-
September 2008: Digital Insight Phishing Scam
Credit union members have recently been targeted by a scam email claming to be from one of our partners, Digital Insight, or from financial institutions. The most common example of the scam that has been found has a subject line that reads, "Attention - Important Customer Information," and includes the following text:
As a [Name of Financial Institution] customer, your privacy and security is a primary task for us. We have been dedicated to customer safety and protection and our mission remains as strong as ever. We inform you that your Net Banking account is about to expire. It is strongly recommended to update it immediately. Update form is located here: [LINK]
The information submitted via this scam is then collected for possible account or identity theft. This email is not from Digital Insight - it is a phishing attempt. Moreover, neither our nor our partners' systems have been breached. Your information remains secure. Anyone receiving this email should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose, and should not follow the instructions in the message.
If you have already responded to such an email and provided any confidential account information, please notify our Member Service Center immediately at 800-325-0808.
-
August, 2008: Fake Fraud Alert "Vishing" Attempt
Members should be on the lookout for fake fraud alert email messages requesting that they call an 800-number regarding account activity. The message, purportedly from the Credit Union National Association (CUNA), reads as follows:
Dear CardHolder,
This is not a promotional e-mail. Please call us immediately at 1-(800) ***-**** regarding recent activity on your account. We're available 24/7 to take your call.
Please disregard this e-mail if you've already call us since the date this e-mail was sent.
We appreciate your prompt attention to this matter.
Thank you
Fraud Prevention Security Department
This message is not from CUNA; CUNA does not contact credit union members directly. Rather, it is a "vishing" (voice-phishing) attempt designed to obtain personal and/or account information for an illegal purpose. Affinity members who receive this email should not call the phone number it contains or follow any other instructions. If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
-
July, 2008: Digital Insight Phishing Scam
Credit union members have recently been targeted by a scam email claming to be from one of our partner organizations, Digital Insight. The message appears to come from an official Digital Insight source, such as "Digital Insight Customer Care" or "Digital Insight Administration," and contains the following text:
Dear Administrator,
We inform you that your account is about to expire. It is strongly recommended to update it immediately. Update form is located here. However, failure to confirm your records may result in account suspension
This message is not from Digital Insight. Anyone receiving this email delete it immediately, and should not follow the instructions in the message. If you have already responded to such an email and provided any confidential account information, please notify our Member Service Center immediately at 800-325-0808.
-
July, 2008: Counterfeit Cashier's Checks
Affinity Federal Credit Union has recently been advised that a group out of Canada has been counterfeiting Cashier's Checks. The checks are being sent to a variety of individuals across the country, accompanied by a letter and associated with an Insider Mystery Shopping program.
Persons receiving an Affinity Federal Credit Union cashier's check accompanied by a similar letter are encouraged to contact us at 800-325-0808, ext. 3911 or ext. 3949.
Learn more about how to spot potential check fraud today.
-
July, 2008: NAFCU Member Satisfaction Survey Phishing Email
We have recently learned of a new phishing scam targeting credit union members. The scam uses an email that claims to be from the National Association of Federal Credit Unions (NAFCU), requesting that members complete a satisfaction survey in exchange for an $80 credit to their account. The message has a subject line of "Member Satisfaction Survey" and the beginning of the message reads as follows:
Congratulations!
You have been selected by NAFCU: National Association of Federal Credit Unions Online Department to take part in our quick and easy reward survey.
In return we will credit $80 to your account - Just for your time!
Helping us better understand how our members feel, benefits everyone.
With the information collected we can decide to direct a number of changes to improve and expand our services.
The information you provide us is all non-sensitive and anonymous. No part of it is handed down to any third party groups.
It will be stored in our secure database for maximum of 3 days while we process the results of this nationwide survey.
[Rest of message removed]
This message is not from NAFCU; it is a fraudulent attempt to obtain account information for an illegal purpose. Affinity members who receive this email should not click on the link contained in the message or follow any of the instructions. If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
-
April, 2008: New Phishing Scam Targets CEOs through Fake Subpoenas
We’ve just become aware of a targeted “spear-phishing” scam directed specifically to CEOs and top executives by way of sending fake subpoenas from the US court system. Spear-phishing scams include personal information in their attack emails which look like believable messages. This causes the victim to trust the email and click for more information leaving the door open to be victimized.
The US court systems DO NOT send subpoenas via email unless you are already involved in a legal matter. If you receive an email claiming to come from a US district court we urge you to call the court yourself before clicking on anything in the email you receive. Click here to read the alert posted on the US Courts website warning readers about this scam.
