Click Here to Return to Welcome Page




Internet Pirates

are Trying to Steal YOUR Personal Financial Information

Here's the Good News: YOU have the Power to Stop Them


There's a new type of Internet piracy called "phishing." It's pronounced "fishing," and that's exactly what these thieves are doing: "fishing" for your personal financial information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.


In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver's licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.


Here's how phishing works:

In a typical case, you'll receive an e-mail that appears to come from a reputable company that you recognize and do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies.


The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as "Immediate attention required," or "Please contact us immediately about your account." The e-mail will then encourage you to click on a button to go to the institution's Web site.


In a phishing scam, you could be redirected to a phony Web site that may look exactly like the real thing. Sometimes, in fact, it may be the company's actual Web site. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information.


In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother's maiden name or your place of birth.


If you provide the requested information, you may find yourself the victim of identity theft.


How to Protect Yourself

  1. Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. E-mails and Internet pages created by "phishers" may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.

  2. If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and Web sites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.

  3. Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.

  4. Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.

What to do if you fall victim:

  • Contact your financial institution immediately and alert it to the situation.

  • If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name.

  • Here is the contact information for each bureau's fraud division:

    • Equifax 800-525-6285 P.O. Box 740250 Atlanta, GA 30374

    • Experian 888-397-3742 P.O. Box 1017 Allen, TX 75013

    • TransUnion 800-680-7289 P.O. Box 6790 Fullerton, CA 92634

  • Report all suspicious contacts to the Federal Trade Commission through the Internet at, or by calling 1-877-IDTHEFT.

    • Here's How:

      • Never provide personal financial information, including your Social Security number, account numbers or passwords, over the phone or the Internet if you did not initiate the contact.

      • Never click on the link provided in an e-mail you believe is fraudulent. It may contain a virus that can contaminate your computer.

      • Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information. If you believe the contact is legitimate, go to the company's Web site by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.

      • If you fall victim to an attack, act immediately to protect yourself. Alert your financial institution. Place fraud alerts on your credit files. Monitor your credit files and account statements closely.

      • Report suspicious e-mails or calls to the Federal Trade Commission through the Internet at, or by calling 1-877-IDTHEFT.

A message from the federal bank, thrift and credit union regulatory agencies Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision.






Telephone / Text Message Phishing Scam

September 23, 2008

CO-OP Financial Services has notified our credit union in the past about email phishing scams and deceitful attempts to obtain cardholder information with the intent of committing fraudulent activity against member accounts.  Multiple member credit union have recently reported a phishing scam they are experiencing.  This fraudulent attempt to capture card numbers is done with an automated telephone service or a text message.


The message indicates the member's debit card may have been compromised and has been placed on a hold status.  In order to activate the card, the message asks the member to call another phone number and enter their 16-digit card number and PIN.





CUNA Mutual Group Protection Resource Center

September 16, 2008 – In another variation of a scam, "phishers" are reading obituaries and posing as relatives to fraudulently obtain personal and financial information from credit union members. They then contact the member, posing as their relative, to request that money be transferred into the fraudster's accounts. The member is also asked to contact the financial institution to authorize that the funds be disbursed to the fraudster. The twist in that the member is authorizing the transaction to have the funds sent to the fraudster.




September 1, 2008 – An email asks the recipient to confirm, update, or verify their account data by visiting a link contained in the email that will take them to a spoof website where the phishers can capture the recipients account details.  The page will look similar to Bank of America, but the URL (address) of the spoof website is not the actual Bank of America URL. To verify the URL (address) of a web page, right click on the page and select properties.




Prepared by the Internet Crime Complaint Center (IC3)

August 28, 2008 - The IC3 continues to receive thousands of reports concerning the hit man email scheme. Email content has evolved since late 2006; however, the messages remain similar in nature, claiming the sender has been hired to kill the recipient.


