|
CUNA Website Subject of Illegal
Phishing Message
SCENARIO/METHOD: CUNA (Credit Union National Association)
Website Phished
The Credit Union National Association (CUNA) Website is the subject
of an illegal phishing message e-mailed to credit union members
to collect their User Name and Password information. CUNA is warning
people who receive the e-mail not to click on the link to the fake
Web page and to instead delete the message. Do not click on the
Website link in a message that's telling you that the organization's
information is slightly out of date or incomplete.
The fraudulent message uses graphics from CUNA's Website.
It uses the America's Credit Unions logo, contains the word "consumer"
on the right side of the page and addresses the credit union member.
It also has CUNA's copyright. The phish message says, "During
our regular accounts verification, it has come to our attention
that your credit union account may be slightly out of date or incomplete.
This irregularity can and must be fixed through the Credit Union
National Association Confirmation process that takes 10 minutes
to complete and involves logging in and confirming your identity
over a secure connection" at the link.
CUNA does not have such a link on its CUNA.org Website,
and there is no confirmation process for accounts at CUNA, which
is a national trade association for credit unions. CUNA does not
have access to credit union member accounts.
The phish message also warns that disregarding the
notification means the member's account might be restricted, and
the member won't be able to access the account online, pay their
monthly bill online, review and download monthly statements or request
a credit line increase or change of address.
RECOMMENDATIONS:
- The member should not open but delete the message.
- Report the incident to Internet Fraud Complaint
Center http://www.ifccfbi.gov/cf1.asp
- A good resource for this topic is Anti-Phishing
Working Group at http://www.antiphishing.org/index.html
- If spoofed e-mail or Website has victimized
the member, they should contact their local law enforcement, US
Postal Inspector, or FBI.
|
