Recognizing Scams

We're here to help protect you from phishing attacks

Want to know what these phishing scams look like? See examples.
Think you might be a victim? Follow these steps.

Technology brings us all kinds of convenience and entertainment. It also creates new ways for crooks to take advantage of consumers. The scams and the lingo change all the time. Here's an abbreviated technology fraud dictionary to keep you in the know:

» Pharming
» Phishing
» Pretexting
» SMS-ishing

» Spim
» Spoof
» Vishing

Pharming secretly plants a virus or malicious program in your computer and hijacks your web browser. Pharming crimeware misdirects users to fraudulent sites or proxy servers. When you type in the address of a legitimate Web site, you're sent to a fake site without knowing it. If you give your password or account information on the fake site, thieves will use your account fraudulently.

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords, account information and credit card details, by masquerading as a trustworthy entity in an electronic communication.

A clear tip-off that it's a fake--typically the greeting will be generic and not addressed to you by name. Another characteristic is a sense of urgency or alarm, say, that your account is about to be closed. Delete the message and report it to ReportScams@66fcu.org.
View samples of phishing emails.

Pretexting isn't new, but another scam aided by technology. Sometimes referred to as "social engineering," it occurs when someone tries to get personal private information without authority to do so. The scammer may ask for private information while impersonating an accountholder by phone, mail, e-mail, or even by phishing--using a phony Web site or e-mail to collect data.

SMS-based phishing, or SMS-ishing, convinces a user to click on a link in a SMS message leading them to a fake Web site from where their personal details can be phished or to call a phone number in order to gain access to private personal and financial information for the purpose of illegal financial reward.

Example of a fraudulent text message:

FRM: 66 Federal Credit Union
MSG: For usual maintenance please confirm your 66 Federal Credit Union details by calling at XXX-XXX-XXXX (actual phone number varies).

Please remember that we will never contact you asking you to verify any of your personal account information.

"It is important for our members to know these are random phone calls proven by the fact that we have a lot of non-members notifying us about the fraudulent calls," said Kelly Diven, CEO/President, "and the only way accounts are compromised in any way is when unsuspecting individuals respond and give these scam artists their personal account information."

Spim is spam--unsolicited bulk e-mail--delivered by IM, instant messaging. Not yet as common as spam, it reaches more people all the time. IM can be especially useful for spammers and dangerous for recipients because they may be more likely to click on links, bypassing virus software available on computers. Block messages from anyone not on your buddy list as a defense.

A spoof is an attempt to fool. Web spoofing is the act of secretly tricking your Web browser into talking to a different Web server than you intend. E-mail spoofing involves forging an e-mail header to make it appear as if it came from somewhere or someone other than the real source. Either can seduce you into supplying information to an unintended recipient.

If you hold your mouse over a link, the status line displays the corresponding URL. Be suspicious if the status line URL is different from what you think you should see. If Web pages you're familiar with suddenly prompt you to fill in private information, think carefully before you comply. If possible, call or send mail to the official source to verify that this change is legitimate. As always, when in doubt, do not enter any information you feel uncomfortable providing.

Vishing is a combination of "voice" and phishing, where the caller typically exploits the public's trust in landline telephone services in order to gain access to private personal and financial information for the purpose of illegal financial reward. Victims are often unaware that vishing usually allows for caller ID spoofing and complex automated voice systems.

Typical fraudulent messages may say that your credit card has been cancelled or compromised and direct you to call in and provide personal information.

Please be assured that your personal and financial information has not been compromised in any way. The only way that fraudulent activity can take place on your account through these phishing and vishing attempts is if you respond and ultimately give them access to your personal account information. We are utilizing every available means at our disposal to monitor, analyze, and pull down these illegal phishing Web sites and these illegal operations as quickly and efficiently as possible.

How can you help?

We believe that the single most effective weapon against fraud and identity theft is an informed, educated member. To help you recognize phishing scams, we have some samples of things to look for to help you distinguish a fraudulent email attempt from the real thing. You can also visit our site's Fraud and ID Theft page to read more. If you believe you have received a fraudulent email, phone call or letter from the Credit Union, please contact us at ReportScams@66fcu.org or call us at (800) 897-6991 option 3.

