Multiple phishing scams posing as various Ohio credit unions are circulating. Members and non-members are receiving e-mails and cell phone text messages informing them that their online account access has been suspended. Recipients are given a phone number to call to re-instate their online access (this is how the fraudsters steal their account information and potentially withdraw funds). Credit unions have already had members fall prey to these scams.
If you you have received e-mails and cell phone text messages informing you that your account access has been suspended, here are some recommended actions:
- Report the phishing scam. Contact CINCO Credit Union so that we can report the phishing scam to our regulator and insurer as well as the Ohio Division of Financial Institutions.
- Alert anti-phishing groups. Report the scams to the Federal Bureau of Investigation's Internet Crime Compliance Center at www.ic3.gov, and the Anti-Phishing Workgroup at email@example.com.
Tips for recognizing e-mail scams
Fraudulent e-mails and web sites are designed to deceive you and can be difficult to distinguish from the real thing. You should be suspicious of any e-mail that requests your personal or account information.
Most legitimate companies, including CINCO Credit Union, will never use an e-mail to ask you to provide or verify your personal or account information. If an e-mail asks for this type of information, assume it's a scam.
Identifying a fake (phishing) e-mail:
- False sense of urgency. Many phishing e-mails try to deceive you with the threat that your account will be in jeopardy if it's not updated right away or that it has been compromised. An e-mail that urgently requests you to supply sensitive personal information is typically fraudulent.
- Fake links. Many phishing e-mails have a link that looks valid, but send you to a fraudulent site that may or may not have an URL different from the link. Check where a link is going by moving your mouse over the link in the e-mail and looking at the URL in the bottom bar of the browser. If it looks suspicious, don't click it.
- Misspellings and bad grammar. Fake e-mails often, but may not always, contain misspellings, poor grammar, missing words, and gaps in logic. These types of mistakes help scammers avoid spam filters.
It's more difficult to identify a fake e-mail using the following:
- Sender's e-mail address. To give you a false sense of security, the "From" line may include an official-looking e-mail address. The address may actually be copied from a genuine one. The e-mail address can easily be altered, so it's not an indication of the validity of any e-mail communication.
- Generic greeting. A typical phishing e-mail has a generic greeting, such as "Dear Customer," but legitimate e-mails may use it too. Identifying a fake (spoof) web site
- Deceptive URLs. Some scammers will insert a fake browser address bar over the real one, so it looks like you're on a legitimate site. The words may be slightly altered by adding, omitting, or transposing letters. Even if an URL contains the word "CINCO," it may not be a CINCO Credit Union web site.
Reduce your chances of being victimized:
- Do not use links included in the e-mail. Open a new browser window and type in the URL you know to be correct.
- Do not open attachments. Like fake links, attachments may be used in phishing e-mails and are dangerous. Opening one, even an image or PDF, could cause you to download spyware or a virus.
- Call the company in question using a phone number you know to be correct. The person you speak with will most likely be able to confirm whether they actually need the information and if so, whether you can provide it over the telephone.
- Use anti-phishing software. There are a number of programs available that will check the web address in question against a list of known phishing scams and notify you if the site appears there.
- Update your computer with the latest browsers, upgrades and security patches. Some spoof sites are able to obtain your information through your internet host company's address if you simply visit the site.
If you have responded to an e-mail asking for personal or account information, you should notify your financial institution immediately and keep a close eye on your accounts.
Please contact us if you have questions or we can help you in any way.