Risk & Insurance Insider

Emerging Risk: Spam, Shams, & Other Scams

Fraudsters are crafty, knowing how to pressure people to make decisions on the spot by using innovative schemes. Their multi-channel approach looks for victims who find their stories convincing and will willingly share sensitive information, which can be used to authorize and carry-out many types of transactions. Unfortunately, the fraudulent transaction is often a legit exchange based upon a fairytale.

Rise Above Your Risk

91% of the time, phishing emails are behind successful cyber attacks.*

*The Data Insider, January 14, 2019

Common Member Scams

Secret shopper, elderly, romance and more–understand how scammers are tricking your members. (User ID and Password Required)
Access Overview
Loan Stacking

Loan stacking can be lucrative for fraudsters, get tips to identify fraudulent loans. (User ID and Password Required)
Access Overview
Business Email Compromise

Learn how fraudsters are tricking employees to wiring large sums of money. (User ID and Password Required)
Access Overview

To discuss how to identify risk, mitigate losses, and receive insightful resources and tested practices, Ask a Risk Consultant or call 800.637.2676.

Previous Articles

Click on each topic to display the article.

Operations & Security

Emerging Risk: Employer Rights, Risks, and Obligations

As an employer, you must exercise caution with changes in the workplace to ensure fair accommodations for your employees and potential employees. It’s critical to know your risks, rights and obligations while managing risks related to drugs in the workplace, self-expression, personal appearance, and discrimination/harassment.

Rise Above Your Risk

Nearly 50% of Management & Professional Liability claim dollars paid over the last five years are related to employment practices losses. * watch this video to learn more.

*CUNA Mutual Group Internal Claims Data, 2013-2017

Emerging Risk: Branch Operations

The investment in your branch and your day-to-day operations is often only as good as your people and the training related to policies, procedures, and internal controls that they receive. Given that branches can vary greatly, not everything can apply from one branch to the next.

Rise Above Your Risk

Branches aren’t going away…61% feel it’s important to have a local branch and typically prefer to apply for a loan or deposit account in a physical branch.* Watch this video to learn more.

*PwC’s 2019 Digital Banking Consumer Survey

Emerging Risk: Employee Safety

Identifying potential risks and hazards coupled with a concerted effort by the entire organization to enforce safety…can save your credit union time, money, and minimize preventable injuries. A robust strategy also demonstrates your commitment to keeping your employees safe, secure, and even making them more productive at work.

Rise Above Your Risk

79% of executives/leaders are more concerned about employee or student safety than they were two years ago. * watch this video to learn more.*

*Everbridge, Active Shooter Preparedness Research Report

The online channel helps deliver the optimal 24/7-member experience. However, fraudsters continue to exploit the point of entry by concealing their true identity during member authentication and verification. Check out these resources to create more obstacles for fraudsters during the online experience.

Rise Above Your Risk

Account takeover losses reached $5.1B last year; watch this video to learn more.*

*2018 Javelin Strategy & Research, Identity Fraud Study

Ransomware is a cheap, easy, and accessible form of disruption for cyber criminals, a perfect cover for other forms of attack like cryptojacking. Watch the video below to hear how fraudsters are raising the bar for credit unions. View the video.

Rise Above Your Risk

The average ransom demand was $116,324 and the median amount was $10,310.*

*2019 Beazley Breach Briefing

When risk management is effective, typically nothing bad happens, But, if you’re blindsided by a problem, your credit union reputation takes a hit. By staying ahead of emerging risks, you can help mitigate potential losses and minimize impact to your credit union’s bottom-line.

Ensure your credit union is ready to rise above your risk.

Emerging Risk: Threats in the Cyber Security Landscape

Cybersecurity is one of the most dynamic risks to manage. Fraudsters continuously find new social engineering tactics to exploit the weakest link at your credit union – your employees. By understanding threats in the cyber landscape, you can help minimize the impact of these growing risks.

