EAST LANSING, Mich. – At Michigan State University Federal Credit Union proactive planning is key in the fraud fight. "Whether it is phishing, identity theft or any type of fraud it is not a matter of if but when – so it is important to have a plan that can be quickly implemented because time is of the essence," said MSU FCU Vice President of Marketing Joyce M. Banish. Preparation paid off when the credit union fell prey to a phishing attack two days before spring break. The bogus e-mails were sent to MSU FCU members at 6 p.m. and Banish credits the extended credit union hours for helping to get a jumpstart on the problem. "If we had been a normal institution then we would've closed at 5 p.m. and wouldn't have heard about it until the next morning," said Banish. Instead members started calling the credit union questioning the e-mail, which asked for personal financial information such as account numbers and passwords. "By 7 p.m. we were aware of what was happening and our marketing and e-commerce division not only sent a blanket e-mail to members not to respond but we also posted a banner on the Web site and by the next morning our search to find where the site was hosted resulted in that site being shut down by 11 a.m.," said Banish. "The timing of this attack and sophistication of the e-mail and bogus site were amazing. As students get ready to leave seeing this email the last thing they'd want is to have any problems with their accounts so it was remarkably efficient during a time when members wouldn't look at their accounts as much. As for the e-mail and site itself it looked exactly like an e-mail we'd send." Despite the visual similarities the fake e-mail did contain a few minor inconsistencies such as the misspelling of University, referring to members as customers and references to Internet banking instead of the MSU FCU online banking product name of ComputerLine. Banish says the little mistakes were such that could easily be overlooked but for the credit union's continuous education efforts. From in-branch and on campus seminars to brochures and a dedicated identity theft/fraud section of its Web site to post current scams and steps to take if made a victim, MSU FCU does its part to keep members informed "I think it is because of our education process that we were notified about the e-mail from members so quickly," said Banish. "In our reaction to the phishing attack we made sure that we reinforced to members that the e-mail addresses were published in the faculty directory and it was not a breach of our own system, which remained secure. We also emphasized that to the press." Banish adds that the credit union's existing response plan helped make things easier for everyone. Not only did the credit union have a dedicated plan to keep members calm about the situation and offer specific steps on how to proceed if they were a victim of the fraud but also had a pre-set contact list ready to deal with members of the press. "All questions were to be directed to either me or the CEO if one of us was on vacation during an incident then there is a backup contact on the list so everyone is aware and ready to start dealing with the situation," said Banish. "The biggest danger besides funds being lost when something like this happens is members losing confidence in using our online services, which is not only a major investment for us but also a great member convenience. So when the press came we were prepared and there was one station that came out and wanted to sensationalize the phishing attack-which is the worst thing that can be done- and we were able to help tone it down and make the segment a more educational piece." Banish says the efficient, quick response paid off since no members were victims of the attack. In addition, the member reaction has been extremely positive and helped MSU FCU reinforce its image as being a valuable member resource and a financial institution that truly cares about its members. "Members are appreciative that we are so proactive," said Banish. "Right after the attack we also ran ads on campus about phishing, identity theft, how consumers can protect themselves three times a week for some three or four weeks and had such a positive reaction from the university as well. Taking the time to plan for such events makes all the difference." [email protected]
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.