Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords.  In phishing, also known as "brand spoofing", an official-looking e-mail is sent to potential victims pretending to be from their Internet Service Provider, credit union, bank, or retail establishment.  E-mails can be sent to people on selected lists or on any list, often obtained illegally, and the scammers expect that some percentage of recipients will actually have an account with the real organization and believe the fraudulent message to be valid.

 

Vishing, also called "VoIP phishing" for internet phones, is the voice counterpart to phishing.  Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call.  The call triggers a voice response system that asks for the user's card number or other personal or financial information.  The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.  In either case, because people are used to entering card numbers over the phone, this technique can be effective.  Voice over IP (VoIP) is used for vishing because Caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time to prevent tracing.

 

Smishing (SMS phishing) is the mobile phone counterpart to phishing.  Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device (smart phone or PDA, for example) with some ploy to click on a link.  The link causes a Trojan to be installed in the cell phone or mobile device.

 

This new scam occurs when the phisher creates a letter and sends it through the mail to individuals asking them to respond by calling a phone number.  The phisher outlines in the letter that the individual must respond for his or her own protection.  This scam is used in conjunction with the other phishing channels to steal valuable personal and financial information from the individual receiving the letter.

 

 

♦First, keep up-to-date on the latest scams by visiting CPFCU's Fraud Protection & Alerts page from time to time, and watch the lobby of your favorite branch office for brochures and information.

 

♦Second, visit CPFCU's free Anytime Adviser ID Theft Coach for interactive tutorials on identity theft.

 

♦Next and always, if you receive a message claiming to be from your financial institution and asking for personal financial information, NEVER respond to the message.  Instead, contact your financial institution (at a number you know is legitimate - NOT the number on the Caller ID) to report the incident and receive further instruction.

 

♦NEVER open unsolicited e-mails or text messages, or click on links in unsolicited e-mails or messages.

 

♦Monitor your financial and/or credit accounts on a regular basis.  Read your statements monthly.  View your CPFCU accounts online through our secure Virtual Branch service, or set up account alerts through our free Mobile Money service, and notify the credit union or other account holder of any unauthorized or suspicious transactions as soon as possible.

 

♦Contact your wireless or Internet service provider to report any unwanted or unsolicited messages.