I know I’m on furlough, but I got the best e-mail from someone named “Your Federal Credit Union” at firstname.lastname@example.org and had to take a look. It got through Gmail’s spam filters somehow, so it has to be legitimate, right? In a word, no. It was sent to the address I have posted in the sidebar to elicit comments (see the section labeled about me), and I have never registered anywhere using that address, nor have I given it to anyone. I’ve simply displayed it there at the right. The e-mail was as follows:
Dear Federal Credit Union account holder,
This is a part of our security service measures, we regularly screen activity in Federal Credit Unions (FCU) network.
We recently noticed the following issue on your account: A recent review of your account determined that we require some additional information from you in order to provide you with our secure services.
Case ID Number: FCU-065-617-349
In accordance with NCUA User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if the access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to take 3-5 minutes out of your online experience and update your personal account records as soon as possible to help avoid this. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account.
Visit the link below and fill out the form on the following page to complete the verification process.
We apologize for any inconvenience.
Sincerely, NCUA Account Review Department
If one were to click on the link to what might appear to be the National Credit Union Administration, they would be taken to a site that looked a whole lot like this1. Compare it to the actual NCUA Website and you might notice subtle similarities2. This is a good trick to make one think he’s actually at a valid website, and it actually does exactly that. The reason phishers are so successful is that apparently no one reads the news or warnings about phishing attacks and believes everything they read in e-mail, even if it’s from email@example.com, is quite vague, and has something to do with their personal account at a credit union. Not to mention it was supposed to be from the National Credit Union Administration, (a United States bureaucratic organization) but the link in the e-mail led to //kokoroplanet.jp/NCUA/ (a domain reserved for an individual or company within Japan) and the clicker actually ended up at //184.108.40.206/NCUA/ (a server traced to somewhere in Italy).
I think someone said one time, “Fool me once, shame on you. Fool me twice, shame on me.” That shouldn’t even be a valid statement, given the warnings we see every day and the stories we hear about stolen identities and empty bank accounts. The new saying should be “Few will be first, but no one should follow.” I have posted on phishing at least two other times at this site. Microsoft and Mozilla work hard to try to warn users about these sites as soon as they’re reported. ISPs and governments work together to try to shut down the server hosting the fraudulent site. All of these efforts are greatly appreciated and benefit the public, but none of it would be necessary if we’d just pay a little more attention.
I’ve noticed that many people who ask my advice never attentively listen to my answer or explanation, and then just shrug it off with a “hum” when I come to a point. They never realize just how important it is that they know what I am telling them, or how dangerous things can be if they’re ignorant. If you think your credit’s shaky with the $300K home and the new Escalade, wait until you type your Social Security number into the wrong form on the web and send it to a twenty-something in Zheleznodorozhnyy, Kaliningradskaya3.
Heed the warnings, people. I just wish I could get some good spam lists and send this letter to everyone on them.
1. If they make me take that page down, I’ve also printed it for you.
2. Actually, they’re not similarites – all of the sidebar content and images are actually provided by the NCUA website. The phishermen just took the NCUA page as a template, inserted the form for the victim, and posted the page at their site.
3. Zheleznodorozhnyy is a real city. You won’t really see it, but this points to the metropolis, pop. 2963.