MADISON, Wis. (12/21/07)--More phish tales from credit unions in three states surfaced this week, just as reports from a nationwide survey announced that 3.6 million U.S. consumers lost $3.2 billion in online phishing attacks this year. According to Stamford, Conn.-based research firm Gartner Inc., this year's loss figures are an increase from 2.3 million people who lost money last year. Gartner surveyed 4,500 online adults (United Press International
Dec. 19). Meanwhile, credit unions and related organizations in Virginia, Pennsylvania and Ohio, were alerting their members about phish attempts.
* In Lynchburg, Va., Beacon CU was targeted when Cindy Kozerow, a crime prevention specialist for the Lynchburg Police Department, received a call before 6 a.m. Tuesday. The prerecorded message said Kozerow's credit union account had a problem and told her to visit a website and enter personal information. She recognized the call as a phish scam. A caller ID listed a Western Ways store in Lynchburg, but the call didn't originate from there or from the credit union (The News and Advance Dec. 20). * In State College, Pa., Penn State FCU's website alerted members that a message purporting to be from the credit union was a scam. The credit union said individuals with Penn State University e-mail addresses received messages with subject lines such as "Unauthorized Activity!" The e-mail messages told the recipients to click a link to a fake website (Penn State Live Dec. 18). * The Ohio Credit Union League alerted readers in its Dec. 19 eLumination Newsletter that a phishing e-mail on Dec. 7 claimed to be from the Ohio Credit Union System. It was sent to consumers' addresses and asked them to verify their credit union and member account by visiting a link and typing in their credit card and account numbers.
Each target emphasized it would never solicit financial and personal information via the Internet or telephone. Despite consistent media alerts about phishing attempts, the Gartner Inc. survey indicates many Internet users aren't heeding the message to avoid providing personal and financial information via unsolicited e-mails and callers (Washington Post
Dec. 19). Of surveyed consumers who received phishing e-mails as of August this year, 3.3% said they lost money. That compares with 2.3% in 2006 and 2.9% in 2005. The average dollar loss per incident declined--to $886 from last year's $1,244--with a median loss of $200 in 2007. However, about 1.6 million respondents recovered about 64% of their losses, up from 54% that 1.5 million adults recovered last year. Of those who lost money, 47% said they used a debit or check card for online transactions. Also, 32% listed a credit card as the payment method, while 24% said they paid with a bank account.