Attacks on Credit Unions and Community Banks

The second half of 2007 has seen a suddensurge in the number of phishing attacks on financial puddles likeregional banks, credit unions, and small- to mid-sized credit unions.But why are fraudsters focusing on localized financial institutions?The answer is simple; they are highly profitable and have lessresources to protect them from phishing when compared to largerinstitutions. Larger institutions have secured themselves byimplementing stronger Internet security measures. Even the customersfrom larger financial institutions are quite familiar with phishing.

Furthermore, credit unions have always been major competitors withlarger financial institutions. The sub-prime problem in the UnitedStates has triggered a financial stress. To give some respite to thisdifficult situation the Feds had planned out cuts in interest rates.These cuts in interest rates have become a blessing in disguise forcredit unions because valuations of the first three quarters of 2007show robust growth in earnings of credit unions as a whole due to theirsuccessful consumer lending at lower rates and positive loan andmembership growth. Along with the growth in membership comes growth inonline financial transactions. Along with online financial transactionscome the inevitable challenges of fraud and phishing. Logically then,since credit unions have become richer and have gained in popularity,they have drawn the attention of fraudsters.

The larger financial institutions have deeper pockets to fund thetake-down services of phishing sites while smaller credit unions may beunable to facilitate the removal of fraudulent Web sites with as muchsuccess and speed. A very effective methodology is often adopted byfraudsters as they go about targeting financial puddles like creditunions. This two-pronged strategy begins with impersonated spam mailsthat appear to be from banks or credit unions and that have a linkembedded within the text. Upon clicking any of these links, a user isredirected to a fraudulent replica page of that particular credit unionor community bank that solicits personal, financial, and accountdetails.

What is interesting to note is that the methodology and strategyadapted to attack these smaller institutions is uniform across theboard. It could be that the same fraudsters are on a planned phishingspree, moving from one target to another after inflicting substantialdamage.

Some of the ploys used in these emails:
1. Duplicated logos and graphics of the target institutions are used to make the mail look legitimate.
2. A sense of urgency is created to verify account registration, with apenalty of the account being suspended if the process is delayed or notheeded to.
3. A spoofed hyperlink is given that redirects to the fraudulent Web page.
4. On the fraudulent Web page, personal, financial, and account details are solicited.

Some of the ploys used in exploiting vulnerabilities:
1. Where ports are concerned, fraudsters have exploited ports 80, 84, 443 and/or 442.
2. The use of IPs in the root domain to deceive the prey

The online banking customers of any size of financial institutionshould always employ healthy skepticism and regard any emails frombanks with caution. Never follow links from such emails. It's alwaysbest to open a Web browser and type the URL in yourself. Finally,whenever you’re in doubt, call your bank directly.