What is phishing?
Phishing (or vishing) is an attempt to obtain sensitive information regarding a consumers account that could be used to fraudulently obtain information, money or loans.
The perpetrators of phishing attempts are trying to fraudulently acquire sensitive information, such as passwords and credit/debit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using e-mail or an instant message, though they are now appearing in phone text messages. Again, these phishing attempts appear to be official, advising that the recipient must take action or something will happen to their account(s).
It is important to note that no reputable financial institution would ask for sensitive data (like social security numbers, PIN codes or account numbers) via e-mail, IM or through phone text messages.
How did the perpetrators get our members’ e-mail addresses?
Phishers use randomly generated e-mail addresses (created through software) or utilize stolen e-mail lists. Some also obtain lists of e-mail addresses that were purchased on the black-market or from reputable companies before the Privacy laws took effect. The perpetrators did NOT obtain members’ e-mail addresses from HSFCU.
How to spot a phishing e-mail?
Phishing e-mail messages, and the websites they link to, typically use familiar logos and familiar graphics to deceive consumers into thinking the sender or website owner is a government agency or a company they know. Sometimes the phisher urges intended victims to "confirm" account information that has been "stolen" or "lost." Other times the phisher entices victims to reveal personal information by telling them they have won a special prize or earned an exciting reward. Look for these red flags in the e-mail:
- It asks you to provide personal information such as your credit union account number, an account password, credit card number, PIN number, mother’s maiden name, or Social Security number.
- It does not address you by your name.
- No confirmation of the company that does business with you, such as referencing a partial account number.
- It warns that your account will be shut down unless you reconfirm your financial information.
- It warns that you’ve been a victim of fraud.
- It contains spelling or grammatical errors.
How can the members reduce their risk to being "phished" in the future?
There is no way to absolutely eliminate the risk of receiving a phishing attempt. The most important thing to remember is not to respond, however, here are a couple of ways to help protect yourself:
- View any e-mail request for financial information or other personal data with suspicion.
- Do not reply to the e-mail and do not respond by clicking on a link within the e-mail message.
- Contact the actual business that allegedly sent the e-mail to verify if it is genuine. Call a phone number or visit a website that you know to be legitimate, such as those provided on your monthly statements.
- Do NOT send personal information (e.g., credit or debit card number, Social Security number, or PIN) in response to an e-mail request from anyone or any entity.
- Be cautious. Check your monthly statements to verify all transactions.
- Forward any e-mail messages claiming to be from HSFCU (or your Visa/Mastercard card issuer) asking you to provide your personal account information to HSFCU.
- Change your e-mail account regularly.
If you received a suspicious e-mail message and you’re not sure if it is legitimate, please report it
Members may obtain additional information regarding this subject from the Federal Trade Commision: http://www.ftc.gov/bcp/edu/microsites/idtheft/