As guardians of sensitive cardmember and account data, credit unions running a credit card program must monitor cybersecurity trends closely to protect their cardmembers. Cybercriminals continue to evolve their methods, and fraud reports and losses continue to climb.
Current attack methods to be aware of:
- Recent Artificial Intelligence (AI) developments, like ChatGPT, have made phishing attempts much more effective. Technology like ChatGPT allows cybercriminals to create more realistic messaging to convince cardholders of legitimacy.
- A newer, effective, and more sophisticated form of phishing has emerged combining voice and email known as telephone-oriented attack delivery (TOAD). Some common lures are associated with banks, tech support, Apple, Amazon, and PayPal.
- Another expanding fraud channel is social media. In 2023, losses from social media scams reached $1.4 billion. Recent trends involve scam merchants that advertise on social media promoting goods at discounted prices.
- Account takeover (ATO) is another type of fraud on the rise. Criminals attempt to gain access to a consumer’s account for fraudulent purposes using stolen credentials. From 2020 to 2021, losses from ATO increased 90%, and 2021 losses topped $11 billion.
- Scam merchants manipulate search results using sponsored links and creating fake reviews that ultimately recommend the scam merchant. These tactics manipulate cardmembers into trusting the validity of the site or merchant and result in purchases for inferior or undelivered products, compromised card credential, and more.
Sophisticated attacks are more difficult to detect and can lead to greater losses. Although the data suggests that financial institutions have successfully thwarted more basic attempts — which are no longer working as effectively — they must ensure that the proper protections are in place to guard against these new and evolving fraud methods.
View sources and learn more about how these types of attacks work, impacts to profitability, and strategies to mitigate and prevent fraud here.