Phishing is a type of fraud that uses e-mail to direct you to fraudulent (but very real-looking) web sites. The e-mail tries to convince you to click a link to the site and enter your personal information, which will then be used for criminal purposes.
Phishing attack methods are constantly evolving. Instead of e-mail, newer variations may use automated or live phone calls or even text messages to your cell phone to reach you, and might direct you to call an electronic phone system to gather the data.
DNCU will never call or e-mail its members to request personal information.
Recognize phishing messages
Phishing messages try to induce you into revealing your account information in many different ways, including:
- Threatening to restrict or block access to your account if you do not verify certain facts or "renew" your account.
- Offering to deposit money into your account upon completing a survey
- Advertising promotions or contests, which require you to "register" your account information in order to enter.
- Warning of suspicious activity on your account and asking for confirmation.
- Asking you to update your information to provide enhanced security.
Common signs of phishing messages
There are usually a number of visual clues you can use to further identify a fraudulent e-mail message.
- Look for misspellings and other typographical anomalies ... although this clue is less common now that crooks have gotten more sophisticated.
- Before you log in to any secure site, check to make sure the Lock or Key icon is displayed in your browser. These symbols indicate that the page you are using will encrypt data sent from your computer. Most spoofed Web sites are located on servers that do not display this icon (although some are now getting tricky and hoping to fool you by incorporating the lock or key imagery into the web page itself).
- Confirm the Web address (URL) in the location bar of your browser before entering personal information. It should begin with "https".
Phishing scam examples
Fraudulent e-mail messages take many forms. The content of the messages varies, but typically includes a link to a web site asking for personal information. Some versions include a phone number to call that connects the member to a voice mail system to gather the data.
Text message scam
Cell phone users may receive unsolicited text messages claiming their account has been suspended. They are directed to call a number provided in the message where personal information will be collected for fraudulent purposes. Unsolicited text messages should be immediately deleted without responding.
Trojan horse phishing scam
In this phishing variant, a malicious program is hidden in an innocent seeming message. A program hidden like this is called a "Trojan horse". In one example, business executives and managers are targeted by an e-mail claiming to be from the Better Business Bureau (BBB). The e-mail poses as a complaint notice filed against the company. When the link is clicked to download "complaint details," a program is downloaded that attempts to steal information from their computer.
What to do if you receive a suspicious message
Don't click that link! If you do not respond to a phishing e-mail, you won't compromise your personal information. DNCU will never request personal or account information by e-mail or phone unless the transaction is member initiated.
Additional steps to protect yourself:
- Never click on a link or attachment in a message from an unverified source.
- Confirm the phone number. Do not rely on any phone numbers in the message itself.
- Be skeptical of any unexpected e-mail message that encourages you to take quick action. Phishing messages often encourage urgent action, either to avoid some inconvenience or negative consequence, or to gain something with a limited time offer.
- Enable junk e-mail filters.
- Use a current web browser, and keep your computer and browser up-to-date with the latest security patches.
- Keep anti-virus and anti-spyware tools up to date.
- If your operating system includes firewall software, make sure it is active. Consider an inexpensive firewall device, especially if your computer is always connected to the Internet, as is the case with most cable, DSL, or other broadband connections.
- If you receive phishing messages, file a complaint at www.ic3.gov.
What to do if you've submitted personal information in response to a fraudulent message
Call the Member Service Center right away to speak with a Member Service Representative about the kind of information that was revealed (877) 818-DNCU.
Remember: DNCU will never call or e-mail its members to request personal information.