Credit union tech time: Three Ashley Madison ‘mandates’

December 23, 2015 by Todd Stringer, CU Management

Why go to the trouble of taking money out of people’s accounts if you can get them to just give it to you?

That, apparently, is the logic behind hackers who use stolen passwords and information from breaches to send fake wire transfer requests to trick recipients into approving funds transfers.

Take, for example, the Ashley Madison breach in which a Canada-based dating site was hacked and its users subsequently blackmailed via email. While at first glance a financial institution may see no immediate fraud issue with such a breach, let’s look at an example of what can be done with this type of data.

Very recently, a mid-size bank with assets over $5 billion received a wire request using a seemingly legitimate email address and password, and the transfer was sent through. Even though the contents of the email are unknown, it’s apparent the employee was disinclined to call and question a request from a director. Upon discovering this, the wire department suspended email requests for the remainder of the day.

Credit union tech time: Three Ashley Madison ‘mandates’

Featured

Stop hunting for a CRM: Discover the 10 features every credit union should demand

As credit card spending rises, CUs must encourage financial discipline

Five things I learned as an examiner turned credit union CEO

Stoic wisdom for credit union leaders: Cultivating resilience and vision

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!

Discussion