Ensure your credit union is ready to rise above your risk.

Access these three resources to gain a greater understanding of the latest cybersecurity threats and social engineering tactics:

  • Cybersecurity is more than an IT problem; Protecting Your Credit Union’s Data(Opens in a new window) introduces next-gen threats to data security and shares key considerations to strengthen your risk posture.
  • Hackers look to exploit an individual’s inclination to trust, review The Rise of Social Engineering Fraud(Opens in a new window) eBook to learn about the latest social engineering tactics. (User ID / Password required)
  • Phishing emails are hard to detect at a quick glance. The Employee’s Guide to Phishing Emails(Opens in a new window) can help identify common red flags. (User ID / Password required)

Emerging Risk: Workplace / Employee Safety

Safety initiatives are essential when it comes to maintaining a work environment that is both safe and productive. However, programs, policies, and procedures don’t mean much if you aren’t focused on taking necessary precautions to minimize the risks involving hazards, injuries, and accidents.

Be ready and rise above your risk.

Access these 3 resources to help your credit union consider the right safety measures:

By embracing regulatory complexity, your credit union can stay focused on performance and get ahead of changes to better navigate the regulatory and compliance landscape.

Be ready and rise above your risk.

To keep a pulse on emerging compliance risks, check out these resources:

Credit unions, small and large, collaborate with partners, vendors, and third parties to deliver products and services to their members. These relationships play a critical role in your credit union’s success; however, providing vendor oversight is vital throughout the entire life cycle to minimize risk.

Be ready and rise above your risk.

Use these resources to help you assess and manage vendor risks.

Natural disasters and catastrophes disrupt credit unions throughout the nation each year; in fact, many were impacted in 2017 due to bad weather, hurricanes, wildfires, and even man-made or infrastructure threats. And while it is impossible to prevent a disaster, you can take measures to ensure both your credit union and employees are prepared.

Be ready and rise above your risk.

How quickly and completely your credit union recovers from direct and indirect losses depends heavily on how well you are prepared. These risks typically occur with little or no warning.

Leveraging different backgrounds, skills, perspectives and knowledge of your workforce, while following sound employment practices, can set your credit union up to be more effective and successful. Changing your workplace culture won’t happen overnight, but there are steps you can take immediately.

Ensure your credit union is ready to rise above your risk.

Employees are your greatest asset! Protect and educate your them by understanding the most pressing risks of an evolving workforce.

Active shooter incidents are unpredictable and evolve quickly. And, unfortunately, we continue to see them impact our communities. It is critical for your credit union staff to be aware of their surroundings and know how to instinctually respond.

Ensure your credit union is ready to rise above your risk.

Active shooter incidents are often over within 10-15 minutes before law enforcement arrives on the scene. Are your employees prepared to protect themselves?

Virtually every aspect of your credit union business poses risk. Understanding how each new service, operational change, regulatory update, and technological advance impacts your credit union is critical to your success.

Ensure your credit union is ready to rise above your risk.

To stay ahead of the complex array of ever-changing risks and compliance issues, review these resources to assist you as your credit union grows and evolves:

Employee or director dishonesty accounts for more than half (56%) of credit union losses in terms of dollars paid within the Bond policy.1 And, lack of internal controls and oversight are significant issues contributing to the losses.

Ensure your credit union is ready to rise above your risk.

Having the right controls in place in addition to knowing how to detect internal fraud is critical to your loss mitigation success. Review these resources to help your credit union prepare:

1Employee or Director Dishonesty & Faithful Performance losses, Claims Data, CUMIS Insurance Society, Inc. 2012-2016

Cybersecurity threats continue to evolve in unimagined ways. In fact, breaches and related fraud continue to thrive. And, with consumers being tech savvy and more connected, the risks are becoming even more difficult to manage.

Ensure your credit union is ready to rise above your risk.

While no one is immune; you can establish a strong set of cyber controls to operate safely and remain ready.

