TruStage RISK Alert: Account Takeovers With a New Twist

Fraudsters are still gaining access to member accounts through online banking by using advanced social engineering scams to steal login credentials, however they are employing new tactics.

Social engineering tactics used by fraudsters to gain access to members' online banking credentials have traditionally included:

• Phishing: where fraudsters pose as trustworthy sources (usually via email) to steal personal or financial information.
• Smishing: A type of phishing attack carried out via SMS (text message), tricking users into revealing personal information or clicking malicious links.
• Vishing: Phishing conducted through voice calls, where fraudsters pretend to be legitimate entities to steal sensitive information.
• SIM swap: where a fraudster convinces a mobile carrier to transfer a victim's phone number to a new SIM card, giving the fraudster access to calls, texts, and two-factor authentication codes.
• Impersonation: When someone pretends to be another person or entity

A new tactic involves using A2A (account-to-account) external transfer services to pull funds via ACH debit, then moving the money to mule accounts for withdrawal before the transactions are returned unpaid.

For more information and risk mitigation tips, read the full alert at: Trustage.com (Password and log-in required).