Two new versions of the scheme began appearing in July 2008. One instructed the recipient to contact a telephone number contained in the e-mail and the other claimed the recipient or a "loved one" was going to be kidnapped unless a ransom was paid. Recipients of the kidnapping threat were told to respond via email within 48 hours. The sender was to provide the location of the wire transfer five minutes before the deadline and threatened bodily harm if the ransom was not received within 30 minutes of the time frame given. The recipients' personally identifiable information (PII) was included in the e-mail to promote the appearance that the sender actually knew the recipient and their location.


Perpetrators of Internet crimes often use fictitious names, addresses, telephone numbers, and threats/warnings regarding the failure to comply to further their schemes.

In some instances, the use of names, titles, addresses, and telephone numbers of government officials, business executives and/or victims' PII are used in an attempt to make the fraud appear more authentic.


Below are links for the two previous PSAs published by the IC3 concerning the hit man scheme:

  • Consumers always need to be alert to unsolicited e-mails. Do not open unsolicited e-mails or click on any embedded links, as they may contain viruses or malware. Providing your PII will compromise your identity!

  • Individuals who receive e-mails containing threats of violence and their PII are encouraged to contact law enforcement as well as file a complaint at




August 27, 2008 – CUNA warns of multiple phishing scams posing as various credit unions. In some of the scams, members and non-members receive an email or cell phone text message informing them that their online account access has been suspended. Recipients are given a phone number to call to re-instate their online access. This is really a way for phishers to get the recipients account information, which enables them to steal funds from the account.




August 27, 2008 - Residents in Oregon have been targeted by a text message scam. The text message claims to be from TLC Federal Credit Union. It states, “Dear  TLCFUC Bank customer. We regret to inform you we had to code your account. Call 503-457-4217 to restore your bank account.” When this number is called an automated voice asks the individual to enter their account information. If the individual enters account information they give the scammers access to steal money from their account.




National Association of Federal Credit Unions (NAFCU)

Aug. 22, 2008 – Credit union members and some nonmembers in Ohio were targeted with wireless phone scams designed to trick them into divulging their sensitive information.


The Ohio residents received text messages that read, “Your credit union of Ohio services was suspended for suspicious activity.” Text message recipients were then directed to a phone number where they heard an automated recording asking for their debit or credit card information.




August 19, 2008 - CUNA warns of new phishing emails that are circulating using their name. These emails reference a new service called, Your Credit Union Rewards You with a link to collect the reward.

Neither CUNA nor CUNA Strategic Services offers such a program. Do not provide any information to these sites. The Credit Union National Association (CUNA) is the trade association for Credit Unions in the United States. CUNA does not maintain any type of Member financial information. If you received this email, forward it to then delete the original.




July 29, 2008 - A recent phishing email purporting to be from NAFCU recently slammed recipients’ in-boxes, but the site generating the message has been shut down by an anti-phishing firm employed by NAFCU. If you received this email, which begins with a claim of recent activity on your account, do not respond or forward it; delete it from your in-box. No further action is required.


As always, if you receive an email that appears to be from NAFCU and instructs you to go online to provide or verify or confirm financial or sensitive personal information, don’t believe it:

NAFCU will never send you an email asking for your credit- or debit-card, credit union or bank account information, Social Security number, login information (such as a PIN) or similarly sensitive data.  NAFCU’s name, logo, and other graphics have been used fraudulently in numerous phishing emails aimed at tricking people into providing sensitive financial and personal data on replicated Web sites. Giving these phishers your account and other sensitive information may expose you to identity theft and other types of fraud. If you have already complied with a phishing email, you should contact the institution where you maintain your account and have the information changed immediately.




Prepared by the Internet Crime Complaint Center (IC3)

July 8, 2008 - Since late May and early June 2008, there have been several natural disasters throughout the country – including tornadoes, wildfires, and floods – which have devastated lives and property. In the wake of these events, which have caused emotional distress and great monetary loss to numerous victims, individuals across the nation often feel a desire to help these victims, frequently through monetary donations.