  • Watch this Cybersecurity Trends & Tips webinar clip (8:21) to get a closer look at how to manage third party access, email fraud and ransomware.
  • Security companies are warning of a malicious attack on Internet of Things (IoT) devices. Check out this IoT Risk Overview (User ID / Password required) to learn how connected devices can add exposure to your credit union ecosystem.
  • Cloud adoption rates are also on the rise. Review this Cloud Computing Risk Overview (User ID / Password required) to help with your strategic considerations related to the cloud.

Your day-to-day operations are the center of activity. Those same operations also introduce risk, especially if policies, procedures, and controls are lacking, out-of-date, or employees just become too complacent. Unfortunately, recent credit union losses have shown that a common denominator has been the lack of internal controls.

Ensure your credit union is ready to rise above your risk.

Credit unions need a strong and effective system of internal controls to operate safely and effectively.

Whether you believe your employees are all trustworthy or that you have strong internal controls in place, you may be unknowingly setting your credit union up for a devastating loss down the road. Losses include embezzlement, theft of vault or teller cash, account and expense manipulation, or fictitious/unauthorized loans.

Generally, employees who have a need, an opportunity, and who can rationalize their actions are the ones who commit internal fraud. Why learn the hard way? Take the self-assessment below to discover where you may be vulnerable.

Self-Assessment Questions:

  • Are you checking and verifying previous employers, references, and performing criminal background and Bondability checks for new hires and volunteers?
  • Do you have zero tolerance in a Fraud Policy Statement?
  • How are you proactively monitoring employee warning signals?
  • Have you implemented dual control over vault cash, currency shipments, ATM / teller cash replenishments, and cash dispensers?
  • Are vault cash, cash drawers, and ATMs subject to frequent surprise audits?
  • Are transactions initiated by tellers or vault tellers before and after a surprise cash audit?
  • Are sound controls used to monitor expense and general ledger accounts?
  • Is a whistleblower policy in place to encourage staff to report incidents?

You can also do a deeper dive self-assessment evaluating your internal processes >>

Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group.

October marks National Cyber Security Awareness month reminding you to take the time to review your digital policies and procedures.

7 out of 10 businesses hacked learned from an external party.*

Your members count on you to protect their sensitive information from falling into the wrong hands. A data breach can result in more than lost data. It can damage your credit union’s reputation, shake your members’ trust and could cost you tens of thousands of dollars to repair.

CUNA Mutual Group’s cyber solutions will help you better manage risk and keep your business open in the event of an attack. Additional valuable tools and resources are available within the Protection Resource Center.

*Mandiant M-Trends 2015 Report, February 2015

With certain legal protections afforded to employees, charges and lawsuits related to retaliation and other employment practices charges have increased. In fact, there is a one and eight probability of having an employment charges filed against an U.S. company.* (The 2015 Hisox Guide to Employee Lawsuits)

Personal relationship conflicts and workplace romances make for sensational headlines; however, they also lead to gossip, damaged credibility, and claims of harassment and/or retaliation.

Ensure your credit union is ready to rise above the risk.

  • Watch this free Risk Video (4:36 minutes) on the impact and learn what you can do.
  • Share this Risk Overview (User ID / Password required) with your management team to proactively manage workplace relationships.
  • Check out Unlawful Workplace Retaliation Overview (User ID / Password required) to see losses related to this frequently filed employee complaint.

Extra Expense is the necessary extra costs you incur to minimize the suspension of your business and allow you to continue operating your credit union as close to normal as practicable, after a covered loss.

Here are some things to consider:

  • The loss as a worst case scenario.
  • The politics and ordinances that could impact your recovery timeline.
  • The construction timeline for building a better and newer building, especially considering weather delays, building code issues, and demand for resources.
  • Due to the high volume of equipment requests from other businesses and a limited supply in a disaster zone, increased costs can be associated with the necessary equipment.

