U.S. Treasury E-Mail Scam/Phishing Attack - November 21, 2008
CCCU has been made aware of an emerging e-mail malware/phishing attack pertaining to the U.S. Federal Reserve. Government Agencies are often targets of email scam attacks. The scam looks as though it is a bulletin initiated by the Federal Reserve and warns recipients of a wire transfer attack that is affecting a large number of credit unions and banks. The spam e-mail also contains two web address links that bring the victim to a fraudulent web site that installs phishing/malware software or even a Trojan virus onto the victim's computer.
The web address links contained in the spam e-mail direct the user to a fraudulent site that poses as a legit U.S. Federal Reserve website. The website contains more links to malicious websites or might even redirect the user to an adult-content website that contains a PDF exploit that downloads to the victim's computer automatically. This PDF exploit then installs various forms of malware and Trojan viruses onto the system. Once the malware and Trojans are installed, the victim's computer will automatically reboot. Once the victim's computer is rebooted, the malware will send out critical system information such as usernames, passwords, keyboard key strokes, or even file contents of sensitive documents.
For other resources regarding protecting your identity, please click below.
Identity Theft
FTC National Resource for Identity Theft
Know that we are doing all we can to protect you and your account information online, over the phone and in person! Our goal: keeping your personal information safe! We use safeguards including a firewall that protects our computers from online attacks, break-ins, and snoopers. Our stringent privacy and security policies, instituted and strictly observed by our dedicated staff, also keep your privacy safe and secure. If you have questions, please contact us at 800.347.CCCU or email info@myCCCU.com.
CUNA Phishing Alert, August 28, 2008.
According to Credit Union National Association (CUNA), multiple phishing scams posing as various credit unions have begun circulating. In some of these scams, members are receiving e-mails and cell phone text messages informing them that their online account access has been suspended. Recipients are given a phone number to call to re-instate their online access (this is how the fraudsters steal their account information and potentially withdraw funds). Credit unions have already had members fall prey to these scams.
Remember:
• Never provide personal or account information in response to any
unsolicited request (by email or by phone).
• Beware of any unsolicited email that threatens to close or suspend
your account(s) or online account access.
• Beware of any unsolicited email that requests you provide personal account
information that Christian Community Credit Union should already know.
If you are unsure if any message you receive is legitimate (email, phone call, etc.), please contact the Credit Union directly for verification.
|
Christian Community Credit Union will NEVER email members asking them to provide and/or verify their Social Security Number, account number or personal identification information including passwords or Personal ID Number (PIN).
FDIC Phishing Alert – October 23, 2006
The FDIC has received reports by businesses and consumers of a phishing e-mail that has the appearance of being sent from the FDIC. This phishing e-mail, appears to be from the FDIC and ask recipients to click on a hyperlink titled "Take the Corrective Action – Implement the LinkBank System." The fraudulent e-mails, which are purportedly from "Russell A. Rau, Assistant Inspector General for Audits," typically include a "Subject" line that states: "Compliance Examination for [recipient's name inserted]."
When accessed, the hyperlink downloads an executable file to your computer. FDIC is currently analyzing the executable file; however, it is likely installing a keylogger or similar piece of malicious software. DO NOT click on the link provided in the phishing e-mail.
Once on the page, users are asked to "certify" that they "will provide correct information in order to implement the LinkBank System." The "LinkBank System" is described as:
"…a protocol developed by the FDIC and other federal agencies as a way to ensure that the standards for Online Banking security are met. This protocol is based on a client utility, safeConnect, that was developed to be installed on business computers which are used to open Online Banking sessions. This utility only interacts when an online session with a Financial Institution insured by the FDIC is opened, thus it will never interfere with any other applications."
After clicking on the certification radio button, another page is opened that asks for bank name, username, and password.
The e-mail is a fraudulent attempt to obtain personal information from consumers. Consumers should NOT access the link provided within the body of the e-mail and, under any circumstances, do NOT provide any personal information through this media.
Important Warning: Phishing Scams on the Rise
A current issue gaining national media attention is an email scam known as “Phishing”. “Phishing” is an attempt at identity theft where thieves send emails to consumers requesting that they “verify” or reveal personal data.
Things You Should Know About Our eMails:
We never request personal information through email.
We will never ask you to “verify” information in an email.
We will never ask you to click on a link to a “special” website to verify or request personal information.
Protect Your Card from Online Fraud
Verified by Visa and MasterCard SecureCode is a free service that allows you to create a password to confirm your online purchases. It ensures you that only you can use your Visa or MasterCard credit card online and protects you from unauthorized purchases. Once activated, your card will be automatically recognized as protected by either Verified by Visa or MasterCard SecureCode at participating online stores. Shop online with added safety and peace of mind.
> Sign up for Verified by Visa
> Sign up for MasterCard Secure Code
Would You Know What to do if Identify Theft Happens to You?
Identity theft can destroy you financially, and restoring your good name and credit can be very costly and time consuming. Identity Theft occurs when someone uses your personal information to commit fraud and other crimes. It may also involve computer fraud, mail fraud, wire fraud, and financial institution fraud. Last year, an estimated 10 million Americans became victims of identity theft. On average, in reclaiming their identity, a victim spends $1,500 out-of-pocket and 175 hours resolving problems associated with it.
Protect Your Name
Identify Theft is a very real and damaging crime. It happens when someone uses your personal information, unlawfully accesses your financial accounts, and steals your funds and credit. This type of crime can be particularly devastating – ruining your credit and causing you to be denied things like insurance, mortgages, and in some cases, jobs. Protect yourself against identity theft with these tips to becoming a savvy, safe consumer:
|
|
| 1. |
Do not give out personal information such as your account or credit card numbers unless you initiate the contact. In other words, do not feel obligated to provide information to unsolicited people and agencies. |
| 2. |
Report lost or stolen checks immediately, properly store cancelled checks, and examine new check orders to verify that no checks are missing. |
| 3. |
Destroy financial solicitations, documents, statements, or receipts before discarding them. |
| 4. |
Guard your ATM PIN number. Throwing away receipts without destroying them could leave you and your account vulnerable. |
| 5. |
Make sure your mailbox is secure and collect mail promptly as it’s delivered |
| 6. |
Contact a credit-reporting agency annually to review your credit status and files.
The three major bureaus are:
Equifax 800.685.1111
Experian 888.397.3742
TransUnion 800.916.8800 |
|
If you have been a victim of Identity Theft, take action immediately by contacting the following resources:
1. Any CCCU Financial Service Consultant at 800.347.CCCU
2. Your local Police Department
3. The Social Security Fraud Hotline: 800.269.0271
4. The FTC Identity Theft Hotline: 877.IDTHEFT (438.4338) Armed with
knowledge and good sense, you can go about your business knowing that
CCCU is your financial partner, keeping you informed and helping you take
care of your finances. Be safe and happy!
> FTC National Resource for Identity Theft
More Resources
> ID Theft Assesment
> Common Practices
> Preventing ID Theft
> Your Rights
> Monitoring & Protection
> Recovery Guide
> Resources
> Glossary
