MADISON, Wis. (8/22/08)--Add Alabama and Virginia credit unions to the growing list of credit unions throughout the nation whose members are being hit with vishing (voice phishing). Heritage South CU, Sylacauga, Ala., warned Talladega County residents earlier this week of a phone scam in which an automated system asks for credit and debit card information (The Daily Home Aug. 20). The scam began Monday evening. The $66 million asset credit union told the newspaper it received an equal number of calls from members and nonmembers contacted by an automated system claiming to be Heritage South and saying their card had expired. The recipients were asked to call a long distance number to reactivate the card and the bogus "Heritage South Security Center" would ask for the card number, PIN and the card's expiration date. Few members gave out the information, said the credit union, whose member database was not compromised. The credit union said it would never contact members asking for information it already has. Members of Martinsville Dupont Employees CU (MDCU), Martinsville, Va., received similar calls, the credit union said Thursday in a press release. "Someone has obtained a list of phone numbers in the Martinsville and Henry County area and is calling individuals" with a similar ruse, said Darrell L. Minniear, president/CEO of MDCU. "MDCU will never contact you by phone or e-mail and ask you for personal information such as your Social Security number, account number, or credit card number," Minniear said. Meanwhile, the Ohio Credit Union League said Wednesday "thousands of Ohioans" received messages via text, e-mail and voicemail, stating that their services at their credit union had been suspended. (News Now Aug. 21). Thursday the league said five unique phishing scams purported to be from credit unions in the previous two days. "Information at credit unions has not been compromised and this is not a data theft. This is an attempt to contact people directly and prompt them to give their personal information," said Paul Mercer, president of the Ohio league in a press release. "We want to make sure Ohioans are aware of this attempt and encourage them to call their financial institution if they get a message to help us thwart future phishing attacks," he said. The league asked its member credit unions to communicate directly with their members and post notifications on their websites. It also alerted the Ohio Attorney General's Office, the FBI, the Federal Communications Commission, and the Federal Trade Commission. Special Agent Harry Trombitas of the Federal Bureau of Investigation (FBI) said people receiving the messages should report the information directly to the FBI at www.ic3.gov for investigation. Anyone who provided their personal information to the fraudsters should go immediately to the Federal Trade Commission (FTC) website at www.ftc.gov/idtheft and follow the steps provided to minimize their losses and protect their credit, he said in the league's press release. Last week, Commonwealth CU, Frankfort, Ky., reported a second round within three weeks of vishing to thousands of Kentuckians. Florida CU, Gainesville, also reported similar attacks (News Now Aug. 18). Several credit unions in Wisconsin were hit earlier, and at least one, Bull's Eye FCU, experienced two waves of the attacks. In July, credit unions in seven states--Pennsylvania, New York, Connecticut, Wisconsin, Indiana, Texas and Illinois--reported vish attempts.