Interesting Phishing Attempt
April 7, 2008 by Ron Shevlin
I received the following phishing attempt a few days ago:
Dear NCUA Credit Union Member,
Recently, there have been multiple e-mail fraud attempts, known as “Phishing”, that were initiated via e-mail sent to both the general public and some credit union members, that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.
The National Credit Union Administration (NCUA) and US Government developed a project to protect your bank account and credit card against internet fraud, but for this we need your help. You just have to register with us. This project is optional, but we strongly recommand you to register with us. Activating the protection and safeguarding your credit card will charge you 0.0
Click the link bellow to start your session: (nothing).https://secure.ncua.gov/shareinsurance/ccprotection/fx?id=NCUA
Protection will be activated within 20 minutes after you fill in the form with your information. Please remember the protection number you will receive, it may be required when using internet banking. Thank you for helping us by registering here!
Best Regards,
National Credit Union Administration (NCUA) Department.
The sender was ostensibly CUNA, yet it was “signed” by the NCUA (who I don’t believe considers itself a “department”). What’s interesting here is that the perpetrator isn’t even pretending to be a financial institution, but a regulatory board. A phishing attempt that purports to educate the victim about phishing!
By the way, in the unlikely event that this is a legitimate email, I would just like to let CUNA or NCUA know that “recommand” is misspelled — it’s “recommend.”
Ron,
The credit union I work for, Telephone Workers’ Credit Union, has been the target of multiple phishing attacks in the past and can attest to the creativeness and quickness of these attempts. They change up the message and link so quickly, it is very hard to keep up and alert our members to each specific attempt. Also frustrating is the fact that most of these attempts originate outside the US and there is no way to apprehend these criminals, at least as far as I know. The best I can do is report it to the authorities, which I encourage everyone to do. I use a website named phishtank.com. Another is antiphishing.org.
Ron - it’s interesting that you point out their misspelling of the word recommend. I often find a clear clue in these kinds of messages is an awkward use of the English language. In the message they sent you, for example, they say, ” . . . you to register with us.” As Mark points out, these attempts originate outside the US and many times it shows.
@kristi: yes. I find the English in many phishing emails to be not so good. (I truly truly hope this isn’t offensive to anyone, but every time I read a phishing email, I read it in my head with Borat’s accent).
@mark: Thanks for mentioning that your CU has been a victim of these attempts. For a long time (not sure if its still true) many execs at smaller FIs thought they would be under the radar for these attempts. I definitely do not think that any FI is too small these days. And as the attempt in the email in the post shows, it really doesn’t matter. A potential victim is going to end up telling the phisher which firm the bank with/belong to.