• Search
  • Search

Fighting Member Target Fraud Starts Inside the Credit Union

Katie Bailey5 min read5 hours ago

By Holly Speczenksi, Risk Consultant, Risk & Compliance Solutions, TruStage

I spend a lot of time talking with credit unions about risk, and one issue keeps coming up: member-targeted fraud. It touches nearly every institution, regardless of size, geography or field of membership. Fraud no longer starts with systems or networks; it starts with people. That reality changes how leaders need to think about prevention.

When I talk about member-targeted fraud, I mean scams that are aimed directly at individuals not credit unions. These schemes trick members into sending money, sharing sensitive information or giving criminals access to their accounts. Fraudsters often impersonate credit unions, government agencies, law enforcement or tech support. They rely on urgency and fear to push members into acting before they have time to think logically about what is happening.

This type of fraud affects everyone. Many still assume scams primarily target older adults, but the reality is very different. I see victims across all age groups. Most adults have encountered some form of online scam, and the messages are no longer sloppy or obvious. Criminals now personalize their outreach using data pulled from breaches, social media, and public records, which makes the interaction feel legitimate and familiar.

Over the last few years, fraudsters have adopted more sophisticated social engineering tactics and generative Artificial Intelligence (AI) has made their work even easier. Criminals can now create polished phishing emails, realistic text messages, and deep fake voice or video clips. Those tools remove many of the traditional warning signs—like bad grammar or peculiar sentence structure—credit unions once relied on when educating members about fraud.

Types of scams

Romance scams remain some of the most damaging cases I see. These schemes do not rely on urgency. Instead, scammers build relationships over weeks, months, or even longer. They create detailed backstories and full identities, sometimes stolen from real people. By the time they ask for money, victims feel emotionally invested and deeply connected. That investment makes it extremely difficult for credit union staff to convince a member the relationship is not real.

Government impersonation scams also continue to grow. In these cases, fraudsters pose as representatives from well-known governmental agencies like the FBI, Secret Service, or IRS. They claim the victim’s credit union or account is under investigation and warn members their funds are at risk. The scammer then instructs the member to move money into a so-called “secure” or “holding account” via a wire transfer or a cash deposit into a cryptocurrency ATM. They stress urgency while demanding secrecy, which protects the criminal by isolating the victim.

Employee impersonation scams hit especially close to home for credit unions. In these situations, criminals call members while posing as credit union employees. They reference the member by name and claim to see suspicious account activity. Once the member denies authorizing the transactions, the scammer asks for authentication details. With that information, criminals can gain access to accounts online and move funds quickly, often before anyone realizes what happened.

Other scams continue to circulate as well, including lottery scams, fake investment opportunities, family emergency stories, and tech support schemes. Each one uses a different hook, but the mechanics stay consistent. Criminals create fear or excitement, introduce urgency, and insist on secrecy. They then walk victims’ step by step through the process of sending money.

What credit unions can do to safeguard members

Preventing these losses requires credit unions to start with their own staff. Employees need training that focuses on recognizing red flags and feeling comfortable slowing things down. Large or unusual withdrawals, sudden transfer requests and members who seem anxious or rushed all deserve and need closer attention. Asking questions protects members far better than speeding through a transaction ever will.

Technology supports that effort. Credit unions need real-time fraud monitoring tools that rely on behavioral analytics, machine learning, and AI. These systems help identify activity that does not align with a member’s typical behavior, such as logging in from a new device and immediately initiating large transactions. Without these tools, institutions end up chasing fraud instead of preventing it.

Member education also plays a critical role, but it needs consistency and repetition. Credit unions should share fraud messaging through every available channel, including online and mobile banking, email, branch interactions, and traditional direct mail. Members consume information differently, and repeating key messages on multiple channels increases the likelihood they remember them when it matters most.

Simple guidance often works best. Members should know:

  • Don’t trust caller ID, phone numbers can be spoofed.
  • Never share one-time passcodes or sensitive information with someone who calls.
  • If a caller pressures them to act quickly or demands secrecy, that request should immediately raise concern.
  • Walking away if any of these red flags become evident is always the safest choice.

Trusted contact programs offer another layer of protection. These programs allow credit unions to reach out to a person the member has already designated when staff suspect financial exploitation or health concerns. The trusted contact does not gain account access. Instead, they provide perspective and support that can help interrupt a scam before money disappears.

At the leadership level, this work requires a mindset shift. Fraud prevention should function as both loss prevention and member service. Protecting members from scams strengthens trust and reinforces the credit union’s role as a financial partner. When that philosophy becomes part of the culture, staff feel empowered to act, members feel supported and the organization becomes stronger against an ever-evolving threat.

Staying ahead of the bad actors

TruStage offers resources to help keep your members protected, including our ‘When Members Become Victims’ interactive training module and our Emerging Risks Outlook overview.

To learn more how TruStage can help, visit TruStage.com.

The views expressed here are those of the author(s) and do not necessarily represent the views of TruStage.

TruStage® is the marketing name for TruStage Financial Group, Inc. its subsidiaries and affiliates. Corporate headquarters are located in Madison, Wis. © TruStage

Written by
Katie Bailey
View all articles
Related articles

About Us

The League of Credit Unions & Affiliates provides a platform for advocacy, collaboration, and innovation, representing 381 credit unions across Alabama, Florida, Georgia, and Virginia and their 32.7 million members, as well as $453.6 billion in assets. The League serves as an advocate through credit union engagement, advocacy impact, Foundation resources, and LEVERAGE products and services. Join us in supporting credit unions by learning more at www.the-league.coop. Follow The League on LinkedIn, Facebook, X, and Instagram.

Social Channels

Follow us on all major social media platforms.