By Esteban Camargo, published in CUSO Magazine
We are wrapping up another Cybersecurity Month here at CUSO Magazine. We have learned about the rise of AI scams, RFID skimming, got a refresher on password hygiene, and were reminded how important board literacy training is for credit union cyber health.
As we close out the month, it’s time to talk about another attack vector bad actors use to confuse and exploit members and staff alike: website spoofing.
What is website spoofing?
Spoofing is the act of cleverly disguising fraudulent websites as trusted ones. Regardless of how the faked website is sent to members and staff—and we’ll get to the specifics shortly—the important idea here is that the URL of a fraudulent website is made to look like something you know and recognize. Sometimes this is done by doing something as simple as replacing an ‘m’ with ‘rn’ (e.g. cusornag.com instead of cusomag.com). Sometimes an extra letter is inserted where it might not be noticed by the reader. Depending on the font used, it might be glaringly obvious (if you’re looking for it), but sometimes it’s disguised so cleverly by the font, it’s nearly impossible to tell.
Getting an unsuspecting target to click on a bad link is only step one for scammers. Maybe the site the user is directed to delivers a nasty payload to that person’s device. Another option though is that the individual is presented with a very convincing replica of the site they thought they were visiting. From there maybe they’re presented with a “confidential” web form asking for sensitive information the bad actor can use to access accounts, take over emails or phones, and in general wreak havoc. Either way, avoiding these websites is the first and most important countermeasure.
How are these spoofed sites presented?
Spoofed sites are delivered in a variety of ways using a variety of methods to convince you to click. Chances are you have received a text saying you owe money for this or that. Sometimes it’s a package that can’t be delivered and they need new information (despite the fact that you weren’t expecting anything). Whatever it is, text scams rely on you clicking on a link that has either been spoofed to look like something you know or is designed to look like something that might be legitimate.
Click here to read the entire article.
Conference of State Bank Supervisors
In separate letters to the U.S. Treasury Department and the federal banking agencies, CSBS outlined important policy considerations to foster a national regulatory framework for stablecoins and tokenized deposits that protects consumers, promotes financial stability, and provides a level playing field for traditional financial institutions and new payment stablecoin issuers.
“Stablecoin and tokenized deposit efforts should proceed in tandem,” said CSBS President and CEO Brandon Milhorn. “All financial institutions that choose to innovate – from community banks to stablecoin issuers – should have the benefit of regulatory clarity so they can bring responsible blockchain-based financial products to market.”
CSBS’s letter to Treasury provides a blueprint for achieving the GENIUS Act’s vision of a robust state-federal regulatory framework that facilitates a dynamic and resilient stablecoin market in the United States. Importantly, the CSBS comments:
- Reinforce that the GENIUS Act’s “substantial similarity” standard creates a federal floor, not a requirement for nationwide uniformity;
- Encourage Treasury to maintain vital flexibility that allows issuers to choose between federal and state frameworks based on their organizational structures and business strategy; and,
- Argue for strict compliance with GENIUS Act limitations on financial activities by payment stablecoin issuers, along with robust capital and resolution planning requirements and federal rules that prevent evasion of the “interest” and “yield” prohibitions in the GENIUS Act.
Click here to read the entire release.
By Wesley Grant, published in PaymentsJournal, click here to read the entire article.
There are now more superprime and subprime borrowers, leaving fewer consumers in the middle of the credit market.
According to TransUnion, the share of super prime borrowers—low-risk consumers with exceptional credit scores—increased from 37.1% in Q3 2019 to 40.9% in Q3 2025, representing roughly 16 million additional customers.
At the other end, the subprime segment also saw an uptick after contracting during the pandemic, when many consumers paid down debt. Together, the super prime and subprime groups drove higher origination volumes and overall growth in the credit card market.
“TransUnion always has great card-level data based on information furnished by lenders,” said Brian Riley, Director of Credit and Co-Head of Payments at Javelin Strategy & Research. “Here we see consumer polarization between good scores and weak scores, and everything in between. Super prime cards are booming, and you can expect to see more with Amex, Chase, and Citi’s amped up offers.”
An Avalanche of Offerings
The premium card market has heated up as economic conditions continue to batter the average consumer. To reach more affluent—and potentially more stable—customers, American Express and Chase have both recently enhanced their premium card benefits and raised annual fees.
Citi followed suit with the launch of its premium-tier Strata Elite card, and an avalanche of offerings aimed at the super prime market has followed. Even Klarna launched subscription tiers for its debit/BNPL card, designed to offer luxury perks without the debt associated with traditional credit cards.
More Stress Is Ahead
Meanwhile, the spiraling credit card balances have pushed many consumers, especially in the subprime segment, toward BNPL cards. However, the TransUnion report found that despite the significant amount of existing debt and credit growth in the subprime segment, delinquencies have continued to decline.