Tragic incidents, such as 9/11, Hurricanes Katrina and Rita, and the recent earthquake in China, have prompted individuals with criminal intent to solicit contributions purportedly for a charitable organization and/or a good cause. Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, to include the following:

Do not respond to unsolicited (SPAM) e-mail.

  • Be skeptical of individuals representing themselves as officials soliciting via e-mail for donations.

  • Do not click on links contained within an unsolicited email.

  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.

  • To ensure contributions are received and used for intended purposes, make contributions directly to known organizations rather than relying on others to make the donation on your behalf.

  • Validate the legitimacy of the organization by directly accessing the recognized charity or aid organization's website rather than following an alleged link to the site.

  • Attempt to verify the legitimacy of the non-profit status of the organization by using various Internet-based resources, which also may assist in confirming the actual existence of the organization.

  • Do not provide personal or financial information to anyone who solicits contributions: providing such information may compromise your identity and make you vulnerable to identity theft.

To obtain more information on charitable contribution schemes and other types of online schemes, visit If you are a victim of an online scheme, please notify the IC3 by filing a complaint at




April 2008 – The NCUA warned of a scam involving unsolicited text messages sent to cell phones.  The message urges the recipient to call a number provided for information about account discrepancies and then solicits individual account information and pin numbers. 


Cell phone users should be wary of unsolicited text messages.  Such messages should be deleted and all deleted text messages should be removed, if possible, as the perpetrators have been known to use Spyware in conjunction with their text message solicitation. 


Such a scam could be used to obtain personally identifiable information and credit union account access information, for those who access their accounts using their cell phones.



Phishing Attempt: Email Solicitation

April 2008 - The NCUA has warned of a phishing attempt to obtain credit card account numbers and expiration dates. Perpetrator(s) sent emails to credit union members and the general public stating that the “National Credit Union Administration temporarily suspended your account due to fraud attempts”.  The email goes on to state “to reactivate your account call the toll free number” provided.  The email is addressed as originating from the NCUA Region 1, Albany, New York office and the phone number to call has an Albany area code of 518.


NCUA does not ask credit union members or the general public for such information. Anyone who receives an email that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the email.


Persons affected by this scam, and variants of this scam, should forward the entire email message to  Additionally, formal complaints concerning any suspected fraudulent email can be filed with the Internet Fraud Complaint Center (IFCC) at The IFCC is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. 




Prepared by the Internet Crime Complaint Center (IC3)

January 17, 2008 - Are you one of many who have received an e-mail, text message, or telephone call, purportedly from your credit card/debit card company directing you to contact a telephone number to re-activate your card due to a security issue? The IC3 has received multiple reports on different variations of this scheme known as "vishing". These attacks against US financial institutions and consumers continue to rise at an alarming rate.


Vishing operates like phishing by persuading consumers to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated. Recipients are directed to contact their bank via telephone number provided in the e-mail or by an automated recording. Upon calling the telephone number, the recipient is greeted with "Welcome to the bank of ..." and then requested to enter their card number in order to resolve a pending security issue.


For authenticity, some fraudulent e-mails claim the bank would never contact customers to obtain the PII by any means, including e-mail, mail, and instant messenger. These e-mails further warn recipients not to provide sensitive information when requested in an e-mail and not to click on embedded links, claiming they could contain "malicious software aimed at capturing login credentials."


Please beware; spam e-mails may actually contain malicious code (malware) which can harm your computer. Do not open any unsolicited e-mail and do not click on any links provided.


A new version recently reported involved the sending of text messages to cell phones claiming the recipient's on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.


Due to rapidly evolving criminal methodologies, it is impossible to include every scenario. Therefore, be cognizant and protect your PII. Beware of e-mails, telephone calls, or text messages requesting your PII.


If you have a question concerning your account or credit/debit card, you should contact your bank using a telephone number obtained independently such as; from your statement, a telephone book, or another independent means.


If you have received this, or a similar hoax, please file a complaint at