Coast Capital Savings has stated that some of its members were targeted in a cyber fraud incident last year.
The fraud, in which 140 members had money stolen, occurred in November and December, the BC-based credit union said. Affected members have been contacted regarding details of reimbursement.
While the credit union does not know exactly how much was stolen in the attack, it has estimated that the loss to each victim was "typically in the magnitude of between $3,000 and $6,000”.
A spokesperson for the organization said that an initial investigation revealed the attackers managed to obtain online account and password numbers through two methods: phishing attacks via emails and text messages, as well as via a “brute force” method where the attackers used a computer program to constantly try different account passwords until it guessed correctly.
"What we know is that these attacks were not a breach or a hack in the sense of unauthorized access of Coast Capital systems," said Coast Capital Savings vice president of public affairs and communications Dave Cunningham.
Cunningham also suggested that a third method could have been used to facilitate the attack. The method involves the attackers posing as customers over the phone, impersonating trusted sources.
"We've also seen cases where they're doing just old-fashioned impersonation social engineering, calling up people trying to trick them by pretending they are from a charity or a hospital or some other trusted source like that,” he said.
CBC News reported that while Coast Capital is conducting its own investigation of the cyberattack, the RCMP is also on the case.