Who’s “Phishing” for Your Information?
Internet scammers trawling for people’s financial information have a new way to lure unsuspecting victims: They go “phishing.”
Phishing is a high-tech scam that uses spam to deceive consumers into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information.
A typical phishing scam works like this: An individual receives an email which claims to be from a legitimate business the consumer may do business with, such as their financial institution, internet service provider or online payment service. The consumer is asked to “update” or “validate” their billing or account information, and direct them to a “look-alike” web site of the legitimate business.
To avoid getting caught by one of these scams, the Federal Trade Commission offers this advice:
- If you receive an email that warns you, with little or no notice, that an account of yours will be
shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or web site address you know to be genuine.
- Avoid emailing personal and financial information. Before submitting financial information
through a web site, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission.
- Review credit card and financial institution account statements as soon as you receive them
to check for any unauthorized charges. If your statement is late by more than a couple of days,
call your credit card company to confirm your billing address and account balances.
- Report suspicious activity to the FTC. Forward the actual spam to email@example.com. If you
believe you’ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC’s
Identity Theft web site www.ftc.gov/idtheft to learn how to minimize your risk of damage
from identity theft.
Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam.
PLEASE NOTE: NuVision Federal Credit Union will never send e-mails requesting your credit union username, password, pin number, or other personal identity information.
If you receive such an e-mail solicitation that appears to be from NuVision Federal please forward it to firstname.lastname@example.org or notify our Member Services Department at 800.444.6327 immediately. If you have any additional questions, please contact our Member Services Department.
Emails are being sent to random internet users who may or may not be Digital Insight customers using the spoofed address email@example.com. These emails are not legitimate communications from Digital Insight (NuVision’s online banking provider). Attached to the message is a zip file containing a malicious executable file that looks like a PDF document that infects the user’s computer with malware. Please do not open the file.
THE EMAIL READS:
Incoming Transactions Report. An incoming money transfer has been received by your financial institution and the funds deposited to account. Initiated By: Fiserv Inc. Initiated Date & Time: Fri, 15 Aug 2014 23:00:11 +0700. Batch ID: 976. Please view the attached file to review the transaction details.
What can you do to protect yourself against this and other phishing attacks?
Please employ security best practices to proactively mitigate phishing and malware threats like this. These best practices include:
- Install an antivirus app on both your personal computer and your mobile device and keep it updated.
- Do not click on attachments in suspicious emails.
- Perform regular backups of data.
Don’t view or share personal information over a public Wi-Fi network.
NAFCU “Phishing” Scam
NuVision Federal would like to make you aware of a recent email “phishing” scheme that appears to be from the National Association of Federal Credit Unions (NAFCU). This email asks the recipient to click on a link to verify their credit union account registration. If the recipient clicks on the link, they are directed to a false website and asked for their credit union account number and PIN, along with other personal information.
The NAFCU will never ask you for personal account information. Anyone who receives an email that appears to be from NAFCU and asks for account information should consider it to be a fraudulent attempt to obtain personal information. Do not reply, click any link, or enter any information if you receive this type of suspicious email.
If you responded to such an email, and provided any confidential account information, please contact NuVision Federal at 800.444.6327 or firstname.lastname@example.org immediately so that we can help you protect your account. You should also change your account PIN.
Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at email@example.com. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center.
Fraudulent Email Appearing to be From FDIC
The FDIC (Federal Deposit Insurance Corporation) has reported a recently discovered email that appears to be from their organization.
The fraudulent email asks the recipient to click on a link entitled Take the Corrective Action Implement the LinkBank System, which takes the recipient to a fake site that has been created to mimic the actual FDIC website.
Once on the site, the recipient is asked to enter personal banking information such as Account Number, banking website and password.
If you receive this or similar email, please do not respond to it. If you already have responded, please contact the credit union and inform us immediately! It may be necessary to change your account number if you believe you account to be compromised.
More information can be found at the FDIC’s website by copying the following URL into your browser. www.fdic.gov/consumers/consumer/alerts/index.html
Be wary of any email from a financial institution or other business that requests account or password information by responding to an email or clicking a hyperlink in an email.
If you have any doubt to the legitimacy of an email from your financial institution, contact the institution before responding to the email.