|
Phishing scams continue to affect credit unions, but the styles of phishing are shifting. Vishing, Smishing, and U.S. Mail Phishing are new ways to bait members into divulging personal and financial information. Scammers are turning to these methods in hopes of confusing members into thinking they can only be “phished” through the use of e-mail.
These methods are defined as follows:
E-MAIL “PHISHING”
Phishing (pronounced “fishing”) is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as “brand spoofing,” an official-looking e-mail is sent to potential victims pretending to be from their Internet Service Provider (ISP), credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.
LAND-LINE TELEPHONE “VISHING” & VoIP (INTERNET PHONES “VISHING”)
Vishing, (Voice phISHING) also called “VoIP phishing for the Internet phones,” is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.
Because people are used to entering card numbers over the phone, either of these techniques can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land-line telephone.
TEXT MESSAGE “SMISHING”
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user’s cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.
MAIL LETTER “PHISHING”
This new scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.
For loss prevention recommendations, please click here.
(Editors note: article by Ann Davidson, CUNA Mutual Risk Manager)
For more information, contact your CUNA Mutual Sales Executive at 800.356.2644 or the Credit Union Protection Response Center at 800.637.2676. CUNA Mutual Group does not provide any warranties or guarantees with respect to the performance of services by any vendor, and is not liable for any products or services purchased from any vendor by any credit union. Each credit union is ultimately responsible for determining the products and services that it may require, selecting the vendor that best meets the credit union's needs (whether or not a preferred partner), and contracting directly with that vendor. Compliance Form Number: MARC-0808-477C
|
