Member Education: Public Wi-Fi and bill pay risks

October is National Cybersecurity Awareness Month. Though cybersecurity is everyone’s responsibility, year-round, this month serves as a special reminder that every individual has the power and responsibility to make the internet safer and more secure for everyone.

As FBI Cyber Division Assistant Director Matt Gorham recently stated, “National Cybersecurity Awareness Month isn’t just about understanding [cybersecurity] risks, but also emphasizing our collective power to combat them.” 

We recommend you take some time this month to educate your members and staff on prevalent cybersecurity and fraud risks, such as the risks of using public Wi-Fi to access secure, financial information.  

The Dangers of Members Using Unsecured Wi-Fi

Public Wi-Fi networks – like those in coffee shops and hotels – are not nearly as safe as many individuals may think. Even if the network connection requires a password, users are often sharing these networks with numerous other people, which puts their data at a higher risk of exposure.

A cybercriminal can quite effortlessly use their own router to provide an open internet connection to public users. Oftentimes, these criminals set-up these networks to say “Internet” or “Free Wi-Fi,” or even include the name of the location or service provider – i.e. “Hotel Wi-Fi,” “Linksys” or “GogoInflight” – to make the connection appear more authentic. Even worse, if an individual’s computer has ever connected to the legitimate public network, the device will be fooled into thinking it already has permission to connect, even if the connection is being processed through a different router, i.e. one owned by a fraudster.

Fraudulent Bill Payments

Fraudsters perform these open network attacks in an effort to gain access to an individual’s private information for financial gain. In many of these circumstances, fraudsters gain illegal access to a victim’s bill pay so they can issue checks to an account under his/her control.

In one recent attack, a credit union found that $4800 was transferred from a member’s checking account to his bill pay account. Unauthorized checks totaling $7800 were then sent from the member’s bill pay account to the cybercriminal’s account. The credit union determined that the member used an unsecured wireless network to log into his bill pay account, which is how the fraudster gained access to the member’s credentials.

Risk Mitigation

• Provide member education on the risks of using public Wi-Fi networks to access private information and accounts, such as online banking and mobile bill pay
• Set appropriate and separate dollar limits for both ACH and check payments
• Confirm with the member check payments over a set threshold amount
• Review your IP address report to find and look into IP addresses not associated with previous member account activity
• Review your SSID report for public networks used; a Service Set Identifier (SSID) provide a unique sequence of characters for each wireless local area network
• Use fraud detection software with risk analytics to proactively and automatically cancel fraudulent payments
• Invest in insurance that covers potential losses from these attacks, such as Allied’s fidelity bond protection and cyber liability insurance
• Adopt a cyber pre-service and post service response program, such as Allied’s data breach protection program

Contact Allied Solutions to learn more about protecting your credit union and members from these and other fraud attacks: alliedsolutions.net/contact-us.