Fraud Trends to Watch

Scenario 1 – Brute Force Attack

What Is a Brute Force Attack?

A brute force attack is a trial-and-error method used by fraudsters to obtain payment card information such as an account number, card expiration date, PIN, or Card Verification Value 2 (CVV2).

How Is a Bruce Force Attack Executed?

A brute force attack typically begins with attempts to gain access to a merchant’s retail terminals or its website payment system, using a malware installation, phishing scheme, or both. Once the hacker has gained access to the network, they can use the merchant’s terminal or online system to perform computer-generated test transactions until the hacker receives a valid authorization. These authorization requests can accumulate into the thousands in seconds.

Using this authorization information, the criminal can then combine the valid card verification value, expiration date, and card numbers obtained via the brute force attack to perform fraudulent card-not-present transactions via e-commerce, POS-keyed, mail-order, or phone-order channels. They also may use it to create counterfeit cards.

How to Help Prevent Brute Force Attacks:

As with all fraud, there are steps that you can take to help protect your account information. Some suggestions:

  • Use strong passwords and change them often. Having a strong password policy is the simplest and most effective way of thwarting a brute force attack. Don’t include personal information in your passwords, avoid recycling passwords, and change them frequently.
  • Utilize two-factor authentication for accounts. This adds another layer of security to protect your personal information.
  • Ensure the security on your electronic and mobile devices is up to date.
  • Never open attachments or click on links from unknown individuals or companies as it could enable malicious software.
  • Contact OTIS FCU right away if you believe your information has been compromised!

Scenario 2 – Spoofing

What Is Spoofing?

Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. In this case, fraudsters were contacting members saying that they were calling on behalf of a credit union.

How to Help Avoid Falling Victim to a Spoofing Scam:

  • Never share your credit union account information or social security number. OTIS Federal Credit Union will not contact you by phone, email, or text with a request for this information. If you receive a request like this, chances are it’s fraud!
  • If you receive an unsolicited call or text message from someone claiming to be a representative of OTIS, please hang up (if contacted by phone) and call OTIS using the phone number listed on their statement to verify the contact is legitimate. If you get pushback from the person on the other end, it is likely a scam.

Good Practices:

  • Monitor credit card accounts, banking accounts, and credit reports regularly.
  • Change account passwords often and avoid using the same username and password on multiple sites or personal information.
  • Never open attachments or click on links from unknown individuals or companies.
  • Contact OTIS FCU right away if you believe your information has been compromised!

(Information courtesy of the Maine Credit Union League)