CUNA Mutual Group Risk Alert: Wire Transfers Continuously Targeted by Fraudsters

Losses from fraudulent wire transfers from member accounts have increased in frequency and severity. Fraudsters continue to impersonate members to request wire transfers from member accounts, which are often funded with advances against members’ line-of-credit loans (e.g., HELOCs). They easily defeat call-back verifications and security questions by controlling the number used for callbacks and by building member profiles to answer security questions. The evolution of new wire transfer scams including CEO email fraud and updated wire instructions for real estate closings, compounds the problem.

Many credit unions still accept large dollar wire transfer requests remotely from members and rely on call-back verifications combined with security questions to authenticate the members’ requests. Call-back verifications are not consistently effective in authenticating members’ remote wire transfer requests, particularly large dollar requests. Fraudsters rely on these tricks to ensure continued success with this age-old scam:

  • They control the phone number used for the call-back verification by having the member’s home phone forwarded to the fraudster’s or by having the phone number changed on member accounts; and
  • They easily answer security questions commonly used to authenticate members during the call-back verification by building profiles on their member/victims using data mining techniques. They obtain members’ recorded mortgages to lift signatures, obtain members’ credit reports and even order skip traces which contain a wealth of information.

Some credit unions require members to request wires through online banking believing it is more secure since members are authenticated by entering their login credentials. However, this method of requesting wires is not secure due to the ease with which fraudsters enroll member accounts for online banking or stealing members’ login credentials using malware (banking Trojans). In either method, the fraudster logs into the member’s account and changes member contact information (e.g., home and mobile phone, email address, etc.) and could also request a wire transfer using the secure messaging feature or by completing a wire transfer form.

Making matters worse is the introduction of new wire transfer scams, such as:

  • The CEO email fraud scam (also referred to as business email compromise) involves fraudsters impersonating the CEO or other credit union executive and sending emails to the CFO or controller using a look-a-like domain requesting a wire to pay a vendor; and
  • The real estate wire scam involves fraudsters who send an email to the credit union or member containing “updated wire instructions” shortly before the loan closing.

It’s critical for credit unions to understand the methods used by fraudsters to commit wire fraud so that prudent loss controls can be developed to mitigate the risk.

Risk Mitigation
Credit unions should consider these risk mitigation steps for handling members’ remote wire transfer requests:

  • Avoid relying on call-back verifications and security questions to authenticate members’ large dollar remote wire transfer requests. Require members, who don’t have a signed wire transfer agreement on file to request large dollar wires in person at a branch office. You can establish a monetary threshold for this purpose;
  • When performing call-back verifications for authenticating members’ remote wire transfer requests that fall below the monetary threshold for which in person requests are required, use out-of-wallet security questions or an identity verification service that focuses on out-of-wallet questions; and
  • Establish formal written procedures for handling remote wire transfer requests from members and be sure to provide periodic training to those employees, who are involved in the process.

Credit unions should also develop formal written procedures to guard against the CEO email fraud scam and the real estate closing wire scam.

Risk Prevention Resources
Access CUNA Mutual Group’s Protection Resource Center at cunamutual.com for exclusive risk and compliance resources to assist with your loss control. The Protection Resource Center requires a User ID and password. To learn more, review these resources: