Picking up Nickels

Friday, March 16, 2007

A convincing phish attempt targets credit union members

I got an email this week claiming to be from the National Credit Union Administration (NCUA), alerting me that my credit union account had been accessed by a third party:

Official information for all Federal Credit Union

Dear Credit Union holder account,

NCUA is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.

- Why is my account access limited?

- Your account access has been limited for the following reason(s):

- * March 20, 2007: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive Credit Union account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

(Your case ID for this reason is THEFT-3150019066.)

- How can I restore my account access?

- This limitation cannot be appealed.

- We encourage you to restore full access as soon as possible.

https://www.ncua.gov/activate_account


Once you complete all of the checklist items, your case will be reviewed by one of our Account Specialists. We will send you an e-mail with the outcome of the review.

Thanks for your patience as we work together to protect your account.

Best regards, National Credit Union Administration Team


While this is one of the better constructed scam emails that I have ever received, there were a few warning signs that identified it to me as a fake:

  1. The email title was an incomplete sentence: Official information for all Federal Credit Union
  2. The email came from the NCUA, and not the credit union that holds the account
  3. The name of the credit union which holds the allegedly compromised account is never mentioned by name
  4. No contact phone number is included.
  5. The https link to ncua.gov is actually redirected to a third party web site (http://202.152.12.60/webapps.ncua.gov/Express/login.htm), which asks for things like account owner name, credit union name, and account numbers.


While this email was full of warning signs, I wouldn't be surprised if some trusting people fell for this scam. While anyone reading this blog entry is probably savvy enough to know that this is a fake email, it is worth noting that you should never click on a link in an email and enter sensitive personal information. The safest bet is to log on to your account directly from the official web site of your credit union or to call the customer service number listed on your account statement.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home