from a major retailer. Criminals ask their victims to complete a survey, which includes personal information such as home addresses, Social Security numbers and birthdays. Once the fraudsters have enough details, they use the survey applicant’s data to apply for credit cards.
Another cybercriminal scheme is to obtain teachers’ credit union email lists so they can hit members with spear phishing attacks, which requests members update information and then lures them to fake pages designed to capture usernames, passwords and personal credentials.
Read a full account of fall fraud issues in the August 17, 2016 print issue of Credit Union Times.
