Don’t Get Hooked by a
Phishing Attack
Phishing Attack
Many people in our local school districts have received a suspicious e-mail requesting them to verify their personal
information. This is a phishing scam. We reported on this in our newsletter at San Tan CU in June. The text of the actual e-
mail received by many of our members is printed below. Notice that the name San Tan Credit Union is never stated, only the
generic "credit union." Another clue: the use of the word “customer,” at your credit union, you are a member.
There have also been recent multiple e-mail fraud attempts, known as "Phishing”, that were initiated via e-mail sent to both the
general public and to some credit union members that appeared to be from "credit union," or NCUA or CUNA. This false e-mail
asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the
link directed them to a false website and asked for their credit union account number and PIN, along with other personal
information.
STCU (or any other legitimate institution) does not ask credit union members for such personal information. Anyone who
receives an e-mail that purports to be from their financial institution and asks for account information should consider it to be a
fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-
mail.
If you responded to such e-mail and provided any confidential account information, please notify STCU (or your other financial
institution) immediately of the scheme. You should also change your account PINs, and take additional precautions with your
account information. STCU (or any of our affiliates) will never contact you asking for information about you or your accounts.
Here is a link to NCUA's information on this e-mail, and where you can go to report the receipt of such fraud attempts:
http://www.ncua.gov/phishing/phishing.htm
The Federal Trade Commission recommends the following tips to help you avoid getting hooked by phishing:
1. If you get a pop-up or e-mail message requesting personal or financial information, don’t reply or click on the link in the
message. Legitimate companies won’t ask for this information.
2. Be cautious about opening attachments or downloading files from e-mail messages.
3. Never send personal information via e-mail. Look for a closed padlock at the bottom of your browser window, or a URL that
begins with “https”--the “s” stands for secure. However, some phishers forge these security icons.
4. Review statements for accuracy as you receive them. If they’re late, call the company to confirm billing address and balance.
5. Use antivirus software and keep it up-to-date. Run a firewall, particularly if you have a broadband connection. Take
advantage of free software “patches.”
6. Report suspicious activity to the FTC at www.ftc.gov, and forward suspicious messages to spam@uce.gov.
information. This is a phishing scam. We reported on this in our newsletter at San Tan CU in June. The text of the actual e-
mail received by many of our members is printed below. Notice that the name San Tan Credit Union is never stated, only the
generic "credit union." Another clue: the use of the word “customer,” at your credit union, you are a member.
There have also been recent multiple e-mail fraud attempts, known as "Phishing”, that were initiated via e-mail sent to both the
general public and to some credit union members that appeared to be from "credit union," or NCUA or CUNA. This false e-mail
asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the
link directed them to a false website and asked for their credit union account number and PIN, along with other personal
information.
STCU (or any other legitimate institution) does not ask credit union members for such personal information. Anyone who
receives an e-mail that purports to be from their financial institution and asks for account information should consider it to be a
fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-
mail.
If you responded to such e-mail and provided any confidential account information, please notify STCU (or your other financial
institution) immediately of the scheme. You should also change your account PINs, and take additional precautions with your
account information. STCU (or any of our affiliates) will never contact you asking for information about you or your accounts.
Here is a link to NCUA's information on this e-mail, and where you can go to report the receipt of such fraud attempts:
http://www.ncua.gov/phishing/phishing.htm
The Federal Trade Commission recommends the following tips to help you avoid getting hooked by phishing:
1. If you get a pop-up or e-mail message requesting personal or financial information, don’t reply or click on the link in the
message. Legitimate companies won’t ask for this information.
2. Be cautious about opening attachments or downloading files from e-mail messages.
3. Never send personal information via e-mail. Look for a closed padlock at the bottom of your browser window, or a URL that
begins with “https”--the “s” stands for secure. However, some phishers forge these security icons.
4. Review statements for accuracy as you receive them. If they’re late, call the company to confirm billing address and balance.
5. Use antivirus software and keep it up-to-date. Run a firewall, particularly if you have a broadband connection. Take
advantage of free software “patches.”
6. Report suspicious activity to the FTC at www.ftc.gov, and forward suspicious messages to spam@uce.gov.
The following letters are the actual text of two fraudulent e-mail messages sent to many of our members:
From: confirm@cuna.org (or NCUA)
Credit Union is constantly working to ensure security by regularly
screening the accounts in our system. We recently reviewed your account, and we need more information to help
us provide you with secure service.
Until we can collect this information, your access to sensitive account
features will be limited. We would like to restore your access as soon
as possible, and we apologize for the inconvenience.
Why is my account access limited?
Your account access has been limited for the following reason(s):
* We would like to ensure that your account was not accessed by an
unauthorized third party. Because protecting the security of your
account is our primary concern, we have limited access to sensitive
Credit Union account features. We understand that this may be an
inconvenience but please understand that this temporary limitation is
for your protection.
(Your case ID for this reason is PCU1-410-320-3334.)
_________________________________________________________________________________________________________________
Dear Credit Union Member,
During our regulary schedule account maintenance and verification we have detected a slight error in your billing
information on file with CUNA. This might be due to either following reasons:
- A recent change in your personal information (i.e. change of address)
- Submitting invalid information during the initial sign up process.
- An inability to accurately verify your selected option of payment due an internal error
within our processors. Your credit card on file with CUNA:
Card number: XXXX-XXXX-XXXX-XXXX (Not shown for security purposes) Expiration date: XX/XX
Please update your billing information here: http://update.cuna.org/cgi-bin/BillingUpdate.htm
If your account information is not updated, your credit/debit card access will become restricted.
Thank you.
Credit Union National Association, Inc.
From: confirm@cuna.org (or NCUA)
Credit Union is constantly working to ensure security by regularly
screening the accounts in our system. We recently reviewed your account, and we need more information to help
us provide you with secure service.
Until we can collect this information, your access to sensitive account
features will be limited. We would like to restore your access as soon
as possible, and we apologize for the inconvenience.
Why is my account access limited?
Your account access has been limited for the following reason(s):
* We would like to ensure that your account was not accessed by an
unauthorized third party. Because protecting the security of your
account is our primary concern, we have limited access to sensitive
Credit Union account features. We understand that this may be an
inconvenience but please understand that this temporary limitation is
for your protection.
(Your case ID for this reason is PCU1-410-320-3334.)
_________________________________________________________________________________________________________________
Dear Credit Union Member,
During our regulary schedule account maintenance and verification we have detected a slight error in your billing
information on file with CUNA. This might be due to either following reasons:
- A recent change in your personal information (i.e. change of address)
- Submitting invalid information during the initial sign up process.
- An inability to accurately verify your selected option of payment due an internal error
within our processors. Your credit card on file with CUNA:
Card number: XXXX-XXXX-XXXX-XXXX (Not shown for security purposes) Expiration date: XX/XX
Please update your billing information here: http://update.cuna.org/cgi-bin/BillingUpdate.htm
If your account information is not updated, your credit/debit card access will become restricted.
Thank you.
Credit Union National Association, Inc.
"Our #1 reason is you"
We do business in accordance
with the Federal Fair Housing
Laws and the Equal Credit
Opportunity Act.
with the Federal Fair Housing
Laws and the Equal Credit
Opportunity Act.
