ALEXANDRIA, Va. (4/3/08)—The National Credit Union Administration (NCUA) issued alerts to credit unions on fraud schemes, one of which is a new type of phishing scam the regulator said poses “a significant risk” to credit unions. The credit union regulator was notified by the Federal Bureau of Investigations about a new type of information attack, one that targets employees of credit unions. These schemes differ from other types of attacks in that the criminals seek to infect the employees’ computers with malicious software secretly recording their keystrokes. The scammers send out e-mails addressed to the employees by name at their credit union e-mail addresses. The e-mails fraudulently appear to be official correspondence from either a governmental agency or a vendor of the credit union, according the NCUA. The emails include an attachment appearing as an invoice or complaint letter. When the attachment is opened, malicious software is installed that records the users’ keystrokes, the agency’s director of examination and insurance, David Marquis, said in an alert. “Once downloaded, the software is designed to monitor username and password logins and record the activity entered on the compromised machine. “Credit unions should examine their computers for the presence of malicious password stealing software and take necessary steps to eradicate such software,” Marquis wrote. In a separate alert, the NCUA informed credit unions of a scam that involves falsely filing an identity theft claim for the purposes of improving one’s credit report and credit score. The perpetrators claim identity theft and file police reports, causing disputed accounts to be removed from their credit reports either permanently due to lack of investigation or conclusion, or temporarily while under dispute, the NCUA said, “While the accounts are removed, credit history improves and credit scores increase dramatically. The perpetrator then obtains credit from one or more credit grantors during the time when the credit score is inflated. The loans obtained through the use of the improved credit history and credit score subsequently go unpaid,” said the advisory.