This fraud alert is to inform CapEd members about a recent phishing attempt to obtain their credit card account numbers, expiration dates and electronic signatures. In cases reported to NCUA, the perpetrator(s) sent fraudulent e-mails, representing to be from the NCUA, to credit union members and the general public. The emails state the NCUA will add $50.00 to the member’s account for taking part in a survey. The link embedded in the message directs members to a counterfeit version of NCUA’s website with an illicit survey that solicits credit card account numbers and confidential personal information.We are highly concerned about the risk of imitating the NCUA website and the use of the NCUA official logo to potentially make the scam appear more authentic to unsuspecting members. Neither NCUA nor CapEd will ever ask credit union members or the general public for personal account or personally identifiable information as part of a survey. Any e-mail that alleges to be from NCUA and asks for account information is fraudulent and should be treated as suspicious. NCUA has taken steps to shut this site down, but credit union members should remain alert to possible variations of this fraudulent e-mail.
CapEd management will remain vigilant and instruct employees to monitor and identify any fraudulent activities due to this phishing attempt.
Members who clicked on any of the e-mail links should consult with a computer security or anti-virus specialist to assess the need to re-install a clean image of the computer system. CapEd also encourages members to take the following additional precautions:
- Scan affected computers using updated anti-virus software.
- Enable automatic updates for anti-virus software and computer operating systems.
- Install security patches for common software applications promptly.
- Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software.
- Do not open unsolicited or unexpected e-mail attachments.
- Do not follow Web links in unsolicited e-mails from apparent federal banking agencies, instead, bookmark or type the agency’s Web address.
- Call the agency using a known and appropriate telephone number to verify the legitimacy of the message and attached file.
Members affected by this scam, and variants of this scam, are advised to forward the entire e-mail message to Phishing@ncua.gov. Additionally, formal complaints concerning any suspected fraudulent e-mail can be filed with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.