CUNA Mutual Group issued an alert this week regarding a wave of fraud that originates from home equity lines of credit and requests wire transfers be sent to construction company accounts. 

Wire transfer fraud involving HELOCs first surfaced in 2006, but this appears to be a new round of attacks that are hitting credit unions nationwide, according to the risk alert. 

After mortgages are filed and become public record, cybercriminals scrape data from the public documents to learn where members have HELOC accounts from which they can steal. 

Recent frauds have been conducted by requesting wire transfers be sent to accounts in the name of construction companies to make it look like advances for home improvement projects. In certain cases the companies are legitimate, and are used as "money mules." 

The fraud incidents featured a number of common traits, including: 

  • Fraudsters contacting credit unions directly to change member profile information, including addresses, phone numbers or email accounts; 
  • Online accounts are taken over entirely, allowing the fraudsters to manipulate members' online banking services. Once this occurs, they can change profile information or transfer funds from the HELOC into a share draft account, reducing the chance that a credit union employee would notice suspicious activity; 
  • Wire requests received by fax with accurately forged signatures, which they find on the HELOC documents they search out online; 
  • Member phone numbers are call-forwarded by the criminals, or callbacks by the credit union are forwarded to the criminals; and 
  • Fraudsters build a profile of member information from what they can gather on a member through online sources, and when a credit union employee asks the criminal to verify certain information, the criminal can give the correct information.