How Credit Unions Can Be Proactive About Brand Impersonation


Despite the best efforts of many credit unions to educate their members about online and mobile fraud, attackers continue to victimize credit unions and their members via cyber scams. Cybercriminals believe that the customer constitutes the weakest link in the cybersecurity chain, which is why they tend to focus most of their efforts on tricking customers into revealing important information.

Criminals also know that by targeting large financial institutions, they have a higher chance of success based on sheer numbers. These banks have hundreds of thousands of depositors spread out across the country. But in recent years, cybercriminals have become a lot more ambitious, and it’s now quite common for small local credit unions, and their members, to also be targeted. According to a recent report from the Anti-Phishing Working Group (APWG), the second quarter of 2022 saw over 1,097,811 phishing attacks, a new record and the worst yearly quarter for phishing attacks that APWG has ever observed.

Recently, the National Credit Union Association issued a warning about the heightened risk of highly specific scams targeting federally insured credit unions. These scams involve impersonating an institution’s website, social media accounts, and mobile apps where victims are lured in to steal their credentials, identity, and money. Attacks like this are categorized as “business impersonation” fraud, and it’s a growing problem for credit unions everywhere.

Taking proactive action against this threat is now more important than ever. Fortunately, you can protect your institution and your members with a few easy steps. To guarantee success, make sure everyone from the front office to the back-office are involved in this action plan.

5 Tips for Protecting Your Credit Union Against Business Impersonation Fraud

Many local credit unions believe their institution is far too small to attract attention from cybercriminals. This is a false assumption, as shown by one survey that looked at up to 50 million websites a day. In just the first 90 days of 2022, 20% of regional banks and credit unions in the data sample experienced brand impersonation attacks.

To ensure that doesn’t happen to you, begin taking the following steps to establish control of your brand online:

1. Make Your Brand Logo Unique

Make your logo and other brand imagery as unique and distinctive as possible. A generic-looking logo can make it easier for fraudsters to impersonate a credit union and victimize their membership. For instance, simple shapes like pyramids, squares, or circles are very easy for criminals to copy.

In addition, if you go through a rebrand or retire old product/service trademarks, etc., make sure you communicate the changes to your membership. Attackers sometimes look at a financial institution’s rebrand or launch of a new product/service as an opportunity to target its customers. Monitor the web for use of both the new branding and the old branding. They will use the old imagery and branding thinking an institution is no longer monitoring for its use. Or, attackers may also exploit the new logo

2. Register All Your Trademarks and Copyrights

Enforcing a site takedown can be very difficult if you don’t register your brand name and logo, especially when the content host has lax policies on impersonation fraud or copyright infringement. You could even find yourself in a situation where the scammers have registered your brand name and logo before you could.

The best places to start with registering your brand images are the U.S. Patent and Trademark Office and the European Union Intellectual Property Office. If you haven’t already, don’t delay registering existing or new brand images.

3. Create Online “Anchors” for Your Brand

Your online anchors are the places on the web where your members, partners, and employees frequent. You need to create a strong presence before scammers have a chance to get ahead of you. Start by registering your website domain name. You may also want to register multiple top-level domains (e.g, .com, .net, .org .etc) or at least monitor them for suspicious activity, especially if you do any international business. Don’t worry about trying to register every possible variation of your domain name, as that’s a never-ending job.

Next, create social media profiles for your brand and your key executives across all the major sites. Also, keep a lookout for any up-and-coming social media sites. If a scammer gets in and creates a profile in your name before you can, then you might have a hard time dislodging them.

4. Develop a Proactive Monitoring Strategy

Brand impersonation doesn’t just hurt you and your members financially, it also hurts your reputation and image. Once word gets out among your members about a scam or infiltration, they’ll start to lose trust in your institution almost immediately. You’ll then find yourself dealing with both the incident response as well as the need to reassure your members that everything is under control.

The best way to stop a fire is to make sure it doesn’t start in the first place. Be proactive in finding and eliminating impersonation sites before they can strike. This can be a big job, but the tools and capabilities are there to ensure you can stay on top of your cybersecurity. Be thorough in assessing and choosing a vendor to monitor the use of your brand online. They should have proven capabilities in protecting credit unions and their members against attacks.

5. Have a Response Strategy in Place

Even with the best cybersecurity practices in place, scams, impersonations, and data breaches can still happen. Don’t wait around for one to strike before deciding what to do. Have response strategies ready to go for all the different types of attacks you can face. Also note that your playbooks for dealing with a site that abuses your trademarks is different from dealing with impersonation fraud. In addition, each social media platform will have its own protocols for dealing with a takedown, requiring a different response strategy for each one.

If putting together all these different response strategies together and executing them correctly sounds like a tall order, that’s because it is. Responding to brand infringement and abuse is an ever-evolving practice, and you will need a dedicated team of IT specialists on-hand if you plan to handle things in-house. The easier alternative is to find a vendor that automates the monitoring of the internet at large. It’s estimated that more than 12,000 fake websites are published each day. Without automating detection, it’s nearly impossible for an IT security team to keep up. Just make sure they understand the particular needs of your type of business.

Final Thoughts

Cybersecurity and brand protection are top priorities for every type of business and organization these days, even for small operations like a local credit union. Taking effective steps to prevent and deal with impersonation fraud will not only save you money but also earn and maintain the trust of your members as well as protect your institution’s reputation.

About Author:
Josh Shaul is the CEO of Allure Security. He is known as a visionary security leader with expertise in building teams, creating strategy, and driving growth for security companies of varying sizes. He is passionate about providing comprehensive digital protection to businesses while inspiring trust and confidence in their customers and clients. He is recognized as a leader with strong diplomatic skills, a natural affinity for cultivating and nurturing global relationships and for possessing unwavering personal ethics and integrity.


Please enter your comment!
Please enter your name here

Share post:


More like this