THE IDENTITY FRAUD CREDIT UNIONS NEED TO BE AWARE OF:
Account Takeover Account takeover occurs when a third-party gains access to an individual's online account, using illegally obtained usernames and passwords or by inputting easily guessable passwords into a login form. Account takeover attacks are increasing in both frequency and scale, and many financial services organisations are not prepared to defend against a surge of attacks. The financial services industry is a prime target for account takeover attacks, as attackers seek to access these extremely profitable accounts.
When attackers have access to customers' accounts they are able to commit acts of fraud, such as:
Moving the money across to their personal account
Acquiring credit or debit card details linked to the account
Selling the details of the account on the dark web for a profit
Why is account takeover a threat to credit unions?
More than 60% of consumers reuse existing passwords for online banking.
From 2016 to 2017 account takeover attacks for financial institutions
tripled.
Only 1% of businesses are aware of online marketplaces and websites where stolen accounts are being sold.
Personally identifiable information such as names, addresses, dates of birth and social security numbers, are being sold on the dark web
for only $1 as a “full account” and used to takeover accounts.
WHY IS THE THREAT INCREASING? Cyber criminals have become much more sophisticated in recent years and exploit business logic to carry out their attacks. Additionally, automated tools that make it easier for cyber criminals to test thousands of password combinations in brute force attacks, are readily available on the dark web at an affordable price. This automated attack technique is referred to as credential stuffing.
Impact of account takeover on credit unions
$5 billion in losses were recorded by financial services organisations in 2017, due to account takeover attacks.
A $190 million fee was charged to a financial services company to settle its fake account scandal in 2016.
680,000 victim’s accounts were accessed by cyber attackers in 2019.
£18 million was taken from consumer accounts between 2018 and 2019 as a result of account takeover.
Sources: https://www.cutoday.info/THE-feature/How-To-Battle-Account-Takeover-Crime https://securityboulevard.com/2019/06/the-costs-and-risks-of-account-takeover/#:~:text=From%202016%20to%202017%2C %20losses,in%20the%20United%20States%20alone. https://www.netacea.com/bot-management-review-2020/ https://www.bluevoyant.com/blog/bank-account-takeover-activity#:~:text=In%20the%20past%20year%2C%20the,120%25%2 0from%20the%20previous%20year. https://www.cnbc.com/2016/09/08/wells-fargo-reaches-185m-settlement-to-settle-secret-account-fraud-case.html https://www.iii.org/fact-statistic/facts-statistics-identity-theft-and-cybercrime https://www.fintechfutures.com/2020/04/harnessing-new-technologies-to-stop-todays-modern-account-takeover-threats/