 Use our Coverage Calculator to identify potentially risky coverage gaps.

Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group.


Impact of Legalized Marijuana

The legalization of marijuana and its impact on the American workplace is a growing problem. Credit unions are now faced with questions such as: Do we provide account services and/or lend to marijuana-related business; Should or can we test employees or applicants; and, Are our policies in line with this changing landscape?

Ensure your credit union is ready to rise above your risk.

Access these resources for a greater understanding of the risks associated with marijuana legalization:

What should credit unions be doing to manage due diligence and indirect lending in our dealer relationships?

- VP of Lending, $765M Credit Union

Ongoing due diligence for automobile dealerships in an indirect program is critical to your program’s success. In fact, in situations where relationships were loosely managed and monitored, credit unions have seen some of the largest losses caused by unscrupulous dealerships and their employees or practices. Be sure to:

  • Understand how the dealership fits into your member demographic, loan growth, and risk appetite strategies
  • Have a clear understanding of the operational structure and conduct reviews regularly including on-site visits and sales staff interviews
  • Establish appropriate growth goals, concentration limits, and minimum standards for creditworthiness, such as credit score and debt-to-income requirements and loan-to-value limitations
  • Maintain quality control on the vendor’s program administration, underwriting, and contract expectations
  • Manage your incentive structure effectively to ensure dealers and staff are focused on loan quality, not just loan volume

Lastly, if you find that one of your lending relationships shows red flags or adverse performance trends…take early action to revise the dealer relationship.

This question was asked during our October 5, 2017 Office Hours. For more questions from your peers, watch the full recording. Topics included loan fraud, indirect lending, and compliance issues related to the Home Mortgage Disclosure Act, Military Lending Act, and the Telephone Consumer Protection Act.

Managing lending risks can be tricky – especially when dealing with the many types of lending: consumer, real estate, indirect, business, etc. Your credit union needs a robust risk management program in place to help you provide proper lending oversight.

Be ready and rise above your risk.

Use these resources to help you manage your lending risks:

Keeping pace with lending risks can be challenging. It takes constant monitoring and ensuring employees follow sound practices to make sure risks don’t turn into lending program losses.

Check out these recently introduced resources:

Payments and Deposits

Scams targeting your members can range from ATM and gas pump skimming to identity theft and account takeovers. And, these scams are continuously evolving – so it’s nearly impossible to keep up. However, there are steps you can take to help educate and protect your members.

Rise Above Your Risk

24.9 million Americans lost an estimated $8.9 billion to telephone scams alone.* Watch this video to learn more

  • Elder Financial Abuse: Help protect your elderly members from the growing threat of senior scams. (Log-in required)
  • Protect Member Transactions: Help protect your members from themselves and fraudsters with these tips. (Log-in required)
  • Flood Protection: Help your members understand common myths and protect themselves from flooding. (Log-in required)

*2018 Truecaller Report

Compliance Overload

In today’s uncertain regulatory landscape, one thing is certain – things are changing. And, keeping pace with compliance updates isn’t easy, but is critical in mitigating risks. Use these resources to help ensure you are doing your best to manage compliance risk at your credit union.

Rise Above Your Risk

Credit unions in the U.S. face a combined $6.1 billion in annual regulatory costs.* Watch this video to learn more

  • Check Collection & Return Guidelines: Check fraud continues to plague credit unions. Use this guide to understand how check collections and returns can help minimize risk. (User ID and Password Required)
  • Partner Perspectiv-LOANLINER: Learn how lawsuits are alleging deceptive practices and excessive overdraft / NSF fees.
  • CECL Implementation Guide: Use this practical guide with six steps to assist in implementing the new CECL rule. (User ID and Password Required)

*CUNA Mutual Group Internal Claims Data, 2013-2017

Fraudsters are attacking credit unions through a variety of channels and scams. Some of the more prevalent methods include: fraudulent online account opening, account takeovers through online banking, wire transfer scams, ACH booster payments, and card fraud.

