Below are a few examples of the types of phishing scams that are floating around online. This list is not all inclusive and is meant to provide some familiarity with these types of scams.
- Vishing – Voice Phishing – Identity thieves send spam that warns victims that their credit union/bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details. The automated voice message says something like: “Welcome to account verification. Please type your 16-digit card number.” The goal is to get you to enter your credit card number.
This type of fraud is particularly harsh because it imitates the legitimate ways people interact with financial institutions. In fact, some vishing attacks don’t begin with an email. Sometimes they begin with telephone calls, in which the caller already knows the recipient’s credit card number. This increases the perception of legitimacy, allowing the caller to easily ask for the valuable three-digit security code on the back of the credit card.
- Customer Survey Phishing Scam – The spam email starts with something like: “The Online department kindly asks you to take part in our quick and easy 5 question survey. In return we will credit $50.00 to your account – Just for your time!” The email goes on to describe how it only takes two minutes and that your answers will help them. The catch, of course, is that in order to credit your $50 reward, they need your credit union or bank User ID and password, as well as your credit card number, expiration date, three digit security number, Social Security number, ATM PIN Number, zip code, mother’s maiden name, and /or email address.
- Credit Union Phishing Scams -Phishing scams pertaining to credit unions in particular often operate under the guise of being some sort of security alert from a credit union and may be from false identities such as “America’s Credit Union”, “Credit Union”, or [email protected]". Some scams have even used the “America’s Credit Unions” logo to provide legitimacy.
As a reminder, HVFCU, CUNA, and NCUA would never send you an email soliciting your personal, confidential information. If you receive any emails like the ones mentioned above, you should delete them.
- Credit Card Purchase Notice – A typical email reads, "We have just charged your credit card for “xyz” service in amount of “$xyz”, which of course, you didn’t authorize. You are then given two options: to enter your credit card number (and expiration date) or to press “No”. Naturally, entering your card number and pressing “Yes” sends your information to the malicious person behind the scam – and approves the charge. But clicking “No” also has an undesirable effect – it lets the sender know they’ve obtained a valid email address – one they will use for spam and scam campaigns in the future.