HVFCU’s first priorities are to provide warning to our membership, to look for and stop any fraudulent account activity, and to get fake websites taken down. HVFCU posts warnings on our website and phone system whenever a phishing attempt has occurred. (When a warning is posted on our website, it will appear in a special alert box at the very top of the page under the menu options.) We work with various entities, including Internet Service Providers, domain registrars, website owners, and law enforcement, to get the fake websites taken down as quickly as possible to prevent members from disclosing personal account information.
HVFCU cooperates with law enforcement in trying to stop these criminals, but there are many factors that make it difficult to stop phishing from reoccurring. The phishers are usually from foreign countries and the servers that they exploit to send the phish emails and to host the fake websites are usually in different foreign countries. The owners of the compromised servers are usually unwilling victims, unaware that their system is being used in a crime. Most phishers never access a phish site or the email address they use to gather account information directly from their computers, but go through multiple relays or compromised systems that are in different countries. Combined with the huge number of phishing schemes perpetrated every day, investigating and tracking down the origin of each phish is a daunting task for law enforcement and there are issues with cooperation among multiple countries. Phishers know this and use it to their advantage. It is also important to note that there are many groups behind these phishing scams and every time one is stopped another seems to quickly take its place.
HVFCU is working on additional security features that will make phishing more difficult. We will communicate new features through normal means of communication and will never do so in an email.