If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
- March, 2008: CUNA "Security System" Phishing Email
The latest phishing attack targeting credit union members consists of an email alert that claims to come from the Credit Union National Association (CUNA). The message subject reads "Security Notification," and, ironically, contains text informing members that their card accounts have been deactivated due to "numerous fraudulent emails." In a twist on traditional phishing attacks, the message then asks that members contact them by phone to reactivate their accounts.
February, 2008: NCUA "Credit Union Profile" Phishing Scam
We have recently learned of another phishing scam targeting credit union members, once again using an email that purports to be from the National Credit Union Administration (NCUA). The subject line of this new message reads "Important Notice Regarding your Credit Union Profile," while the message text asks that members submit a "verification" form online within 48 hours to confirm their information for security reasons. The beginning of the message reads:
Dear Credit Union member,
You have received this email because you or someone had used your account from different locations. For security purpose, we are required to open an investigation into this matter.
In order to safeguard your account, we require that you confirm your online banking details.
This email represents a fraudulent attempt to obtain personal account information. The NCUA does not require any type of account validation, and neither they nor Affinity will ever ask for your personal information via email. Affinity Federal Credit Union members who receive this email should not follow the instructions in the message.
If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
February, 2008: IRS Warns of Tax-Filing Scams
Several email and telephone scams using the IRS name have surfaced recently, several of which may be directed at credit union members. One scam claims to make available an advance payment on rebate checks - emails direct users to access a refund claim form, while telephone scams request the member's account information. Other scams include a fake audit notification email (informing members they are being audited, and requesting personal information), while others direct users to click on links to download information about changes to tax laws.
These efforts constitute a fraudulent attempt to obtain account information for an illegal purpose. Neither the IRS nor Affinity will ever ask for personal or account information via email. Additionally, with respect to the rebate check scam, the economic stimulus package that would authorize these payments has not yet been enacted. Affinity members who receive these emails should not follow their instructions.
If you have already responded to any of these messages and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
-
January, 2008: NCUA "Last Warning" Debit Card Phishing Attempt
Another phishing scam targeting credit union members has surfaced. This latest email message claims to be from the National Credit Union Administration (NCUA), and describes a supposed database error that affects members' debit cards. The message then instructs members to contact the NCUA via telephone, asking that they "follow the steps" in the phone menu to correct the problem and restore the "valability" of their debit card.
This email and the phone numbers provided are part of a fraudulent attempt to obtain account information for an illegal purpose. The NCUA does not require any type of account validation for any reason, and neither they nor Affinity will ever ask for your personal information via email. Affinity Federal Credit Union members who receive this message should not follow its instructions.
If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
-
January, 2008: "ILWU Credit Union" Phishing Attempt
A new phishing attempt has been found, this time consisting of a message that claims to be from "ILWU Credit Union." The message informs the user that their account is suspended, and requests that they call in to have their account restored. The text of the message is as follows:
Dear Customer,
This is a message from ILWU Credit Union .
Because we have registrated to many frauds
we suspended your account.
To reactivate please call back at total free number : 501-429-4617
Please note the total free number: 501-429-4617
Copyright © ILWU Credit Union Security Departament
This message is not from Affinity; it is a fraudulent attempt to obtain account information for an illegal purpose. Affinity members who receive this email should not follow the instructions contained in the message. If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
-
January, 2008: "Credit Union" Phishing Attempt
It has come to our attention that credit union members have begun receiving an email message seeking account information under the guise of providing more secure service. This message comes from "Credit Union" with a subject line of "Security Issues," and begins with the following text:
Credit Union is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.
This message is not from Affinity; it is a fraudulent attempt to obtain account information for an illegal purpose. Affinity members who receive this email should not follow the instructions or click on any of the links contained in the message. If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
-
November, 2007: Digital Insight Phishing Email Scam
Credit union members have recently been targeted by a scam email claming to be from Digital Insight. The message appears to be from "digitalinsight@rovenmedia.com," with a subject line of "Digital Insight: Customer Prize Request Form," and asks that follow a link online to request a free gift prize. The information submitted via this scam is then collected for possible account or identity theft. This email is not from Digital Insight - it is a phishing attempt. Anyone receiving this email should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose, and should not follow the instructions in the message.
If you have already responded to such an email and provided any confidential account information, please notify our Member Service Center immediately at 800-325-0808.
