NCUA - Malware Laden CDs Sent to Credit Unions through Fake Letters

The National Credit Union Administration (NCUA) has issued an advisory, stating that different credit unions apparently are getting letters that have a pair of CDs containing malware.

Claiming to be sent by the NCUA, the letters canvass the compact discs as containing training materials. But these letters are phony and the CDs containing malicious software.

Each of the letters recommends that credit unions should examine the training material given in the CDs. However, opening of these letters leads to the infringement of computer's security or results in other destructive outcomes.

Moreover, the fake letter's caption purports to be NCUA FRAUD Alert. The letter's text says that on numerous occasions the NCUA has cautioned of 'phishing' scams that involve cyber-miscreants dispatching e-mails, posing as messages from lawful organizations, government agencies, or financial institutions and directing end-users to confirm or resubmit sensitive information like passwords, credit card, bank account and Social Security numbers, and PIN (personal identification numbers). Curiously, this approach can vary due to the use of telephones or 'vishing' that are used more and more to acquire such confidential data from unwitting consumers, the text warns.

The message further states that users are requested to run the accompanying discs since they include vital materials on information and training that relate to risks associated with phishing, vishing and frauds, and methods of protecting credit unions' (CUs) and their members' assets.

In the meantime, the NCUA has alerted that in case anyone gets the package, instead of running the CDs, they must contact the Regional Office of NCUA. The National Credit Union Administration builds contracts with credit unions of the federation and supervises them.

As the NCUA receives support of the US government, it runs and controls the National Credit Union Share Insurance Fund, which consists of almost 90 Million individual accounts within all federal CUs and most of the state licensed CUs. Also, NCUA's funds come from member CUs, not from tax collections.

In the meantime, County Federal alerted consumers of an e-mail phishing campaign, which spoofed the NCUA and provided a web-link that took users to a fake site.

Related article: NZ Researcher Uncovers Hacking Techniques Against Vista

» SPAMfighter News - 9/15/2009