A full service financial
cooperative proudly serving
Federal employees in Wisconsin

Federated Family Credit Union
Phone: (414) 278-7220 
Fax: (414) 278-0890

Main Office
626 E. Wisconsin Ave., Ste 102
Milwaukee, WI 53202

Illegal Phishing schemes target credit unions

The NCUA (National Credit Union Association), CUNA (Credit Union National Association), and several credit unions are the subject of illegal phishing messages e-mailed to credit union members. The goal of this phishing scheme is to illegally collect User Name and Password information. Both CUNA and the NCUA are warning people who receive the e-mails: do not to clink on the link to the fake Web page; instead you should delete the message immediately.

NEVER click on a Website link in a message that's telling you that the organization's information is slightly out of date or incomplete.

These fraudulent messages typically use graphics from the real credit union's  Website. The phish message says that "during our regular accounts verification, it has come to our attention that your credit union account may be slightly out of date or incomplete. This irregularity can and must be fixed through the our Conformation process that takes 10 minutes to complete and involves logging in and confirming your identity over a secure connection" at the link.

The phish message also warns that disregarding the notification means the member's account might be restricted, and the member won't be able to access the account online, pay their monthly bill online, review and download monthly statements or request a credit line increase or change of address.

LOSS PREVENTION RECOMMENDATIONS

• Do not open suspicious messages - delete them immediately.  
• Report the incident to Internet Crime Complaint Center www.ic3.gov
  [external link disclosure]
• A good resource for this topic is Anti-Phishing Working Group at www.antiphishing.org/index.html [external link disclosure]

Per Credit Union policy, FFCU will NEVER solicit personal or private financial information from you via e-mail.

Don't Get Hooked by a Phishing Attack

If you have Internet access, you may be under attack -- a phishing attack, that is. This high-tech scam involves three components: 

• Spoofing is creating a replica of an existing Web site.
   
• Spamming is unsolicited, or "junk" e-mail.
   
• Phishing is the act of using spoofing and spamming to lure unsuspecting victims, hoping to deceive you into disclosing your Social Security number, credit card and checking account numbers, passwords, or other sensitive information.

The Federal Trade Commission recommends the following tips to help you avoid getting hooked:

1. If you get a pop-up or e-mail message requesting personal or financial information, don't reply or click on the link in the message. Legitimate companies won't ask for this information.

2. Be cautious about opening attachments or downloading files from email messages.

3. Never send personal information via e-mail. Look for a closed padlock at the bottom of your browser window, or a URL that begins with "https"--the "s" stands for secure. However, some phishers forge these security icons.

4. Review statements for accuracy as you receive them. If they're late, call the company to confirm billing address and balance.

5. Use antivirus software and keep it up-to-date. Run a firewall, particularly if you have a broadband connection. Take advantage of free software "patches."

6. Report suspicious activity to the FTC at www.ftc.gov, and forward suspicious messages to spam@uce.gov.
   [external link disclosure]