X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

MADISON, Wis.-CUNA’s Web site fell victim to a phishing scam last week, but the major credit union trade association was not unprepared. “This morning, we received an e-mail from a consumer that received an HTML message that had our consumer wrapper on it,” CUNA Vice President of Web Services Dorothy Steffens explained Feb. 15. The phishing e-mail had the typical “your account may have been compromised” language, she said, and claimed to be from CUNA. “We have been prepared for something, but I was still a little surprised and irritated,” Steffens said. CUNA quickly put its prepared plan into action. The e-mail was taken to the legal department, then CUNA posted a fraud alert on its home page, posted a story on its online News Now, and contacted the state leagues and credit unions to let them know what is going on so they could educate members. It is important for consumers to know that no financial institutions would request personal financial information via e-mail, according to Steffens. CUNA was actually able to manipulate the phishing message being sent out so that when someone does open it, it alerts the reader that it is fraudulent. Law enforcement was also contacted, as well as the Anti-Phishing Working Group (APWG), an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing, and BITS, of which CUNA is a member. “I’m happy with the response. We responded immediately, before nine o’clock eastern time,” Steffens said. The false message includes graphics taken from CUNA’s Web site (www.cuna.org), including the America’s Credit Unions logo and CUNA’s copyright. Steffens said there is no way to determine how widespread the phishing scam is, but she has spent part of her day responding to consumer e-mails about the fraudulent information request, as has CUNA’s legal department and the leagues and credit unions. Probably, she said, the phishers sent out a very large quantity because she said CUNA received an e-mail about it from a non-credit union member in Canada. She has no idea of any losses due to the scam at this point. Part of the problem with that though, Steffens said, is that some people will be too embarrassed to come forward and say they were duped. CUNA has no idea who is doing this, but the spoofed Web site is a registered domain somewhere outside the United States, Steffens said. But even this may not be the real source of the phishing, as it could hopscotch through the maze of the online world and legitimate users would not even know their site is being used, she added. Basically, it is a “wild goose chase.” CUNA is not sharing the URL of the spoof site at this time so further investigation can be done. The true culprit may never be found. “It’s a cyber crime. It takes a lot of time and resources if you really want to prosecute it to the end,” Steffens said. The real trick to the whole scam is that there is no way to prevent it right now other than staying out of the public domain, she explained, which defeats the purpose of having a Web site. “Bottom line is this could happen to anybody,” Steffens pointed out. The hope is that public awareness and education will at least prevent consumers from falling victim to the scams. According to the APWG’s Phishing Activity Trends Report for December 2004, there were more than 9,000 “new, unique” phishing e-mail messages reported to them, up 6% from November. However, it equals an average monthly growth rate of 38% since July 2004. Though APWG calls the growth in the number of reports “modest,” the number of phishing Web sites is up “dramatically.” In December alone, new reports of 1,707 different sites came in, up 10% from November. The total number of hijacked brands in December grew to 55 with nine new reports; eight of those first reported were financial institutions. The financial services industry remains a favorite for phishing attacks, representing 85% of all hijacked brands in December. The United States far exceeds other countries for hosting phishing sites at over 32%. China is next at 12%, then Korea (11%), Japan (2.8%), Germany (2.7%), France (2.7%), Brazil (2.7%), Romania (2.2%), Canada (2.1%), and India (2.1%). The APWG provides a forum for discussing phishing issues and will also, as appropriate, seek to share the information with law enforcement. The group currently has over 706 member organizations participating in the APWG and more than 1,100 members, which is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, and solutions providers. -

Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now

Copyright © 2019 ALM Media Properties, LLC. All Rights Reserved.