Five cyber threats facing credit unions and how to stop them

March 3, 2021

Fraud is often at its most dangerous during downturns and crises — both of which are happening during the COVID-19 pandemic. 

In March 2020, we wrote a blog about how fraudsters are exploiting Covid-19 for profit and a year later, it is still a major threat to credit unions. Now that we are almost a year into this pandemic, a global crisis has proven to be the perfect breeding ground for fraudulent activity. With people increasingly seeking connections and communication via digital means, businesses and consumers need to be even more vigilant in recognizing, rejecting and reporting fraud.

In some respects, Canadian companies received some good news about the cost of a data breaches. Canada is the only country that experienced a net decrease in the average cost of a data breach in 2020, with the average expense of a compromised record reaching $187, a $15 year-over-year decline, according to ID Agent.


However, the reduced cost per record won’t make a difference for many companies’ bottom lines. According to a blog post by the Office of the Privacy Commissioner of Canada, the number of compromised records has increased six fold since last year. In part, this is due to two large scale data breaches at Desjardins Group and Capital One that collectively compromised millions of records, but small and midsize businesses (SMBs) account for a growing number of data breaches as well. As the agency explains, “since reporting became mandatory, we’ve seen the number of data breach reports skyrocket. Some of those reports have involved well known corporate names, but we have also seen significant volumes coming from small- and medium-sized businesses.”


The financial services industry is at risk from heightened levels of fraud, including cyber fraud, as criminals attempt to exploit the COVID-19 pandemic. Keep on reading to find out five fraud threats that may confront your credit union and three ways to mitigate them to keep your organization secure during Fraud Prevention Month (#FPM2021) and beyond.


5 threats facing credit unions


Phishing involves a fraudulent attempt to obtain sensitive data, such as usernames, passwords and credit card details or other sensitive information. Fraudsters do this by impersonating a trustworthy entity. Pandemic scammers are pulling out all the stops as phishing attacks increase in both frequency and creativity. In the wake of COVID-19 and the changes that it brought, including an increasing reliance on a remote workforce and virtual meetings, plus cloud-based operations and storage, bad actors are scrambling to profit.

With an over 600% increase in 2020, phishing attacks are a plague on cybersecurity teams around the world.

- ID Agent

Remote workforce

As the global pandemic continues to shape the way that we live and work, many companies are finding themselves supporting a remote workforce for significantly longer than they anticipated in March 2020.


With the chaos of getting everything back up and running in the spring, many of those same companies are discovering that remote workforce cybersecurity is a little bit different than in-office cybersecurity.


Employees, while doing their best, are often a weakness to many organizations while working remotely. Some factors that make a remote workforce a threat to your credit union include employees being distracted by a new work environment, isolated from IT personnel and they could be using a vulnerable endpoint device.


The number one cause of a data breach is always human error, and in each example, it’s apparent that the human element is the X factor that exposes businesses to additional risk. By ensuring your employees are adequately trained in cybersecurity and have the right tools at their disposal, you can reduce the risk to your credit union.


Close up low angle view of a man working from home on a laptop computer sitting at a desk surfing the internet-3

Account takeover fraud

Account takeover fraud is when a fraudster gains access to an account that doesn’t belong to them and makes unauthorized transactions — sometimes changing key credentials of the account such as the rightful account owner’s personal information or log-in details. This type of attack often involves phishing attempts to compromise customer data, and has become a lucrative option for fraudsters given the various government assistance programs that have been implemented due to the crisis


Account takeover fraud makes up 37% of fraud, which is expected to increase in the wake of the pandemic.

- Experian

Canadian credit unions must confidently engage members using holistic and advanced risk-based identity and device authentication. Credit union should also consider targeted, knowledge-based authentication that allows verified customers to move throughout the log-in process, but would frustrate fraudsters.

Spear phishing

Spear phishing was in the top 10 frauds affecting Canadians in 2020 according to the Canadian Anti-Fraud Centre.


Spear phishing scams involve scammers pretending to be from legitimate sources to convince businesses or individuals to send them money. These scams leverage existing relationships between the person receiving the email and the person sending it. The sender's address appears to be the actual email address of the source they're pretending to be, a tactic known as spoofing. Many variations have been reported including business executive spoofs, financial industry client spoofs, head office spoofs and payroll spoofs.

Data breaches

Data breaches, especially those involving ransomware, climbed steadily throughout the chaotic landscape of 2020. Two in five SMBs were victimized by ransomware, with an estimated 85% of companies experiencing a cyberattack in 2020. That means that cybercriminals were able to rapidly harvest fresh data to sell or dump on the dark web.

Experts estimated that hackers made over 22 million records available on the dark web in 2020.

- ID Agent

The dark web already contained millions of pieces of information that hackers could use to fuel cyberattacks — an estimated 60% of the information that was on the pre-pandemic dark web could harm businesses. That percentage is climbing fast and will continue to grow as the fallout from a record number of data breaches in 2020 is calculated. Plus, dark web activity has climbed by more than 300% in the last three years, making both the buying and selling markets bigger.


Three ways to mitigate threats

Security Awareness Training

More than ever, employees are the weak link in an organization’s network security. They are frequently exposed to sophisticated phishing and ransomware attacks. Employees need to be trained to remain on their toes with security top of mind.


Celero Protex Enterprise Security Awareness Training prepares your employees to defend against cyber-attacks including phishing, spear-phishing, executive whaling or CEO fraud. This program is taught by technical experts and includes baseline testing using mock attacks, engaging interactive web-based training for employees, and continuous employee assessment measured through simulated phishing, vishing and smishing attacks to build a more resilient and secure organization.

Find out how we can help you manage the ongoing problem of social engineering and create a human firewall.

Dark Web ID Credential Monitoring

Did you know that passwords are often up for sale on the dark web to the highest bidder?

More cybercriminals are eyeing your passwords than ever before, and credential theft is where it all begins. Despite this, a Ponemon Institute study found that 51 percent of respondents have not changed their password behavior.


Celero Protex Dark Web Monitoring ensures that your credit union’s credentials are secure. The financial services industry is a prime target for digital credential theft because of the wealth of information collected by credit unions and banks. Your employees and members connect to critical business applications and online services with a variety of usernames and passwords. This puts everyone at risk for identity theft, data breaches, and other crime.


We proactively monitor the dark web 24/7 to track and triage potential information leaks and create effective policies and procedures to minimize your future risk. Stay ahead of new trends in cyberattacks with ongoing reporting to keep you informed and your credit union safe.


Hand using wireless mouse with financial concept on dark background

Password Manager

Speaking of a password manager, we are pleased to announce that as part of Fraud Awareness Month, we will be launching out new password manager, Passly, in partnership with ID Agent!


The threat of cyberattacks has never been greater, and one layer of security is not enough. Today, nearly 80% of all data breaches are a devastating result that could have been avoided with stronger password protection.


Every organization, regardless of size, must implement a secure identity and access management platform to protect their digital identity, their data, and their business continuity. Passly provides the most comprehensive and cost-effective platform available to enable security, compliance, and efficiency.


If you are interested in learning how Celero can help your credit union reduce their risk of fraud, please contact us or talk to your Celero Account Executive.


Related posts:

Fraudsters Exploiting Covid-19 for Profit

How to recognize, reject and report fraud

Protection against technology scams

Preventative Care - one more layer of risk mitigation

Infographic: 5 ways cyber criminals bait businesses through phishing


Subscribe to Celero Insights.


Five cyber threats facing credit unions and how to stop them