This may reflect improving consumer credit health, but issuers have also played a role, most notably by tightening credit lines. The average new account credit limit has dropped, and TransUnion found that subprime credit limits were down 5% year-over-year. Still, even with the drop in delinquencies, credit card issuers aren’t out of the woods yet.
Click here to read the rest of the article.
Published in PYMNTS.com, click here to read the entire article.
Rising prices and uncertain job prospects are shaking Americans’ sense of financial stability. As everyday costs climb and paychecks stretch thinner, many consumers are losing confidence in their ability to stay afloat—signaling deepening concerns about the health of both household finances and the broader economy.
Today, more consumers are struggling to get by. More than one in four, or 26%, had difficulties paying their bills last month—the highest share in at least two years. Overall, nearly seven in 10 consumers are now living paycheck to paycheck, with varying degrees of difficulty in paying monthly bills—the second-highest level over two years and nearly equal to the record high this summer.
Some groups are hit harder than others. For instance, 34% of consumers living in rural areas struggle to pay their bills. This share is far higher than the 24% of suburban individuals who report the same. In fact, even among high-income consumers in households earning $100,000 annually or more, financial pressure persists in rural areas.
Other lifestyle factors are also linked to financial strain. Forty-four percent of single adults with children are having difficulties paying their monthly bills. They are more than twice as likely as married individuals without children to face such challenges. Age plays a role, too. Bridge millennials—the cusp generation spanning older millennials and younger Gen X individuals—are struggling more than other generations.
Click here to read the rest of the article.
Published in Security Week, click here to read the entire article.
Ribbon Communications, an American company that provides backbone technology for communication networks, has been targeted by hackers.
Ribbon provides communications and networking solutions that enable organizations to reliably run phone calls and data networks.
The firm says its solutions are used by service providers, enterprises and critical infrastructure organizations. Its website lists BT, Verizon, Deutsche Telekom, CenturyLink, TalkTalk, Softbank, and Tata as its customers, along with the US Department of Defense and the City of Los Angeles.
In a quarterly financial report submitted recently to the SEC, Ribbon said it discovered unauthorized access to its IT network in early September 2025.
An investigation showed that the hackers may have gained initial access as early as December 2024, but the probe is still ongoing.
Ribbon has not shared any technical details on the incident, but said a nation-state threat actor is believed to be behind the attack.
At the time of the quarterly report’s submission Ribbon had not found any evidence that the hackers accessed or exfiltrated material information, but the company admitted that “several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor”.
Impacted customers have been notified. While the company expects to incur some costs as a result of its investigation into the cybersecurity incident, it does not expect the hack to have a material impact.
Click here to read the rest of the article.
Published in CUInsight, click here to read the entire article.
Financial decisions are deeply personal, categorically unique, and multi-dimensionally complex. Whether applying for a first-time home loan, managing one’s credit score, or saving for a child’s education, personal finances require the utmost care and attention from financial institutions. It is what customers demand and deserve. Will the growing AI adoption disrupt this delicate relationship between consumers and financial institutions?
When personalized financial care falls short, trust and loyalty can quickly weaken. For credit union members, an AI-automated loan denial, flagged transaction, or even a misaligned targeted product offer can profoundly jeopardize their perception of their institution.
There is a thoughtful, measured, and member-centric approach to incorporating AI technology within the credit union service ecosystem. As AI-powered digital banking services gain popularity, the delicate balance between automation, transparency, and privacy protection becomes increasingly clear. Credit union members expect their financial services to feel tailored by those who have served them well for years. Should that level of customer care begin to feel replaced by faceless algorithms, members may start to wonder: Was I treated fairly? How is my data being used? Were my privacy preferences respected? Do I understand why a financial decision was made or what each online banking feature means for me? Can I challenge the outcome if it feels wrong?
In this environment, protecting the harmony between technical efficiency and member trust is a challenge that grows as digital banking accelerates in both competition and automation. Enter hyper-transparency. Our research clearly indicates that transparent, explainable AI-driven financial decisions, combined with responsible data practices, offer the clearest path forward. By making institutional decisions direct and understandable, while being open about how member data is collected, used, and kept secure, credit unions protect both people and the financial data about them. This balance builds trust through clarity, fairness, and meaningful human oversight.
Click here to read the entire article
Published in PYMNTS, click here to read the entire article.
Consumers in the United States may be strapped, but not everyone feels the same financial strain. The difference often comes down to how they budget.
The June edition of PYMNTS Intelligence’s Paycheck-to-Paycheck Report, “Consumers Say They Want Budgeting Tools but Aren’t Using Them,” finds that the ways U.S. consumers manage their money says almost as much about their peace of mind as how much they earn.