Be ready and rise above your risk.

Use these resources to help you assess and manage payments and deposits risk:

Fraudsters master old tricks and continuously evolve new ways to gain access to sensitive member, financial, and corporate information. They thrive by targeting those that are most vulnerable: the elderly, holiday shoppers, military members, disaster victims, donation-givers, job candidates, employees, and consumers in general.

Ensure your credit union is ready to rise above your risk.

Scammers succeed by catching you off guard. And, unfortunately recognizing scams can be difficult for both you and your members. Review these resources to help your credit union and members combat scams:

The difficulty in navigating the complex chargeback process has led consumers to, knowingly or unknowingly, add $11.8 billion in expense to the payment industry in the form of "friendly fraud" according to Visa estimates*. Friendly fraud can be hard to spot and even more difficult to navigate given the various regulatory and compliance considerations surrounding it.

Ensure your credit union is ready to rise above your risk.

Error resolution compliance doesn't have to be an uphill battle. In fact, there are processes and tips that can help you work within the regulations, balance risk, and still maintain positive member experiences. The key is to not to allow friendly fraud get the best of your credit union.

  • Watch this Risk Video (6:31 minutes) on the impact and learn what you can do.
  • Share this Risk Overview (User ID / Password required) with your management team to understand the most common risks and how you can proactively manage friendly fraud.
  • Check out one credit union’s perspective as they share key tips on how to handle these member claims,
    CU Perspective: Friendly Fraud (User ID / Password required).  

*This fraud may be "friendly," but costs are high, CBS MoneyWatch

Plastic card fraud is predicted to reach a staggering $31.67 billion worldwide by 2020.*

While your Plastic Card Insurance Policy helps to protect your credit union’s card program(s) from catastrophic fraud losses, you can help control your exposure by:

  • Converting to EMV chip-based cards and authentication system, if you have not already done so.
  • Establishing success metrics for fraud and understanding the levers that can help you maintain the right balance between security and member experience.
  • Leveraging the valuable tools, resources and expertise CUNA Mutual Group’s Risk and Compliance Consultants make available to you through the Protection Resource Center.
  • Keeping a watchful eye and finding the pattern as close to real-time as possible.
  • Accessing the prerecorded February webinar: Card Fraud Trends Continue to Grow. 

*Card Fraud Losses Reach $21.84 Billion, The Nilson Report, October 2016.
CUPRM, PC-1705792.1-0217-0319

ID theft-related tax refund fraud involves fraudulently filing tax returns under another person’s name and Social Security number. Each year, credit unions and credit union members report these schemes impacting them even though the IRS has made significant progress in combating this type of fraud.

Despite this encouraging trend, credit unions should remain vigilant as taxpayer identities continue to be stolen in a number of ways including through data breaches and phishing scams. Since you are on the receiving end of the transaction – refunds via ACH credit or check – you can help combat this fraud by watching for these red flags:

  • Multiple tax refunds deposited to a member’s account
  • Incoming tax refunds via ACH credit where the name does not match the account number
  • Suspicious presentment of refund checks (e.g., double-endorsed checks), or a large number of refund checks deposited to a business member’s (e.g., a check cashing business) account


  • Risk and Insurance Insider
  •   P&C Minute
  • 2019 Webinar Schedule
  • Emerging Risks Video Series
a man working on his phone
Ask a Risk Consultant

Our experienced consultants are here for you. Submit your question here or call us at 800.637.2676 for assistance, insights and risk mitigation tips.

This resource is for informational purposes only. It does not constitute legal advice. Please consult your legal advisors regarding this or any other legal issues relating to your credit union. Any examples provided have been simplified to give you an overview of the importance of selecting appropriate coverage limits, insuring-to-value, and implementing loss prevention techniques. CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, its subsidiaries and affiliates. Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group.