Credit Union warns customers of scam
Someone 'phishing' for funds
By Bobbi Mlynar
Wednesday, August 1, 2007
A Web site on the other side of the world apparently is "phishing" for funds in Emporia.
Angie Miller, manager of the Emporia State Federal Credit Union, said that she was alerted to the scam this morning before 8 a.m. The credit union is not conducting an online survey of customers and is warning its customers not to respond to any e-mail requesting personal banking information.
An Emporia school district employee notified Miller this morning that he had received an e-mail that appeared to be phishing for access to his credit union account or his credit card.
Phishing is a criminal activity in which someone attempts to acquire sensitive information -- user names, passwords, credit card details -- by masquerading as a trustworthy entity in an electronic communication, according to Wikipedia.com. PayPal, eBay, and online banks commonly are targets.
This morning's e-mail invited recipients to receive $80 for taking part in a survey. The link containing the survey appeared to be legitimate.
"They stole the banner off our Web site and they stole our logo off the Web site," Miller said. "It looks legit."
The five-question survey asked participants to rate recent changes to the Emporia State Federal Credit Union Web site, and asked for an e-mail address, account number and password to "credit" the participant's account. An option was given to receive the $80 as a credit to a credit card account by filling in credit card number, card certification value, expiration date, and personal identification number.
Miller said that the credit union's true Web site carries a caution about responding to any type of request for personal banking information.
"We never ask you for your Social (Security number) or your PIN. But then again, when you receive something that looks so real..." Miller's voice trailed off.
A clue that the survey was not legitimate was found in the fourth question, when the sender apparently forgot to clear away evidence of his or her last phishing expedition. The question asks: "What do you think about your private information, are (sic) in very safe hands with Sun National Bank?"
One credit union customer already has responded to the phony e-mail and provided the information requested.
"We went into their debit card information, and that had not been sold or used at that point," Miller said. "We completely shut down the debit card."
Nancy Horst, community relations coordinator of the Emporia school district, sent out a district-wide e-mail to warn employees of the scam, and Miller notified Emporia State University, which has blocked the Web site. The school district and Emporia State University are two major sponsors of the credit union.
A scam alert also has been posted on the front page of the credit union's own Web site.
The credit union will deal with problems resulting from the scam on a case-by-case basis.
"We're doing everything we can to mitigate any lossses," she said.
People who choose to provide credit card information will have limited responsibility as defined by the credit card company.
Miller said that the credit union has hired a company to take down the phony Web site, which should be completed later today. During that work, they quickly learned the source of the scam.
"To see that the Web site's hosted in Tokyo, that's really amazing," she said.