Fraud Trends To Watch


Keeping your credit union informed about fraud trends in Maine is one of the League’s highest priorities. We want to make credit unions aware of two trends we are seeing in the state. A summary of what has occurred in each scenario is outlined below, along with some tips that your credit union can share with your members. By raising your awareness and providing your credit union with tools to educate your members about these trends, we can help prevent fraud.

Scenario 1 – Brute Force Attack

What Is a Brute Force Attack

  • A brute force attack is a trial-and-error method used by fraudsters to obtain payment card information such as an account number, card expiration date, PIN, or Card Verification Value 2 (CVV2).

How Is a Bruce Force Attack Executed

  • A brute force attack typically begins with attempts to gain access to a merchant’s retail terminals or its website payment system, using a malware installation, phishing scheme, or both. Once the hacker has gained access to the network, they can use the merchant’s terminal or online system to perform computer-generated test transactions until the hacker receives a valid authorization. These authorization requests can accumulate into the thousands in seconds.
  • Using this authorization information, the criminal can then combine the valid card verification value, expiration date, and card numbers obtained via the brute force attack to perform fraudulent card-not-present transactions via e-commerce, POS-keyed, mail-order, or phone-order channels. They also may use it to create counterfeit cards.

How to Identify a Brute Force Attack

  • Review daily transactions to identify any significant increases in the number of denials from one or multiple merchants.
  • If on a single card, you see multiple (often 100 or more) back-to-back denied transactions from the same merchant, it is likely that fraudsters have the card information and are attempting to acquire the three-digit CVV or CV2 code via a CVV brute force attack.
  • If you see a series of single transactions from one merchant consisting of many sequential card numbers that generate declines for invalid expiration date or record not found, you have most likely identified a BIN attack. In this case, the fraudsters probably have your BIN and are auto-generating sequential card numbers, attempting to find valid card numbers.

What to Do If You See Evidence of an Attack

  • If you strongly suspect an attack, you should block all card numbers that received approvals. If the criminal has the approved valid card number, it is only a matter of time before they use it or sell it on the dark web.
  • Additionally, if you suspect an attack, it is advisable to review reports from three to five days prior and compare the typical number of declines with the quantity in the report with suspicious transactions.
  • A brute BIN attack or merchant testing is a quick spike of large volumes approximately 75-300 transactions at a time. If you see anything that does not seem right, please pursue research to mitigate current fraud or to deter future attacks.

How Members Can Help Prevent Brute Force Attacks

As with all fraud, there are steps that members can take to help protect their account information. It is good practice to remind your members to:

  • Use strong passwords and change them often. Having a strong password policy is the simplest and most effective way of thwarting a brute force attack. Don’t include personal information in your passwords, avoid recycling passwords, and change them frequently.
  • Utilize two-factor authentication for accounts. This adds another layer of security to protect your personal information.
  • Ensure the security on your electronic and mobile devices is up to date.
  • Never open attachments or click on links from unknown individuals or companies as it could enable malicious software.
  • Contact your credit union right away if you believe your information has been compromised!

Scenario 2 – Spoofing

What Is Spoofing

  • Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. In this case, fraudsters were contacting members saying that they were calling on behalf of a credit union.

How Members Can Prevent Falling Victim to a Spoofing Scam

Given this activity, sharing these helpful tips with your members can help protect them against this type of fraud. Consider reminding them:

  • To never share their credit union account information or social security number. Your credit union will not contact them by phone, email, or text with a request for this information. If they receive a request like this, chances are it’s fraud!
  • If they receive an unsolicited call or text message from someone claiming to be a representative of your credit union, they should hang up (if contacted by phone) and call your credit union using a phone number listed on their statement to verify the contact is legitimate. If they get pushback from the person on the other end, it is likely a scam.

It’s also good practice to inform them that they should:

  • Monitor credit card accounts, banking accounts, and credit reports regularly.
  • Change account passwords often and avoid using the same username and password on multiple sites or personal information.
  • Never open attachments or click on links from unknown individuals or companies.
  • Contact the credit union right away if they believe their information has been compromised!

Please continue to keep the League informed if your credit union is made aware of scams impacting your institution or members by emailing Ellen Parent or Rebekah Higgins.