Boeing Employees’ Credit Union (BECU) is a not-for-profit credit union based in Washington, dedicated to improving the financial well-being of its members and communities. It has grown beyond serving Boeing’s employees to more than 1.5 million members and $29 billion in assets. In an exclusive interview, Sean Murphy, Chief Information Security Officer (CISO) at BECU, explains the changing cyber-threats now facing consumers.
Cyber Intelligence: Can you outline the current cybersecurity challenge for BECU and its members?
Sean Murphy: The cybersecurity challenges faced by all consumers have escalated with the growth of artificial intelligence (AI). We have witnessed the growing use of botnets, and AI is at such a stage that it can be used to attempt to gain access to accounts on an individual level. The use of virtual private networks (VPNs) simplifies this process and makes it difficult to track. Remember – while organizations are constantly monitoring for threats and attacks, the cybercriminals only have to get it right one time to cause a highly damaging breach. Advanced persistent threats (APTs) have now become a major ongoing threat. Financial institution employees are the first line of defense against cyber attackers and play a key role in protecting consumers. As such, a robust cybersecurity team and the regular training of employees is crucial.
Cyber Intelligence: What form do these threats take?
Sean Murphy: Persistent attacks are now being executed not only online but also physically. BECU has experienced attempts at fraud where the fraudster has actually come into our credit union locations in person with a set of fake credentials in order to scam us. Our neighborhood locations have now become part of the security frontline.
Cyber Intelligence: Does this physical element represent a new trend?
Sean Murphy: I think what we are seeing is an increasing overlap between cybersecurity and physical security. Criminals have always incorporated new technologies into existing crimes. A century ago, they started using telephones to assist in carrying out financial fraud and began performing more sophisticated robberies. Today they use the internet to help perpetrate these crimes.
Cyber Intelligence: And how about plain old-fashioned cybercrime?
Sean Murphy: New online fraud techniques are now evolving at a staggering pace. Deepfake voice calls are just one example. Organizations and individuals are being called by what sounds like a trusted colleague, friend, or family member and asked to transfer funds urgently. Cybercriminals are now also moving towards deepfake video calls, which are increasingly difficult to identify – even for experts. The growth of artificial intelligence has made it easier for criminals to clone voices to create almost perfect requests that sound just like people the victim may know. As much as you can, look for signs of the use of AI including typos in written communication or an inconsistent tone or cadence in a conversation, and trust your gut if something feels “off.”
Cyber Intelligence: How serious a threat have deepfake voice scams become?
Sean Murphy: They are a very serious threat indeed. In 2023 alone, the US lost $2.7 billion to imposter scams. These included scammers pretending to be the government, a bank’s fraud department, a technical support expert, or a distressed friend or relative. Fraudsters get hold of examples of a person’s real voice and use widely available off-the-shelf AI tools to use those voice patterns to create synthetic conversations, copying and manipulating the victim’s voice. Even a small number of recorded words from a voice recording is enough for AI tools to successfully imitate a person’s voice. Short audio clips can be pulled from content posted online on social networks such as TikTok or Instagram. All the fraudster has to do is type words for the Darknet-acquired tool to repeat in the cloned voice.
Cyber Intelligence: How do you make your members aware of the growing threats?
Sean Murphy: We always try to give timely and topical advice to our 1.5 million members in the US. For example, we always tell them to be aware of emails or calls that purport to be urgent. We advise them to step back and take a pause—BECU will never call them asking for confidential information or payment. We also have a dedicated Fraud & Cybersecurity Center as a learning resource for members on fraud and scam-related topics.
Cyber Intelligence: Can you give an example of a current new threat now facing your members in 2025?
Sean Murphy: We are in the midst of tax season, which is a window of opportunity for online fraudsters and we are advising our members on what to look out for in the form of scattergun and targeted cyber-attacks. We give a clear list of things they should do if they believe they are engaging with fraudsters and cybercriminals. If needed, they can also directly contact an individual BECU representative to get advice.
Cyber Intelligence: Thank you.
