Star One Credit Union
Awareness & Info
Font SizesmallmediumlargePrint This Page

Phishing

Have you heard of phishing? It's a type of fraudulent e-mail scheme designed to scare you into providing your personal and financial information online.

Please call us if you receive any kind of suspicious solicitation at (866) 543-5202 or (408) 543-5202 and ask for the Web Services Department, or forward the e-mail in question to reportphishing@starone.org. You will never receive an e-mail from Star One asking you to provide or verify your account information online. E-mails of this nature only come from those who are interested in gathering and misusing your personal information.

How does it work? An e-mail is sent out that is designed to trick consumers into surrendering personal information. They may appear to come from government agencies such as the IRS, an online shopping venue such as E-Bay, or even a credit card company. The most popular scams are:

  • "Vishing"

    A phone recording (or e-mail) from what appears to be your credit union or bank telling that you that your online account has been disabled after detection of unauthorized access. You are told to dial a telephone number (with a local area code) where an automated voice prompts you to enter your account numbers, personal-access codes and other details.

     

  • Bank Account Scam

    An e-mail from what appears to be your bank or credit union inquiring about changes to your account.

     

  • IRS E-Audit Scam

    An e-mail from what appears to be the IRS encouraging you to complete a questionnaire within 48 hours to avoid penalties and interest.

     

  • Big Purchase Scam

    An e-mail from what appears to be a retailer asking you to confirm "a recent large purchase."

     

  • Expired Credit Card Scam

    An e-mail from what appears to be your Internet Service Provider asking you to update credit card information.

     

  • Employment Site Scam

    An e-mail that appears to be a wonderful job opportunity. You are asked to complete an application that includes your social security number.

     

Recipients are directed to web sites where they are asked to verify personal information such as their name, bank account and credit card numbers, social security numbers, and other information. A sense of urgency is created by telling the consumer that, with little or no notice, their account will be shut down unless they confirm their personal and/or billing information right away. In addition, great care is taken to copy the original Web site to make the scheme appear as authentic as possible. Web addresses (URL's) are masked to make them look real.

If you receive an e-mail of this nature, DO NOT respond to it, click on the link, or provide any information. Delete it. In addition, you may want to:

  • Contact the company directly using a phone number or Web site address you know is genuine and tell them about the scheme;
  • Review your credit card and account statements as soon as you receive them to determine whether there have been any unauthorized charges;
  • Report suspicious activity to the FTC, and forward the suspicious e-mail to them at uce@ftc.gov.

To protect yourself, consider the following:

  • Companies rarely ask for information they already have.
  • Don't use links embedded in e-mails to go to a familiar site. Go directly to the company's Web site the way you normally do.
  • Do not give out personal financial information as a result of an e-mail solicitation.
  • Spoof web sites normally have longer addresses (URL's). Take a second look.
  • The IRS does not use e-mail to notify consumers, nor do they conduct e-audits.

If you are victimized, contact the three major credit bureaus to place a "fraud alert" on your accounts, and notify your local police. See our Identity Theft section for more information. View the National Credit Union Administration's (NCUA) informational Phishing brochure here.

Fraud Definitions

Honeypots:

Closely monitored network decoys designed to distract adversaries from more valuable machines on a network. They can provide early warning about new attack and exploitation trends and they allow in-depth examination of attacks.

Keystroke logger:

A software program that enables one Internet user to monitor the actual keystrokes of another Internet user.

Phishing:

A process by which fraudsters are able to replicate the "look and feel" of a legitimate financial services company's e-mail or Web site for the purposes of tricking customers into divulging personal identification, passwords and financial data.

Shoulder surfing:

Stealing a computer password or access code by peeking over a person's shoulder while he types in the characters.

Skimming:

The copying by a dishonest cashier of the data on a magnetic stripe on a customer's credit card by swiping it through a small card reader. The information is then used to make counterfeit cards.

Sniffing:

The watching, displaying and logging of another Internet user's computer traffic.

Spoofing:

The forging of an e-mail header to make it appear as if it came from someone or somewhere other than the actual source.

Synthetic identity:

A false identity made up of stolen components.

Trojan horses:

Programs in which malicious or harmful code is concealed or hidden inside apparently harmless programming or data, the purpose of which is to get control of the breached computer and do damage.

Tools
NCUAEqual Housing Lender
Privacy  |  Security  |  Rates  |  Disclosures  |  Calculators  |  Help  |  Site Map
© 2014 Star One Credit Union. All rights reserved.