Phish scams, security breaches make the rounds

MADISON, Wis. (5/11/05)--Phishing and security breaches are becoming a way of life, inconveniencing members, credit unions, credit-union related organizations and their strategic alliance partners.

The average monthly growth rate in phishing sites increased 28% from July 2004 through March 2005, with the financial services industry the most-targeted industry for phishing attacks, says the Anti-Phishing Work Group (APWG). APWG, based in Massachusetts, is comprised of business and law enforcement agencies around the globe.

Financial institutions averaged 81% of all "hijacked brands" in March 2005. It notes that phishing attacks have been reported against credit unions and community banks and well-known institutions with global brands (Deseret Morning News May 5).

Even the Credit Union National Association (CUNA) and the National Credit Union Administration (NCUA) have been recent phishing targets. The Pennsylvania Credit Union Association (PCUA) said it received numerous fraudulent e-mails over the weekend appearing to be from NCUA, seeking "account verification." (Life is a Highway May 9). NCUA, like CUNA, has posted a fraud alert on its website.

In Fort Collins, Colo., Arviel Breakfield, a senior technician at the Coloradoan and member of Norbel CU, logged onto his credit union account to discover that $500 had been withdrawn and it had a negative balance. Someone in Russia used a copy of his ATM card without a PIN to drain his account. Breakfield, who wasn't missing his card, immediately canceled it and called Norbel CU. His money was transferred back into his account within several hours. "They were totally cool. I didn't really think it could happen to me, but I knew it could happen," he told the Coloradan (May 5).

America First FCU, Ogden, Utah, has declared open season on phishers, according to Deseret Morning News (May 5). It created an "Anti-Phishing Team," comprised of representatives of its security, network systems, electronic support and services, audit, call center, marketing and executive decisions. Rich Smye, senior vice president of electronic services, says the team's charge is to improve monitoring of suspicious activity, develop additional identify verification controls, assist members who believe they've been victimized or solicited via phishs and improve alerting procedures so members know about the schemes faster.

Education is the key to solving the problem, Smye told the newspaper. The credit union set up an e-mail address where members and others can report suspected phishing. The messages go to the security, network and support teams, and when appropriate, the Utah Cybercrimes Task Force. Senders also will receive information from America First about what to do if their personal information has been compromised.

Cardholders using Certegy's eZCardInfo website received phishing e-mails supposedly sent from their credit union or bank, directing them to a bogus link where they were asked to supply their user ID and password to ensure their account isn't compromised. "These are fraudulent e-mils and the cardholder should not comply," says the PCUA (Life is a Highway May 10.)

What's a computer user to do? Use the delete button. Don't open the mail, and certainly don't use the link in the e-mail and give out personal information. And keep telling members that the credit union will never solicit personal financial information about their accounts over the phone or via e-mail.

print this story email this story
Resource Links
ID Theft: How to Prevent It and How to Get Over It
Resources to fight phishing fraud


More CU/System

Copyright © 2012 Credit Union National Association