LIVONIA, Mich. — Co-Op Services Credit Union is reporting an increase in financial scams against its members over the last 13 months, with a recent uptick in fraudulent text messages sent to members on Friday evenings.
"It really started about three years ago, and it just comes in waves," said Norm Thomas, vice president of information technology for the 52,000-member credit union. "There will be times when we don't see anything for six or eight months, and then we see little dribblings come in. And then there are times when we just get hammered hard with continuous attacks, and that's what's happening now."
Happy Holidays
Thomas said Co-Op Services saw an increase in attacks around the holidays, but even with the holiday season over, the attacks have not slowed down.
He explained that about 50 members so far have been swindled for anywhere from $500 to $2,000, with perpetrators withdrawing the maximum daily amount from ATMs or purchasing untraceable "cash cards" at stores like Walmart. The $365-million CU has reimbursed members for those monies lost.
Members have been scammed primarily by falling prey to phishing attacks in which members were falsely alerted that their debit card has been deactivated or that the account has been somehow compromised, and that the member should call a specific number to take action. In the case of Co-Op Services, as in other phishing attacks, the messages were designed to appear to come from a legitimate source, and upon calling the assigned number, victims were then asked for their card number, expiration date, PIN and other private information. Most of the recent attacks have been sent via text message, often early on Friday evening, leaving an entire weekend to rip-off victims.
When the problem started a few years ago, Thomas said, it was originating in Romania. Co-Op Services shut down service to Romania, making it impossible for its debit cards to be used there. That stopped the problem for about a year, until it popped up again in Spain, where Co-Op Services took similar action. Lately, however, the problem has been originating domestically, with the credit union taking losses in Los Angeles, Arizona and even at home in Michigan.
Thomas said that part of the problem initially was that the government will not get involved until losses pass a certain threshold. Now that Co-Op services has hit that mark, Thomas has been working with the Detroit office of the FBI, among others.
Based on his conversations with federal authorities, Thomas said, "I think it's easier to hit the community banks and smaller financial institutions like credit unions, because they can localize the attack. They're hoping we're not as protected."
Co-Op Services has undertaken a member-education campaign, and has also partnered with cyber security firm Cyveillance to help take down the hackers. That's where the member education comes in: if members receive what they suspect is a phishing scam, they are asked to contact Cyveillance with the suspicious phone number, which the security group then begins working to shut down.
Thomas called such scams "the crime of this generation," because not only can they be accomplished without sophisticated technology, but victims are handing over sensitive information without realizing they are being scammed.
