HoursLocations • 800.237.5087 • 512.836.5901 Open An Account 
Search the site
Live chat by SightMax
Account Choices Checking Loans Investing & Saving Business & Commercial Rates Service & Programs About Amplify  
 
 

Phishing Scams Continue to be a Problem

 

The days of phishing aren't over.  On the contrary, consumers continue to be tested.  In fact, more than 58 percent of PC users receive at least one phishing e-mail a day, according to results from a 2006 Web poll of business PC users conducted by Sophos, an Internet security company.  With phishing scams continuing to increase, it’s important for consumers to informed and know how to spot them. The latest example to go around purports to be from the NCUA (National Credit Union Administration) and looks like this:

  

To: undisclosed-recipients: 
Sent: Wednesday, April 11, 2007 8:44 PM
Subject: Official information for all Federal Credit Union


Dear Sir/Madam,
National Credit Union Administration always look forward for the high security of 
our clients. Some customers have been receiving an email claiming to be from NCUA 
advising them to follow a link to what appear to be a NCUA web site, where they 
are prompted to enter their personal Online Banking details. NCUA is in no way 
involved with this email and the web site does not belong to us.


Actually, we are performing security improvements of our banking community and 
enforce customers to register their sensitive information for an additionally 
created free security service to prevent any fraudulent activity against their 
assets and savings. We, hereby ask you to respond within few hours of current 
notification and Confirm Your Credit or Debit Card via our SSL protected website 
to apply for this service absolutely for free, otherwise your account(s) may 
not process posted transactions correctly and on time.


Please visit us to Confirm Your Credit or Debit Card


J. S. Smith
Security Advisor
NCUA PLC. 


Please do not reply to this e-mail. Mail sent to this address cannot be answered. 
For assistance, log in to your FCU or CU Online Bank account and choose the "Help" 
link on any page.

 

Obviously, this email does not come from the NCUA! It is, in fact, a scam that tries to get you to enter your credit card information.

 

Consumers should be leery of e-mails that ask for sensitive information.  It's most likely a phishing scam trying to trick you into revealing financial information.  Following are clues that might suggest a phishing scam:

  • Greeting does not mention the customer's name
  • Contains misspelled words
  • Implies a sense of urgency or demands immediate attention
  • Attempts to scare recipient to react quickly
  • Threatens account deactivation
  • Entire body of e-mail is an image
  • Asks recipient to click on a link in the e-mail

To avoid getting hooked, the FTC recommends:

  • If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email.
  • Use anti-virus software and a firewall, and keep them up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
  • Don’t email personal or financial information. Email is not a secure method of transmitting personal information. Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.

If you suspect you’ve received a phishing scam, Forward spam that is phishing for information to spam@uce.gov and to the company, financial institution, or organization impersonated in the phishing email.  Most organizations have information on their websites about where to report problems.

 

If you believe you’ve been scammed, file your complaint at ftc.gov, and then visit the FTC’s Identity Theft website at www.consumer.gov/idtheft.  Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk.

Security Alert 12/11/06: Yet another "phish" email scam, purporting to be from AMPLIFY:

From: security@amplify.com
Sent: Monday, December 11, 2006 9:18 AM
To: cumail
Subject: Amplify - Important Notice


Dear Amplify member,

We regret to inform you, that we had to lock your Amplify Online Access because we have reasons to believe that your account may have been compromised by outside parties. In order to protect your sensitive information, we temporally suspended  your account.

To reactivate your account, click on the link below and confirm your identity by completing the secure form what will appear.

https://www.goamplify.com/cu3/?Func=SSignOn&ScreenID=

We have seen unusual attempts for logging in regarding your personal account, therefore this confirmation regarding your account it’s only for security reasons.

Thank you for your time and consideration in this matter.

Have questions? Our online help screens provide answers to many frequently
asked questions. You can also click the Customer Center tab then go to the
Contact Us page to find a list of helpful numbers to call.

Please do not reply to this automatically generated e-mail.

We know you have a choice of banks. Thanks for choosing ours.

Sincerely,
Amplify Online Banking Team,


This email does NOT come from AMPLIFY, and the link in the email does not lead to AMPLIFY's web site. We will never ask you to verify information in this manner to avoid "suspending your account".

 

We contnue to receive reports of new attempts to steal credit card or account information. Here's another, received from Visa:

 

We wanted you all to be aware of a new phishing scam that appears to be coming from Visa, but in reality Visa will never ask for cardholder information.

 

Cardholders could receive an email (from VisaServices@visa.com or Visa@visa.com or something similar) that states something like this:

 

Good afternoon, unfortunately some processings have been cracked by hackers, so a new secure code to protect your data has been introduced by Visa.

You should check your card balance and in case of suspicious transactions immediately contact your card issuing bank. If all transactions are alright, it doesn’t mean the card is not lost and cannot be used. Probably, your card issuers have not updated information yet. That is why we strongly recommend you to visit our web-site and update your profile otherwise we cannot guarantee stolen money repayment. Thank you for your attention. Click here and update your profile.

 

If anyone receives an email of this nature please email it to phishing@visa.com. This way we can track where hackers are setting up these bogus email addresses, and we can shut them down immediately.

 

Previous Scams

 

If you receive an email claiming that your online account security has been compromised, or that your account access has been revoked, please be aware it is fake, and is an attempt to steal your credit card information.

We have received multiple copies here at the CU starting on January 27th, and it is possible you will get it too. It looks convincing, it has the right logo, and even uses good grammar. The site to which you are directed is a direct copy of the AMPLIFY website.

It is worth noting that these scammers apparently harvested email addresses from the AMPLIFY.com website, as several staff members who's address appears on the site received the email. Since AMPLIFY does not store Member email addresses on our web server, the scammers DO NOT have access to AMPLIFY Member email addresses. No doubt this scam will be sent to millions of email addresses around the world, so by pure chance some Members may receive it.

To repeat:

 

It is not from AMPLIFY!!! DO NOT visit the link contained in the email. The link takes you to a "stolen" version of our website and tries to steal credit card information when you log in. In addition, it appears the site attempts to install "malware" on your PC. If you visited the site, you should scan your system with a product such as AdAware or Spybot Search & Destroy.

AMPLIFY will never ask you for credit card information in this manner. If you provided your information to these scammers, please contact AMPLIFY immediately for assistance.

 

The IRS "Dirty Dozen" List for 2006

Also of note is the fact that "Phishing" has made the Dirty Dozen list from the IRS, as the third most common scam during tax season. For more information, please visit this IRS website:

http://www.irs.gov/newsroom/article/0,,id=154293,00.html

As they used to say on a famous TV show, "Let's be careful out there!"