Email security provider Avanan revealed in a report on Thursday that a new phishing campaign is exploiting credit unions to steal money and data. According to research by Avanan, phishing emails are disguised as legitimate messages from leading companies/companies. They are sent to trick the recipient into sharing the impersonated company’s login credentials and sensitive data.

A Dramatic Increase in Identity Theft Campaigns by Credit Unions

Check Point Avanan claims that since February 2022, there has been a dramatic increase in phishing campaigns impersonating credit unions. The same has been observed by the National Credit Union Administration (NCUA), which has even informed credit unions to remain cautious in the face of new emerging threats in an ever-changing geopolitical environment.

Referring to the CISA advisory in January regarding Russian state-sponsored cyber threats against critical US infrastructure, the NCUA noted that the risk of cyberattacks against US institutions is two-fold.

Hackers exploit undeveloped email security

Although all financial and banking institutions are vulnerable to spoofed phishing emails, local credit unions are particularly vulnerable to such attacks due to insufficient security measures, researchers say.

Reportedly, 92% of credit unions primarily lack security, while 66% lack adequate email security, putting them at risk of phishing campaigns. Also, credit unions generally rank higher than big banks, so their members are much more likely to trust their messages/notifications. This has led to an increase in local credit unions spoofing phishing campaigns.

attack tactics

Threat actors frequently use tactics such as document alerts, wire transfer codes, and incoming payment notifications. The purpose, however, is the same, which is to compel the recipient to enter account credentials and perform banking activities.

According to Avanan blog post, attackers use several different methods to obtain account details. In one of the phishing emails, the recipient was asked to click on a link to view their account statements and documents online.

One of the phishing emails (Image: Avanan)

Another email contained a link related to an important notice, while a third asked for money to stop the wire transfer. The fourth offered ACH debit. In any case, the link provided in the email redirected the victim to a fake login page believed to belong to the cashier. The user enters credentials on this page, which are sent to the attackers, and they use them to compromise the account and steal funds.

From the recipient’s perspective, the website appears to be unresponsive after entering their username and password.


It should be noted that such attacks on credit unions could have significant financial repercussions, as the risk can be as high as $1.2 million for large credit unions.