Skip to main content.

Virginia Credit Union Phishing Scam

Most of us have received e-mails that try to trick us into giving out our user name and password.  This technique is called 'phishing'.  There are several such e-mails going around now that are so cleverly crafted that they deserve special notice.  One of the e-mails states that the VaCU system is being updated to protect against phishing.  Others use different ploys. If you receive such an e-mail don't click on any of the links -- instead, forward it to reportabuse@vacu.org.   VaCU will reply back and state if the e-mail is legitimate, or not.  More information can be found here:

http://www.vacu.org/security/report_phishing.asp

Here is the full text of one of the recent e-mails, which is labeled "$99 Member Satisfaction Survey"

Dear Customer,

Now we'd like to know what you think!
Here's your invitation to participate in our convenient, new and easy survey that will improve customer service we provide.

Spare two minutes of your time and take part in our Member Satisfaction Survey.
Helping us better understand how our members feel benefits everyone.

To continue click on the link below:

http://salones.uprm.edu/virginia.credit.union/index.html

Copyright © 2007 Virginia Credit Union League

Here is the full text of another of the recent e-mails, which is labeled "URGENT!":

You have one new message at Virginia Credit Union.

INBOX ( 1 )

From: Customer Service
Date: 20/06/2007
Subject:  Virginia Credit Union Official Update Notification.

In order to read the message CLICK HERE TO CONTINUE to
 Virginia Credit Union MAIL section.

Virginia Credit Union ,

Copyright © 2007,  Virginia Credit Union . All rights reserved.

Virginia Credit Union References

Here is another recent version:

Dear Virginia Credit Union Member ,

Due to the recent phishing attacks targeting Virginia Credit Unionwe are currently launching
a new security system that will improve the level of member service we can provide to you.
In order to update your account and benefit from new facilities,CLICK HERE.

To login to your online account please CLICK HERE

To enhance the security when accessing your on-line accounts, Virginia Credit Union has
implemented an additional layer to our on-line security system.

You may be requested to answer security questions in order to complete your log in to Virginia Credit Union Online Banking.

Failure to authenticate your account may result in account malfunction, slow online experience or your account will be suspended.

Please do not reply to this message. For any inquiries, contact Member Service.

Copyright © 2007 Virginia Credit Union. All rights reserved.

The links in the e-mail point to web sites that are in no way affiliated with VaCU.

There are varying forms of this e-mail -- verify with VaCU before you respond to any.

If you received these e-mails AND entered information on any page linked from the message, immediately contact your financial institution and/or credit card merchants.  If you are a member of Virginia Credit Union, please contact VaCU immediately at 800-285-6609 or 804-323-6800.

BACKGROUND: What is Phishing?

Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: They go phishing.

Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to update or validate your account information. It might threaten some dire consequence if you dont respond. The message directs you to a Web site that looks just like a legitimate organizations site, but it isnt. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC, the nations consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies dont ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the companys correct Web address. In any case, dont cut and paste the link in the message.

Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organizations Web site, look for indicators that the site is secure, like a lock icon on the browsers status bar or a URL for a website that begins https: (the s stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.

Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.

A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. Its especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software patches to close holes in the system that hackers or phishers could exploit.

Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov.

If you believe youve been scammed, file your complaint at www.ftc.gov, and then visit the FTCs Identity Theft Web site at www.consumer.gov/idtheft to learn how to minimize your risk of damage from ID theft.

Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam.

If there are any questions on this, or other computer security related matters, please contact Clay Calvert, Director of Information Technologies Security, at 286-8122 or ccalvert@umw.edu .