Three Holiday Scams to Alert Your Members About

confused woman wearing a Santa hat using credit card with a red laptop
John Buzzard Photo
Industry Fraud Specialist
CO-OP Financial Services

4 minutes

To help members proceed with caution, every credit union should teach them the mantra, ‘Hang up and call your credit union.’

By John Buzzard

Sponsored by CO-OP Financial Services

The holiday shopping season is upon us, which means fraudsters will be out in full force looking to steal information from your members. Fraud is constantly evolving and becoming increasingly difficult to spot, particularly as consumers shift to digital and mobile channels. As credit unions, it is our job to stay vigilant and keep members informed about the latest fraud schemes.

The harsh reality is that fraudsters are focused on data theft while the rest of us are juggling multiple responsibilities in addition to fraud prevention. This natural array of distractions pushes everyone to prioritize hour-by-hour while the criminals remain steadfast on gaining privileged access to information that can be monetized. Wouldn’t it be lovely to just have one thing on your “to-do” list today? Until then, stay warm, safe and don’t forget to keep your members informed on safer practices.  

I want to highlight below three of the most common holiday fraud schemes along with some tips for keeping your members safe from them.

1. One-Time Passcode Scams

One-time passcodes sent via email or text are typically considered to be a more secure way of verifying the identity of a person conducting a transaction or logging into their account. However, a scam that is becoming increasingly more common this year involves fraudsters mimicking an OTP request from a credit union to prompt members to divulge their PINs, passwords or other sensitive information. This sort of spear-phishing attack can be difficult to identify, as fraudsters will often use the victim’s name or other personally identifiable information obtained from an open-source website.

Fraud-Fighting Tip: Ensure your members can recognize an authentic communication from your credit union, whether it’s sent by SMS, email or phone. Remind them that they’ll never be asked to provide a PIN or other sensitive information by text and to verify that the number they are being called from matches the number of your credit union. You could even provide them with written or visual examples of the types of messages they can expect to receive from your credit union.

2. Keylogger Attacks

Keylogger scams can be particularly detrimental to members who are shopping online during the holidays. In this attack, a fraudster will install a keylogger application that records every keystroke a person makes. These apps can be used to capture a bevy of login credentials and card information. Keyloggers can be introduced through malware, a third-party app and even trusted sites, making them very difficult to identify and get rid of. 

Fraud Fighting Tip: Encourage your members to install the latest anti-virus/malware software on their computers. Remind them to run regular (daily/weekly) virus scans on their computers and to keep an eye on any suspicious account activity. They should also avoid downloading any free applications or programs from untrusted sources via social media channels.

3. Failed Payment Scams

Similar to fake OTP requests, “failed payment” scams involve a fraudster impersonating a known vendor or financial institution to extract payment information from a member. For instance, a member might receive a call from a fake Amazon employee advising them that their payment did not go through on a transaction and they will offer to manually expedite the order by taking the payment card information over the phone. The anatomy of this scam is adaptable to anything that links together forms of payment with the fear of losing essential services like utilities or cellular service.

Fraud-Fighting Tip: Remind your members never to share card details or other sensitive information over the phone without first verifying the identity of the caller. In many cases, the member may call your credit union directly after receiving notice of a failed payment. In this situation, it is crucial for your support staff to closely verify the origin of the payment request with the member. If you cannot see a corresponding preauthorization or posted charge, it would be a good idea to caution the member to monitor their account closely for unauthorized activity.

Final Tip: Adopt a ‘Hang up and Call Your Credit Union’ Ethos

Every credit union should adopt the mantra: “hang up and call your credit union” when it comes to socializing members to use more caution. If you educate them, members will know to hang up and call your member services directly if they are contacted by someone pretending to represent the credit union. This simple act of verification, if exercised regularly, could reduce the number of scam victims across the U.S. and in turn reduce the losses covered by credit unions when they make their members whole again after a fraudulent occurrence. 

John Buzzard is industry fraud specialist for CUES Supplier member CO-OP Financial Services, Rancho Cucamonga, California, a provider of payments and financial technology to credit unions.

CUES Learning Portal

Subscribe to Skybox

Get two to four blogs delivered via email each week!