PYMNTS Intelligence surveyed 2,040 U.S. consumers in May and found that nearly 7 in 10 of them live paycheck to paycheck. The tools they use to track spending divide them into three distinct financial personas that not only reflect income and age, but also reveal contrasts in confidence, control and comfort with money.
Most reporting about financial stress focuses on inflation or wages. The overlooked story here is behavioral. Consumers’ financial well-being often depends on their relationships with their own budgets, or their avoidance of them.
Financial Personas Revealed by Budgeting Approaches
According to the report, the three types of budgeters are:
- Advanced Budgeters (37%): These consumers use specialized apps such as Quicken Simplifi or Credit Karma’s budgeting tools. Even though many of them live paycheck to paycheck, 47% describe themselves as financially comfortable. Among those struggling to pay bills, 53% still report they’re comfortable. That’s several times higher than other groups. They tend to be younger and higher-income, as 45% earn more than $100,000 a year, and more than half of Generation Z consumers fall into this category.
- Basic Budgeters (44%): This group relies on simpler bank apps or spreadsheets to manage bills and spending. Only 34% say they feel financially comfortable. They are more likely to be middle-income households using automatic bill pay or basic dashboards without advanced analytics or alerts. For them, budgeting is largely a record-keeping exercise, not a daily habit.
- Non-Budgeters (19%): Nearly 1 in 5 consumers fall into this group, and their approach is as hands-off as it sounds. They use no digital tools and often underestimate the impact of small spending decisions. Roughly 39% feel comfortable with their finances. That’s slightly better than basic budgeters, but this likely reflects higher income or lower complexity, and not better discipline.
The data indicates that advanced budgeting doesn’t necessarily eliminate stress; it confronts it. By forcing users to track expenses closely, advanced tools create more visibility, and sometimes discomfort. But that discomfort may be productive. As the report says, “Knowledge is power, but not necessarily comforting.”
Click here to read the rest of the article.
Published in Security Week, click here to read the entire article.
SquareX has shown how malicious browser extensions can impersonate AI sidebar interfaces.
Enterprise browser security firm SquareX has demonstrated how malicious browser extensions can impersonate AI sidebar interfaces for phishing and other nefarious purposes.
The attack method, named AI Sidebar Spoofing, has been demonstrated against Perplexity’s Comet and ChatGPT Atlas, OpenAI’s new web browser. However, SquareX contends this is a systemic flaw; not only AI browsers, but also Edge, Brave and Firefox, are susceptible.
AI sidebars are AI chat windows integrated into web browsers, typically displayed on the side of the screen, processing content on the current page or performing actions based on user prompts.
ChatGPT Atlas and Comet are dedicated AI browsers, but applications such as Edge and Chrome also integrate AI assistants powered by Copilot and Gemini. Firefox and Brave also have an AI sidebar, but they use third-party chatbots rather than having their own proprietary LLM.
SquareX researchers have shown how threat actors can spoof trusted AI sidebars in browsers by getting the targeted user to install a malicious browser extension. The extension can be created by the attacker from scratch and disguised as a harmless tool or it can be a legitimate extension that has been compromised and modified.
It’s worth noting that the malicious extension requires host and storage permissions, but the security firm pointed out that these are common permissions required by many popular extensions.
When the victim opens a new browser tab, the malicious extension injects JavaScript into the page to create a fake sidebar that is a perfect replica of the legitimate AI sidebar.
Click here to read the rest of the article.
Published in Krebs on Security, click here to read the entire article.
Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti-money-laundering laws came ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there.
On October 16, the Financial Transactions and Reports Analysis Center of Canada (FINTRAC) imposed a $176,960,190 penalty on Xeltox Enterprises Ltd., more commonly known as the cryptocurrency payments platform Cryptomus.
FINTRAC found that Cryptomus failed to submit suspicious transaction reports in cases where there were reasonable grounds to suspect that they were related to the laundering of proceeds connected to trafficking in child sexual abuse material, fraud, ransomware payments, and sanctions evasion.
“Given that numerous violations in this case were connected to trafficking in child sexual abuse material, fraud, ransomware payments and sanctions evasion, FINTRAC was compelled to take this unprecedented enforcement action,” said Sarah Paquet, director and CEO at the regulatory agency.
In December 2024, KrebsOnSecurity covered research by blockchain analyst and investigator Richard Sanders, who’d spent several months signing up for various cybercrime services, and then tracking where their customer funds go from there.
Click here to read the rest of the article.
Published in CUSO Magazine, click here to read the entire article.
What is data hygiene, and why is it important to a credit union’s daily operations?
The definition of data hygiene is the ongoing process of maintaining the quality and accuracy of data within a database or information system. Data hygiene is especially important for credit unions because if you don’t have good data hygiene, it could result in a finding on an audit where the credit union’s integrity is at stake or a bad reputation with your members if you are not able to produce documents requested in a timely manner.
