MADISON, Wis. (11/26/07)--The holiday season isn't stopping fraudsters from trying to hook financial information from unsuspecting victims via the Web. Several credit unions were targeted the past month with phish attempts. KU CU, the Lawrence, Kan., division of Bartlesville, Okla.-based 66 FCU, reported that a phisher sent messages to University of Kansas e-mail addresses purporting to be KU CU and requesting account numbers. (U-Wire Nov. 19). The credit union's website has a notice asking recipients of the e-mails to notify it immediately, Dennis Halpin, the credit union's spokesperson, told the publication. KU CU never asks for information such as account numbers or credit card numbers in an e-mail. Phishers have used the credit union's name before, he said. The credit union traces the phishers and shuts down their web addresses, but the addresses usually are traced to different countries. The Pittsburgh Post-Gazette, which reported about past phishing attempts against MasterCard and the Credit Union National Association, received a phish posing as a message from Teachers CU and saying the credit union had deactivated the recipient's Visa Check Card due to "unusual levels of fraud." It instructed the recipient to call a toll-free number. Teachers CU is a $1.704 billion asset credit union based in South Bend, Ind. It did not send the message. The phone number is not a toll-free number but a standard area code, 641, which serves Iowa (Pittsburgh Post Gazette Nov. 18). New York Daily News' "Your Money" column reported receiving three attempts from shysters--two of them using credit unions' names--trying to phish for information (Oct. 29). One claimed to be from Scott CU and focused its spiel on an "easy five question survey." In return for filling out the survey, the fake credit union would provide a $20 credit to the recipient's account. Scott CU, with assets of more than $398 million, is headquartered in Collinsville, Ill., and is not surveying anyone via e-mail. The column also reported an e-mail addressed to "Visa cardholder." It claimed a card issued by $1.3 billion asset Washington State Employees CU, based in Olympia, Wash., had been disabled. The recipient was told to call a toll-free number to reactivate the card. The columnist called the number. An automated voice asked for the card number, expiration date and ATM security code. The columnist punched in random numbers, and the robotic voice informed, "Your card has been reactivated," even though the columnist is not a Visa cardholder. Credit unions should continue alerting members to phish attempts and emphasize that credit unions don't ask for account and personal financial information via e-mails and unsolicited phone calls. Recipients of such messages should not click the links or call the numbers provided. Instead, they should delete the message.