Katie BaileyBy Ken Otsuka, Sr. Consultant, Risk and Compliance Solutions, TruStage
Identifying the next major risk is no easy task—especially in an environment where fraudsters are constantly evolving old schemes with new techniques. Across the country, credit unions are seeing significant losses in familiar areas: account takeovers, fraudulent deposits, and attacks on ITMs and ATMs. These incidents—often involving coordinated schemes and the use of money mules—have led to six- and seven-figure losses.
While every credit union has its own unique risk profile, understanding where losses are trending is essential to protecting operations and maintaining member trust. The good news: these incidents offer valuable lessons that can inform proactive loss control strategies moving forward.
Top Risk Areas Driving Losses
Over the past 12–18 months, several key areas have emerged as especially vulnerable:
Account Takeovers
Fraudsters are conducting sophisticated social engineering campaigns to gain access to member accounts—often by manipulating members into providing login credentials and two-factor authentication codes. Common tactics include:
- Sending text alerts that appear to come from the credit union or spoofing phone numbers to impersonate staff.
- Contacting call centers to reset member passwords or change contact details.
- Using known login credentials and simply requesting missing authentication codes.
Once access is gained, funds are typically moved via external transfer services. A growing trend, however, involves both the compromised account and the money mule account being housed at the same credit union. These mules—often recruited via social media—are used to withdraw funds through various channels.
Fraudulent Checks and Deposits
Despite the rise of digital payments, check-related fraud continues to grow. Fraudsters are relying on tried-and-true methods—altering, washing, or counterfeiting checks—with a key enabler being stolen mail.
Increased loss activity has been linked to:
- Altered or counterfeit checks being negotiated outside the credit union’s detection controls.
- Money mules cashing fraudulent U.S. Treasury checks.
- Fraudsters opening business accounts in the name of stolen check payees to deposit and withdraw funds before returns are processed.
Interactive Teller Machine (ITM) and ATM Fraud
Large-scale fraud targeting self-service devices has become more frequent and more costly:
- ITM fraud: Unauthorized withdrawals are being made using counterfeit debit cards. Some credit unions have discovered deep insert skimmers attached to ITMs.
- ATM jackpotting: Fraudsters connect black-box devices to ATMs, triggering the machines to dispense cash until emptied. Recruited mules are often used to collect the funds.
- ATM smash-and-grabs: Burglaries involving blow torches or other forced-entry tools are on the rise, with attempts to breach or steal the ATM’s cash vault.
Mitigating Risk Before It Strikes
Emerging risk trends underscore the importance of taking a proactive approach. Effective risk management may not always be visible—but it’s often the reason losses don’t occur. When incidents do happen, the financial and reputational costs can be significant.
Credit unions that stay informed, assess evolving risk patterns, and implement loss controls position themselves to mitigate impact and maintain resilience. Sharing experiences and identifying red flags early can help safeguard the system as a whole.
Additional Resources
TruStage™ Fidelity Bond policyholders can access resources—including RISK Alerts and the Business Protection Resource Center—at www.trustage.com. For more information or to request a consultation, contact the TruStage Risk team at riskconsultant@trustage.com or call 800-637-2676.
To dive deeper into how money mules operate, view the on-demand session Money Mules and Their Schemes available through TruStage.