Maintaining good data hygiene
The NCUA does not regulate record retention, but they do have guidelines on their website that provide a list of all documents that you should retain permanently, as well as a list of documents that you can dispose of that you can bring to your board meeting for discussion. The link to these guidelines can be found on their website.
Take stock of all the documentation that you have in your file cabinets or digital files, and consult with your board on what the best practices are and should be for your credit union for record retention.
Once you have determined what to keep and what to dispose of, you will want to create digital backup files, if you don’t already have them, of everything that you have determined you need to keep. By scanning in all the documentation, you and other credit union personnel can easily search for needed documents instead of spending time searching through file cabinets. This also makes the files easily accessible by credit union staff who work remotely and are not able to physically search through a file cabinet.
Additionally, credit unions should create a checklist of all required documents needed for each of their processes, and make it a priority to regularly audit what they have on file. To ensure that you are not missing any documentation or retaining outdated information, this task should be assigned to varying staff members so that you can be confident of the integrity of the files.
The risks of bad document hygiene
Keeping on top of your data and document hygiene is essential for a number of reasons.
I can think of a couple of examples of why it is a good idea to remove outdated information. If you plan on using AI at your credit union, you want to ensure that the information you are supplying to the AI is up to date. You wouldn’t want it to receive information that is skewed due to accidentally including outdated information. This could affect the answers a chatbot provides members with, and if the AI is providing incorrect information from old materials, this can damage the trust members have in your credit union.
Even if you don’t plan on using AI, having outdated information within a file could create additional work for an employee who is looking for specific information because they would have to bypass documentation that will have no value. Additionally, even humans could err and provide a member with an old file or incorrect information.
Click here to read the rest of the article.
Published in Tyfone, click here to read the entire article
OP-Ed Written By: Brad Bolton and Ken Hale
The credit union tax exemption is under increasing scrutiny in Washington following a record number of acquisitions of tax-paying community banks last year, but that isn’t stopping the industry from seeking increased powers for the largest credit unions.
With federal data showing credit unions are failing to meet the needs of the high-poverty areas that they’re subsidized to serve, credit unions must focus on serving that mandate before they attempt to expand their taxpayer-funded subsidies into other areas.
Expanding tax breaks for the largest credit unions
Amid reports of credit unions abandoning their mission, concerns over the impact of taxpayer subsidies on credit union acquisitions of tax-paying community banks, and questions from Congress on reports of discriminatory lending practices, industry advocates are pushing to raise the statutory cap on the industry’s lending to member businesses.
But this is a smokescreen from an industry increasingly under the microscope. With most credit unions exempt from the 12.25% asset threshold due to their low-income designation and the vast majority of credit unions nowhere near the cap in the first place, this push by credit union advocates is designed merely to allow the largest and fastest-growing credit unions to expand their taxpayer-subsidized turf.
This lobbying push is not about unleashing lending; it’s about further unleashing taxpayer largesse for large financial institutions that are increasingly acquiring locally based, tax-paying community banks.
Published in Tyfone, click here to continue reading.
Foreclosures Are Surging as U.S. Homeowners Grapple with Rising Costs
Kimberly Draxler was in shock when she called her mortgage lender in April and was told her four-bedroom home in Hillview, Kentucky, would be sold out from under her in a matter of days.
Though she had been alerted that something might be wrong by a letter in the mail from an attorney offering assistance in warding off foreclosure, she said her lender never informed her that she was about to lose her home.
“They never called me and told me they were just going to rip my house right underneath me,” Draxler told CBS News.
Draxler’s lender said it notifies all borrowers of a possible foreclosure by mail and by phone throughout the process, in compliance with federal debt collection rules.
Before learning that her home was entering foreclosure, Draxler, who is 57 and on disability, said she stayed afloat financially by relying on her son, who contributed $600 a month to help take care of household expenses. But after he moved out in 2024, her bills began to pile up, she told CBS News. Draxler soon fell behind on her mortgage.
The financial pressures bearing down on Draxler highlight the struggles of homeowners still grappling with the rising cost of everything from housing and groceries to energy bills and insurance coverage. With many households stretched thin, unexpected events such as job loss, unplanned medical expense or even simple car problems can cause people to fall behind on their mortgages.
“I just couldn’t do it anymore”
Although foreclosures — which include default notices, scheduled auctions or bank repossessions — remain well below their pre-pandemic levels, they are on the rise.
As of August, foreclosure filings had risen six straights months year-over-year and were up 18% from the same period in 2024, according to property data firm ATTOM. Through June, roughly 188,000 properties had foreclosure filings, putting the U.S. on track to surpass the roughly 322,000 U.S. properties that went into foreclosure in 2024.
“Paying for the house, the car, the necessity bills — I just couldn’t do it anymore,” said Draxler, who had come close to losing her home in foreclosure on three previous occasions over the last decade.