NEW PHISHING ATTACK AGAINST CREDIT UNIONS

We have been informed that a new phishing attack involving our government regulator, NCUA is under way.  It is an attempt to obtain member credit card numbers, expiration dates and electronic signatures.  In cases reported to NCUA the perpetrator(s) sent fraudulent e-mails, representing to be from the NCUA, to credit union members and the general public.  The e-mails state the NCUA will add $50.00 to the member's account for taking part in a survey.  The link embedded in the message directs members to a counterfeit version of NCUA's website with an illicit survey that solicits credit card account numbers and confidential personal information.

NCUA will never ask credit union members or the general public for personal account or personally identifiable information as part of a survey.  Any e-mail that alleges to be from NCUA and asks for account information is fraudulent and should be treated as suspicious. 

Anyone who has clicked on any of these e-mails should consult with a computer security or anti-virus specialist to assess the need to re-install a clean image of the computer system.  It also is suggested that members take the following precautions:

• Scan affected computers using updated anti-virus software.
• Enable automatic updates for anti-virus software and computer operating systems.
• Install security patches for common software applications promptly.
• Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software.
• Do not open unsolicited or unexpected e-mail attachments.
• Do not follow Web links in unsolicited e-mails from apparent federal banking agencies, instead, bookmark or type the agency's Web address.
• Call the agency using a known and appropriate telephone number to verify the legitimacy of the message and attached file.

Members affected by this scam, or variants of this scam, should be advised to forward the entire e-mail message to phishing@ncua.gov.