Though fraud can be complicated and scary, we are here to help mitigate that with education and being able to work with you when these things happen.A “Brute Force Attack” or “Bin Attack” is when a fraudster takes a card number and runs a program to try and transact any possible number in a sequence. This is to try and get a positive authorization on one of them, then they would know that is a valid card number. These can happen to any card numbers of any type.The fraud strategy of Lincoln Maine FCU is one that does not allow for these types of problems to take over. Eric, the card specialist works with our automated fraud system to limit member exposure and resolve issues as quickly as possible. Our staff is trained to help you remain calm, find a solution and get you and your card back to spending wisely.Reach out to us with any questions, or problems within online/mobile banking (for secure messaging), email or Facebook for general inquiries, or call 207-794-8623.
Fraud type 1 – Brute Force Attack
What Is a Brute Force Attack
- A brute force attack is a trial-and-error method used by fraudsters to obtain payment card information such as an account number, card expiration date, PIN, or Card Verification Value 2 (CVV2).
How Is a Bruce Force Attack Executed
- A brute force attack typically begins with attempts to gain access to a merchant’s retail terminals or its website payment system, using a malware installation, phishing scheme, or both. Once the hacker has gained access to the network, they can use the merchant’s terminal or online system to perform computer-generated test transactions until the hacker receives a valid authorization. These authorization requests can accumulate into the thousands in seconds.
- Using this authorization information, the criminal can then combine the valid card verification value, expiration date, and card numbers obtained via the brute force attack to perform fraudulent card-not-present transactions via e-commerce, POS-keyed, mail-order, or phone-order channels. They also may use it to create counterfeit cards.
How Members Can Help Prevent Brute Force Attacks
As with all fraud, there are steps that members can take to help protect their account information. It is good practice to remind you to:
- Use strong passwords and change them often. Having a strong password policy is the simplest and most effective way of thwarting a brute force attack. Don’t include personal information in your passwords, avoid recycling passwords, and change them frequently.
- Utilize two-factor authentication for accounts. This adds another layer of security to protect your personal information.
- Ensure the security on your electronic and mobile devices is up to date.
- Never open attachments or click on links from unknown individuals or companies as it could enable malicious software.
- Contact your credit union right away if you believe your information has been compromised!
Fraud type 2 – Spoofing
What Is Spoofing
- Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. In this case, fraudsters were contacting members saying that they were calling on behalf of a credit union.
How Members Can Prevent Falling Victim to a Spoofing Scam
- To never share your credit union account information or social security number. Your credit union will not contact you by phone, email, or text with a request for this information. If you receive a request like this, chances are it’s fraud!
- If you receive an unsolicited call or text message from someone claiming to be a representative of your credit union, you should hang up (if contacted by phone) and call your credit union using a phone number listed on their statement to verify the contact is legitimate. If you get pushback from the person on the other end, it is likely a scam.
It’s also good practice to:
- Monitor credit card accounts, banking accounts, and credit reports regularly.
- Change account passwords often and avoid using the same username and password on multiple sites or personal information.
- Never open attachments or click on links from unknown individuals or companies.
- Contact the credit union right away if they believe their information has been compromised!