-
August, 2007: Attention AT&T Employees
AT&T communicated that a laptop computer was recently stolen, and that this laptop contained some legacy AT&T Corp. benefits plan information, including some plan participants' names, Social Security numbers, and certain benefits information. The company advised that the laptop was password protected, but is recommending precautionary measures. In addition to the actions recommended by AT&T (AT&T provided recommendations in a letter sent to those who may be affected by the theft), Affinity strongly encourages affected members to contact us either by calling 800-325-0808, stopping by one of our branches, or contacting our Member Service Center online.
-
August, 2007: Computer Virus May Prompt Online Fraud Attempt
Users of online bill payment - please be on the look-out for a new virus that may be on your computer. This virus may cause a fraudulent screen to appear in online Bill Payment. The screen displays messages in an attempt to obtain sensitive information such as your account numbers and passwords. This information is already known by the online Bill Payment system, and does not need to be provided again.
If you use online Bill Payment and notice a new screen that appears out of context, asking you to provide such sensitive information, do not provide it. Instead, close your Internet Home Banking session and scan your computer for viruses.
If you have already responded to the screen's prompts and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
July, 2007: NCUA Account Activation Phishing Scam
We have recently learned of another phishing scam targeting credit union members, once again using an email that purports to be from the National Credit Union Administration (NCUA). The subject line of this new message reads "Important message from National Credit Union Administration," and the message text requests that the user follow a link and submit personal information, supposedly for the purpose of activating an online account.
This email represents a fraudulent attempt to obtain personal account information. The NCUA does not require any type of account validation, and neither they nor Affinity will ever ask for your personal information via email. Affinity Federal Credit Union members who receive this email should not follow the instructions in the message.
If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
July, 2007: U.S. Central Phishing Email Scam
Credit union members have recently been targeted by a scam email claming to be from U.S. Central. The message states that "clients' accounts" have been blocked for security reasons, and that the recipient will need to enter their account information in order to have it unblocked. The information submitted via this scam is then collected for possible account or identity theft. Anyone receiving this email should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose, and should not follow the instructions in the message.
If you have already responded to such an email and provided any confidential account information, please notify our Member Service Center immediately at 800-325-0808.
June, 2007: Better Business Bureau Phishing Scam
A phishing email claiming to be from the Better Business Bureau (BBB) is being distributed to upper-level managers and executives at a variety of companies. Recipients of the message are advised of an alleged complaint against their company filed with the BBB, and are directed to click a link and download the "complaint details." The file that is then downloaded is a Trojan horse, one that will steal all data sent from the victim's browser.
This new scam is different from most other phishing schemes in that, rather than collecting specific information from random individuals, it instead targets a specific group and seeks to collect all information the victims transmit over the internet.
Affinity members who receive this email should not follow the instructions in the message. If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
May, 2007: Attention Alcatel-Lucent Employees
Recently, Alcatel-Lucent learned that a computer disk containing the confidential personal information of as many as 200,000 current and former employees has been missing since May 7th. The company has asked the US Secret Service to investigate, and is in the process of providing assistance to affected employees. In addition to the actions recommended by Alcatel-Lucent, Affinity strongly encourages members who are Alcatel-Lucent employees to contact our Member Service Center at 800-325-0808.
May, 2007: NCUA "Credit Union Card Update" Phishing Scam
Another new phishing attack targeting credit union members has surfaced, again using an email that purports to be from the NCUA. In this case, the message subject reads "Update Your Credit Union Card," while the message text asks individuals to follow a link and submit their personal information to a site that claims to be part of the NCUA.
This email constitutes a fraudulent attempt to obtain account information for an illegal purpose. Affinity Federal Credit Union members who receive this email should not follow the instructions in the message.
Neither Affinity nor the NCUA will ever ask for your personal information via email. If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
April, 2007: NCUA "Fax" Phishing
We have recently become aware of an email that is being sent to solicit personal information from individuals who may have accounts with credit unions. The email references recent phishing attacks, and requests that account holders complete a form that appears to be from the NCUA. They are then asked to send this form via fax to a number included in the message.
The email and the attached fax form constitute a fraudulent attempt to obtain account information for an illegal purpose. Affinity Federal Credit Union members who receive the message and attachment should not follow the instructions, and instead delete it immediately. If you have already responded to this request and provided your confidential information, please contact our Member Service Center immediately at 800-325-0808.
