Technology brings us all kinds of convenience and entertainment. It also creates new ways for crooks to take advantage of consumers. The scams and the lingo change all the time. Here's an abbreviated technology fraud dictionary to keep you in the know:
Pharming secretly plants a virus or malicious program in your computer and hijacks your web browser. Pharming crimeware misdirects users to fraudulent sites or proxy servers. When you type in the address of a legitimate Web site, you're sent to a fake site without knowing it. If you give your password or account information on the fake site, thieves will use your account fraudulently.
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords, account information and credit card details, by masquerading as a trustworthy entity in an electronic communication.
A clear tip-off that it's a fake--typically the greeting will be generic and not addressed to you by name. Another characteristic is a sense of urgency or alarm, say, that your account is about to be closed. Delete the message and report it to reportscams@kucu.org.
View samples of phishing emails.
Pretexting isn't new, but another scam aided by technology. Sometimes referred to as "social engineering," it occurs when someone tries to get personal private information without authority to do so. The scammer may ask for private information while impersonating an accountholder by phone, mail, e-mail, or even by phishing--using a phony Web site or e-mail to collect data.
SMS-based phishing, or SMS-ishing, convinces a user to click on a link in a SMS message leading them to a fake Web site from where their personal details can be phished or to call a phone number in order to gain access to private personal and financial information for the purpose of illegal financial reward.
Example of a fraudulent text message:
FRM: KU Credit Union
MSG: For usual maintenance please confirm your KU Credit Union details by calling at XXX-XXX-XXXX (actual phone number varies).
Please remember that we will never contact you asking you to verify any of your personal account information.
"It is important for our members to know these are random phone calls proven by the fact that we have a lot of non-members notifying us about the fraudulent calls," said Kelly Diven, CEO/President, "and the only way accounts are compromised in any way is when unsuspecting individuals respond and give these scam artists their personal account information."
Spim is spam--unsolicited bulk e-mail--delivered by IM, instant messaging. Not yet as common as spam, it reaches more people all the time. IM can be especially useful for spammers and dangerous for recipients because they may be more likely to click on links, bypassing virus software available on computers. Block messages from anyone not on your buddy list as a defense.
A spoof is an attempt to fool. Web spoofing is the act of secretly tricking your Web browser into talking to a different Web server than you intend. E-mail spoofing involves forging an e-mail header to make it appear as if it came from somewhere or someone other than the real source. Either can seduce you into supplying information to an unintended recipient.
If you hold your mouse over a link, the status line displays the corresponding URL. Be suspicious if the status line URL is different from what you think you should see. If Web pages you're familiar with suddenly prompt you to fill in private information, think carefully before you comply. If possible, call or send mail to the official source to verify that this change is legitimate. As always, when in doubt, do not enter any information you feel uncomfortable providing.
Vishing is a combination of "voice" and phishing, where the caller typically exploits the public's trust in landline telephone services in order to gain access to private personal and financial information for the purpose of illegal financial reward
. Victims are often unaware that vishing usually allows for caller ID spoofing and complex automated voice systems.
Typical fraudulent messages may say that your credit card has been cancelled or compromised and direct you to call in and provide personal information.
Please be assured that your personal and financial information has not been compromised in any way. The only way that fraudulent activity can take place on your account through these phishing and vishing attempts is if you respond and ultimately give them access to your personal account information. We are utilizing every available means at our disposal to monitor, analyze, and pull down these illegal phishing Web sites and these illegal operations as quickly and efficiently as possible.
How can you help?
We believe that the single most effective weapon against fraud and identity theft is an informed, educated member. To help you recognize phishing scams, we have some samples of things to look for to help you distinguish a fraudulent email attempt from the real thing. You can also visit our site's
Fraud and ID Theft page to read more. If you believe you have received a fraudulent email, phone call or letter from the Credit Union, please contact us at
reportscams@kucu.org or call us at (800) 897-6991 option 3.
What to look for:
Homepage of Web site:
This is the correct address for our home page.
Incorrect Homepage of Web site:
This may seem correct, but pay attention to the address bar.
Correct eBranch Login:
This is the correct address for logging into eBranch. The prefix is "https://" which denotes, in this case, that the site is secured. The address is "www.cuonlineaccounts.org." The file name is all the rest of the information to the right of the first "/" after https://. Also, notice padlock at the end of the address bar? This means the site is secure. If you are using IE7, the whole address line should appear green like below.
Using the Mozilla Firefox browser, the address should appear yellow.
IP address scam:
Real sites don't usually have numbers at the beginning of their address.
Incorrect Web site:
Although you see kucu.org in the address line, don't be fooled. The real host for this site is businesssupport.ru. Within the Address, the right-hand side is the most important! It shows the site name. Look at the address before the first "/" after the http://.
The following are examples of e-mails that members and non-members have reported receiving. Please remember, these are not legitimate messages and should not be responded to. If you receive an email you believe is fraudulent, please forward it to reportscams@kucu.org.
Phishing Email Example #1
Phishing Email Example #2
Phishing Email Example #3
Phishing Email Example #4
Phishing Email Example #5
Phishing Email Example #6
Phishing Email Example #7
Find out more by reading our Fraud &
ID Theft page.
. To help you recognize phishing scams, we have some samples of things to look for to help you distinguish a fraudulent email attempt from the real thing. You can also visit our site's page to read more. If you believe you have received a fraudulent email, phone call or letter from the Credit Union, please contact us at
reportscams@kucu.org or call us at (800) 897-6991 option 2.