Fraud Protection

MSECU will never solicit
Personal/Private information via e-mail or text message.

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.

The FTC estimates that as many as 9 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft.
The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn't make or until you're contacted by a debt collector.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

Alerts!

Vishing, (Voice phISING) also called “VoIP phishing for the internet phones,” is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks the user’s card number or other personal or financial information.

The initial bait is a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.

This is a different attack. The numbers that are in the caller ID are being spoofed (some CU's had law offices and car dealerships being listed as the callers). The calls generally are being generated through internet VOIP providers, making them very hard to trace. CU members and non-members are receiving calls (late night and usually comes through as “out of area” ) supposedly from their/or a CU with an automated message about their Credit Card/ Debit Card compromised and asked not to call any number but to simply press 1 to “be transferred to the card security department” automatically. From this point the members are being asked to enter their 16 digit number and the security code in the back...

MSECU will never solicit Personal/Private information. Should you receive a suspicious call with a message that appears to be from MSECU, and you're not sure, please email us via our Contact Email Address: msecu@mastatecu.org, and we'll happy to confirm it for you.

----------------------------------------------------------------------------------

There is a new phishing scam going around, this one is for the IRS and your refund. The lure email is shown below, and is quite standard in its formatting. It even threatens you with criminal prosecution if you lie.

So far nothing special, until you click the link. It’s to an EXE, not to a website. When you download that and look, what you get is a locally hosted website with the phishing site shown below (broken in IE7):

This is a new twist in phishing attacks that can bypass the normal URL filtering bar for malicious sites. It requires that the mechanism that determines if it’s a phishing site recognize that EXEs can also be used in phishing. It makes sense that this would evolve, We suspect we’ll see more of this soon.

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Scam alerts!

We would like to make you aware of a NEW form of a phishing attack.

As many of you know, Phishing is the attempt to send you an email that looks like it was sent by a credible source. The email typically tells you that your account has a problem and you need to update your information by clicking on a link within the email. The link typically looks like it's the right website but the hyperlink actually goes somewhere else.

The following is an example of this new type of attack. Rather than asking the user to select a link in an email, the scammers have taken over a toll free phone number and asked that the member call this number and reactivate the account. The reason this is a little scarier is that we have spent countless hours training members not to click on links into emails but to call the Credit Union instead. This new form of attack utilizes that information to make the member believe that they are doing the right thing by calling the phone number. Also notice how the scammer reinforced the fact that the member should never click on a link in an email but should call the credit union directly. Here is what the letter would look like:

--------------------Original Message----------------------------

From:

Sent: Monday, November 12, 2007 5:28:15 AM

Subject: Alert!

ALERT

Last Updated: November/12/2007

Dear Member,

We will never contact you to obtain your personal financial data via any means, including email, USPS mail, instant message, etc. Why not?

If you are a member, we already have it. If you receive any type of solicitation for that information, do not provide it--it is a fraudulent scam.

If you receive any emails requesting this information, do not provide it, and do not click on embedded links in the email. Clicking on them may install spyware, Trojans, keystroke loggers, or other malicious software aimed at capturing your login credentials. See What is "phishing" section below for more information.

Due to unusual levels of fraud we have had to suspend any future authorizations being conducted with your Check Card. Your Check Card is now inactive.

How to re-activate your card.

Call our Card Department from Monday through Friday, 7:00 a.m. to 7:00 p.m., and 8:00 a.m. to 1:00 p.m. on Saturday.

Toll-Free (877) 228-0944

Our automated system allows you to quickly activate your card.

Card Department (877) 228-0944

We apologize for any inconvenience this may cause.

* * * * * * * * *

As a test, we called the phone number above and entered in a fake 16 digit CC number, pin and expiration date. The first response from the system was that the card number was invalid and I had to enter it again. Once a user hears this, they may become a little less suspicious because it leads them to believe that it was actually checking a source file. We entered in the fake number a second time and it responded that the card was now reactivated. Interesting, even the scammers have controls in place for data integrity. If the user enters in the same number twice, the card must be valid...

Please pass the information along to our members.

----------------------------------------------------------------------------------------------------------------------------

Please note:

An MSECU Credit Union member reported to member support that he received an email saying that his account has been partially blocked by the online system due to incorrect password entry. Below is the text of the fraudulent e-mail. Always bear in mind: financial institutions and service organizations never ask for any personal credit card or financial information via e-mail.

If you receive a message like the email below or something similar, DO NOT RESPOND, it is a phishing scam. Instead, please forward the email to phishing@ncua.gov and report this phishing incident to the Anti-Phishing Work Group at http://www.antiphishing.org/report_phishing.html mailto:support@paylinks.cunet.org> https://paylinks.cunet.org and enter necessary information. Should 3 of your attempts be invalid due to incorrect login/password entry, your account will be completely blocked.

DO NOT RESPOND TO THIS E-MAIL. IT IS AN ATTEMPT TO CAPTURE YOUR PERSONAL FINANCIAL INFORMATION, WHICH IS THE FIRST STEP IN IDENTITY THEFT.

--------------------Original Message----------------------------

From: IT Support Team (support@paylinks.cunet.org) <

Sent: Thursday, June 28, 2007 11:03 AM

Subject: Paylinks Credit Union support Mail.

Dear User (Client)

____________________________

Due to incorrect password entry, several attempts of access to our client's accounts have been detected and blocked by our security department within the latest day. At the moment, access to your account is partially blocked by the system. It means that you may browse accessible information, change settings but you can not make any transactions. In order to remove restrictions, you have to enter your login and password received at the moment of your account registration in our banking system as soon as possible. Just follow the link

We hope for understanding and make our apologies for inconveniences

IT-Security department

-----------------------------------------------------------------------

Attempted Phishing 3/19/2007

Below is a copy of an email that is an attempt to phish the mail recipient. MSECU, the NCUA, CUNA and other Financial Service Providers will not contact you via email to obtain private and personal information. We already have it. This email is not legitimate and should be reported to the appropriate authorities.

-----Original Message-----
From: service@ncua.gov
Sent: Sun, 18 Mar 2007 3:58 PM
Subject: Please update your profile information -- OR --- Important notice- Critical account update

Dear Credit Union holder account,

This notice informs you that your Credit Union bank has joined our Federal Credit Union(FCU) network. For both, our and your security, we are asking you to activate an online account on our database. After activation you can login on our system with your SSN and your Credit/Debit PIN number.

You must visit the FCU activation page and fill in the form to activate your online account:

XXX https://www.ncua.gov/activate_XXXaccount--- (THIS MIGHT BE A DIFFERENT ADDRESS)

In accordance with NCUA User Agreement, you can use your online account in 24 hours after activation. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account.

National Credit Union Administration Team apologize for any inconvenience.

Sincerely,
NCUA Account Review Department

Analysis reveals that the executable will take your data and send it to at least two different servers