January, 2007: NCUA "Account Review Department" Phishing Scam
The National Credit Union Administration (NCUA) is the subject of a recent phishing attack targeting credit union members. An email that appears to be from the "NCUA Account Review Department" has been sent to members under the pretense that there is a problem with their accounts. The message presents an official-looking "Case ID Number," and asks that members submit personal information for "verification" purposes or risk having their accounts closed.
This email constitutes a fraudulent attempt to obtain account information for an illegal purpose. Affinity Federal Credit Union members who receive this email should not follow the instructions in the message.
Neither Affinity nor the NCUA will ever ask for your personal information via email. If you have already responded to this message and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
December, 2006: Store Gift Card Scam
There have been reports of thieves copying the identifying information printed on retail gift cards while they are on display in store racks. The thieves will then periodically check to see if a particular card has been activated - if it has, they will then use the card to make purchases on the Internet, draining the balance it contains.
It is recommended that individuals who purchase a gift card buy them from a customer service representative and not directly from a display rack. Given a choice between prepaid cards displayed on an open rack versus those kept behind a customer service counter, the latter is clearly the safer choice.
October, 2006: FDIC "LinkBank System" Phishing Scam
There are new reports of a phishing email that has the appearance of being sent from the FDIC. The fraudulent emails typically include a "Subject" line that states: "Compliance Examination for [recipient's name inserted]." The message asks recipients to click on a hyperlink titled "Take the Corrective Action - Implement the LinkBank System."; this "LinkBank System" is described as "...a protocol developed by the FDIC and other federal agencies as a way to ensure that the standards for Online Banking security are met."
When accessed, the hyperlink downloads what is likely to be a keylogger or similar piece of malicious software. DO NOT click on the link provided in the phishing e-mail. This email is a fraudulent attempt to obtain personal information from consumers. Consumers should NOT click the link provided within the body of the message, and should not under any circumstances submit any personal information.
If you have already responded to such an email and provided any confidential account information, please notify our Member Service Center immediately at 800-325-0808.
July, 2006: Fraudulent "$50 Reward" Survey Email
Credit union members around the country have been targeted recently by a scam email claming to be from either the National Credit Union Administration (NCUA) or the Credit Union National Association (CUNA). The message offers credit union members a $50 "reward" credit to their account for filling out a short, five question survey. The information requested in the survey is then collected for possible use in identity theft.
Anyone who receives this email should consider it to be an attempt to obtain confidential account information for an illegal purpose.
If you have already responded to such an email and provided any confidential account information, please notify our Member Service Center immediately at 800-325-0808.
May, 2006: Veterans Affairs Data Theft
Discs containing personal data on more than 26 million US veterans (all who have served in the armed forces since 1976) were stolen recently from a Veterans Affairs employee. The information the discs contained was highly sensitive, and could be used for illegal purposes.
Affinity members who are concerned that they may now be at risk should take extra caution and learn more about what they can do to reduce the risk of becoming an identity theft victim.
May, 2006: Fraudulent NCUA Email Scam
The National Credit Union Administration (NCUA) has recently been the subject of a phishing attack on credit union members. Messages that appear to be from the NCUA have been sent out requesting that individuals submit their personal account information and PIN numbers in order to restore access to their accounts.
This email constitutes an attempt to obtain account information for an illegal purpose; Affinity FCU members who receive it should not follow the instructions in the message.
For further information, visit the NCUA's website. If you have already responded to such an email and provided confidential account information, please notify our Member Service Center immediately at 800-325-0808.
October, 2005: Phishing Scam Targeting Affinity Federal Credit Union Members
A phishing scam that specifically references Affinity Federal Credit Union has surfaced. The scam email, signed "Customers Support Service," requests that members update their online user profile for security purposes. Clicking the link provided directs the recipient to a false website that asks for confidential/personal information.
Anyone receiving this email should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose, and should not follow the instructions in the message.
If you have already responded to such an email and provided any confidential account information, please notify our Member Service Center immediately at 800-325-0808.
September 2005: Members Targeted by Affinity Plus Phishing Scam
A phishing scam consisting of an email supposedly from Affinity Plus Federal Credit Union has been discovered. The scam email asked recipients to renew their Bill Payment account registration. Clicking the link directed the email recipient to a false website and asked for confidential/personal information.
Anyone receiving an email that claims to be from Affinity Plus Federal Credit Union and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the email.
If you responded to such an email and provided any confidential account information, please notify our Member Service Center immediately at 800-325-0808.
