Phishers Spoofed DNCU Website And Sent Fraudulent E-Mail
A phishing scam victimized many PC users in Los Alamos this week. They received e-mails that said DNCU (Del Norte Credit Union) accounts stood suspended, therefore requesting users for information about their private account. Lamonitor published this on April 7, 2007. One such e-mail reached Police Det. Shari Mills, Los Alamos, who reported the scam to the Monitor. When she contacted DNCU she discovered the e-mail to be fraudulent.
The e-mail asks its recipient to verify his/her account via a link it provides in the message body. The hyperlink visible to the reader contains the word "here". As soon as the user clicks on the hyperlink, he/she automatically moves to a phishing site. The phishing site's URL, http://www.power-web43.net/www.dncu.org/index.html becomes visible on the 'status bar' by just hovering the mouse over the link. It is also visible by seeing the e-mail via Notepad.
The spoofed URL takes the recipient to a website that reflects an absence of security as the 'lock icon' does not appear in the 'status bar'. The protocol for the website is also missing. Although there is a close resemblance between the fraudulent website and the actual login page of DNCU, the phishers have cleverly disguised the spurious URL in the 'address bar'. That makes it possible for the user to recognize the illegitimate website. The phishing site instructs to authenticate by providing username and password.
A similar phishing incident occurred in October 2006, said Guy Lisella, DNCU vice president for marketing. He presented a supporting press release that Chuck Valenti - the CEO with DNCU wrote, which said those e-mails were spurious and that the FBI had been notified. Lamonitor published Valenti's statement on April 7, 2007.
Valenti explained to customers that DNCU would never request private account information from its members. Users should avoid clicking on e-mail links or giving out their financial information to any e-mailer or caller over the phone. Lamonitor published Valenti's statement on April 7, 2007.
DNCU assured members that the scam did not compromise the credit union's databases. DNCU has notified it members about the scam via e-mail at addresses it has in its files.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 13-04-2007