What to look for:

Homepage of Web site:

correct address bar

This is the correct address for our home page.

Incorrect Homepage of Web site:

Fradulent address

This may seem correct, but pay attention to the address bar.

Correct eBranch Login:

eBranch login correct

This is the correct address for logging into eBranch. The prefix is "https://" which denotes, in this case, that the site is secured. The address is "www.cuonlineaccounts.org." The file name is all the rest of the information to the right of the first "/" after https://. Also, notice padlock at the end of the address bar? This means the site is secure. If you are using IE7, the whole address line should appear green like below.

Green Bar Secure

Using the Mozilla Firefox browser, the address should appear yellow.

IP address scam:

IP address scam

Real sites don't usually have numbers at the beginning of their address.

Incorrect Web site:

tricky fraud email

Although you see 66fcu.org in the address line, don't be fooled. The real host for this site is businesssupport.ru. Within the Address, the right-hand side is the most important! It shows the site name. Look at the address before the first "/" after the http://.

Phishing Email Examples:

The following are examples of e-mails that members and non-members have reported receiving. Please remember, these are not legitimate messages and should not be responded to. If you receive an email you believe is fraudulent, please forward it to ReportScams@66fcu.org.

Most Recent Phishing Scam

From: 66 Federal Credit Union <form@66fcu.org>
Sent: Thu, November 5, 2009 5:57:08 AM
Subject: Notification From 66 Federal Credit Union

As part of our security measures, we regularly screen activity in the system.
We recently contacted you after noticing an issue on your account.
We requested information from you for the following reason:

- We have observed activity in this account that is unusual or potentially high risk.

Please download the form attached to this email and open it in a web browser.
Once opened, you will be provided with steps to restore your account access.
We appreciate your understanding as we work to ensure account safety.

Sincerely,

Copyright © 2009 66 Federal Credit Union.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Phishing Email Example #1

Phishing Email Example #2

Phishing Email Example #3

Phishing Email Example #4

Phishing Email Example #5

Phishing Email Example #6

Phishing Email Example #7

Phishing Email Example #8

Phishing Email Example #9

Phishing Email Example #10

Phishing Email Example #11

Phishing Email Example #12

Phishing Email Example #13

Phishing Email Example #14

Phishing Email Example #15

Phishing Email Example #16

Find out more by reading our Fraud & ID Theft page.

. To help you recognize phishing scams, we have some samples of things to look for to help you distinguish a fraudulent email attempt from the real thing. You can also visit our site's page to read more. If you believe you have received a fraudulent email, phone call or letter from the Credit Union, please contact us at ReportScams@66fcu.org or call us at (800) 897-6991 option 2.

If you believe you have received a fraudulent email, phone call or letter related to the Credit Union,
please contact us at ReportScams@66fcu.org or call us at (800) 897-6991 option 3.

Helpful Links

Protect Your Identity. Attend a Fraud Prevention Seminar

Member Service

Call 1-800-897-6991
7:30 a.m. – 6:00 p.m. (CST)
Email us: talk2us@66fcu.org
Transit/ABA# 303184652


Manage Your Account • Access Your Account • View & Pay Your Bills • CURewards™ • Credit Card Account • Mobile Banking Meet Your Goals • Investing • Life Changes • IRAs • Retirement • College Funds • Seminars • U.S. Savings Bonds • Current Rates	Member Services • Checking • Savings & Share Certificates • Credit Cards • Check/Debit Cards • eCheckDeposit • Direct Deposit • Health Savings • Current Rates Youth/Teen Services • Checking • Savings • Johnny Appleseed Club • CUSucceed® • Paying for College	Lending • Which Loan is Right For Me? • Mortgage • Home Equity • Vehicle & Recreation • Business • Credit Cards • Debt Consolidation • Student Choice Loan Solution • Loan Rates Insurance • Vehicle • Debt Protection • Accidental Death & Dismemberment • Life & Long-Term Insurance	Additional Services • ATMs • CURewards™ • Shared Service Centers • Gold Club • Touch Tone Teller • International Banking • Wire Transfers • Seminars	Business Services • Checking • Savings & Share Certificates • Loans • Current Rates