Credit Unions Target Corporate Identity Theft

Print

Updated 9/21/2005

Beware of the Latest "Phishing" Scam.

Provident Credit Union has received an alert regarding the latest identity theft e-mail scams (a.k.a. "phishing" attacks) and we want to pass this important information along to you.

These fraudulent e-mails are sent by would-be identity thieves claiming to be government agencies. Recipients are directed to Web sites and asked to "verify" sensitive personal and financial information such as account numbers, Social Security Number, credit card numbers, etc. Though these Web sites look like the official sites of the government agencies they are professing to be, they are nothing more than tools for identity theft and credit card fraud.

These high-tech "phishing" schemes try to trick consumers into revealing personal information due to the fight against terrorism or some other "legal requirement." Don't fall for it!

The Most Common Phishing Method

Usually the scammers try to make their e-mails look like they are coming directly from a financial institution, such as a bank, and attempt to convince you to click on a link in the e-mail to "update your information" or even to perform some action that will protect you against phishing. The links in the e-mail however, lead to a site that looks just like that institution's online banking sign-on page, but isn't. If you actually follow the link and sign on, you will be sending your sign on information to the scammer, not the expected financial institution. The scammer can then use that info to sign onto your account, and look for credit card numbers or other information to help them steal your identity.

Protect Yourself

We can't emphasize this enough: Never respond to any e-mail requests that ask you to provide such information, and never ever send private account information in a regular e-mail. Your good name and good credit depend on it. While these phishing scams are usually targeted at larger banks (in order to maximize the number of the spammed e-mail recipients that actually have accounts with those banks), there is nothing to stop them from targeting credit unions too. Follow these guidelines, and avoid being fooled:

• Be suspicious of e-mails arriving unexpectedly asking you to sign on by clicking a link.
• Provident Credit Union will never send you an e-mail saying that your account will be shut down if you don't sign on.
• If you are not sure about the e-mail's validity, type the address manually in your Web browser instead of clicking on the link in the e-mail.
• If you do arrive at a site by clicking a link in an e-mail (such as the e-Statement notifications we send out to e-Statement users at the beginning of each month), you should confirm the address in your Web browser (sometimes the address will look correct in the e-mail, but will then lead to somewhere else). Real Provident Credit Union address links all begin with "https://accountmanager.providentcu.org/", "http://providentcu.org/", or "http://www.providentcu.org/" (or you may substitute ".com" or ".net" for ".org"). The last slash ("/") may be omitted if there is nothing following the "providentcu.org" part in the address.
• Don't assume that it can't happen to you. These phishing e-mails get sent out via enormous spam lists, and sooner or later you are likely to get one that looks convincing and pretends to be from a bank or credit union that you use. A large amount of healthy skepticism is your best defense.
• Sign onto Account Manager frequently and check your balances and transaction history. This will help you spot any suspicious activity in your account. If you see something suspicious, contact Provident Credit Union immediately.
• If you want to communicate electronically with Provident Credit Union about your account, the best alternative to regular e-mail is the "Secure E-Mail" feature of Account Manager. This is completely safe because all communication is encrypted and authenticated. To send Provident a secure message, sign onto Account Manager online banking and click on "Secure E-Mail" from the navigation bar on the left side of the window, then click on the "Compose New" tab. When Provident replies to you (usually within 24 hours), you will see a flashing envelope in the navigation bar, which you can click on to read your response.

If you have any questions, please give us a call.

For more detailed information or to report suspicious e-mails, visit the Federal Trade Commission's Identity Theft Web site at www.ftc.gov/idtheft. You can also read a press release on this subject at www.ustreas.gov/press/releases/js1130.htm.