Kentucky’s Commonwealth Credit Union Members Become Targets of Hoax E-Mail
The Security Professionals at Kentucky revealed that members of the Commonwealth Credit Union are receiving fake e-mails telling them that their accounts has been blocked and they need to verify sensitive details to reinstate access. But, if any recipient responds to the e-mail, it could enable the sender to access his/her account.
Meanwhile, the Office of Attorney General has received around ten calls from the members of the credit union after they got the fake e-mail. However, no recipient has responded with any information so there isn't any report of victimization yet.
Also, the Commonwealth Credit Union has confirmed that it did not send any such e-mail. The e-mail takes recipients onto a spoofed site that looks genuine but asks users for their full names, zip codes, e-mail ids, ATM PIN numbers, and debit card details along with their security codes. The hoax site's URL is http://www.ccukly.org although it apparently resembles the actual URL, https://www.ccuky.org.
Gloria Thomas, Specialist in Credit Union Fraud and Loss Prevention, said that the phishers need to make their scam appears as official as possible, as reported by State-Journal on June 20, 2008.
Thomas also explained that the current phishing attacks do not indicate any personal information theft from the Commonwealth Credit Union. The perpetrators are targeting employees of the state, assuming that they too might have membership with the Union. The scammers have been using the stolen information to conclude that anyone having an e-mail id ending with ky.gov was possibly a member of the credit union.
The perpetrators have downloaded public information from the Internet to compile an e-mail address list of the state employees.
Besides, Jack Conway, Attorney General for Kentucky said that consumers, who receive the scammers' e-mail, should not click on links or call telephone numbers included in the phishing e-mail, as reported by State-Journal on June 20, 2008.
Meanwhile, according to the officials, the Commonwealth Credit Union has renewed efforts to secure members' information through independent auditing, ongoing training and implementation of best practices.
It has also decided to use other agencies' services to close down the hoax Websites and to block the contact numbers used in the attacks.
Related article: Kentucky State Police Issued Warning of E-mail Scam
» SPAMfighter News - 07-07-2008