Security Links

Additional Resources
FMFCU Security Info

FMFCU Security Center | Web Targeting and Prevention

Online Targeted Attacks have become extremely widespread in today's Internet world. Fraudsters are targeting individuals, businesses, and worldwide corporations using some of the following:

Every day someone is attacked and their computer or personal information is compromised. FMFCU members need to be prepared to recognize these attempts and this section will help you understand what to look for when surfing the net or reading e-mails.


PHISHING

Phishing is defined as the use of fraudulent communications, fraudulent web sites, and popups to lure victims into divulging personal information such as passwords, financial data and other sensitive information. This information then leads to financial crime and identity theft.

How It Works

The term Phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' private information. The most common ploy is to copy the look and feel of a web page from a major site and use that design to set up a nearly identical page that appears to be part of the company's site.

LEARN HOW TO IDENTIFY PHISHING AND TAKE ACTION

It is very important to read our section on how to identify phishing. Internet users around the world are getting phished daily and it's up to you to know how to prevent these criminals from getting your personal information.

See our Library of FMFCU attacks.


VISHING

Vishing is a combination of "voice" and phishing. The criminal uses a computer to receive "Voice Over IP" calls from legitimate consumers who have been told to call a certain number from a phone call made by the criminal.

How It Works

The fraudster sets up software to dial select phone numbers. When the phone is answered, an automated voice recording is played. It tells the consumer that fraudulent activity has occurred on their credit or debit card. It then instructs them to call a certain phone number which is actually the criminal's computer. Then the consumer is instructed to enter their card number, PIN, expiration date, and other personal information. Once the consumer does this, the criminal now can use the card and commit fraud.

Read how to protect yourself. This article from CNET.com explains it all.


PHARMING

Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning. The fraudster can either change the hosts file on a consumer's computer or typically, the criminal can somehow get into an ISP's server and change the web site's IP address so that when you type in a web site name, it goes to the criminal's web site and not the official site.

This type of attack is not common and many ISPs have upgraded their software to prevent pharming since it's introduction.

Example: The fraudster sets up an 800 phone line to have people call in. They mail (yes, snail mail) bogus postcards or letters to victims and have them call the telephone number. Once the victim calls the telephone number, the victim provides all the typical information needed to validate an account. In the mean time, the fraudster collects what is needed and the victim is assured things are fine based on the validated information. The sad part is that the victim actually is completely unsuspecting that anything fraudulent occurred since they personally called the telephone number rather than receiving a call. It is also more assuring that the inquiry was via the mail. Based on simple marketing metrics for response rates, the numbers will add up for a fraudster to spend the money to mail the letters.

How the pharm works: The pharm uses a toll free number, which would have been registered, possibly using fake names or contact information. The appearance of a toll free number on the pharm resonates with the typical toll free phone numbers used by the legitimate financial institution. When users dial the toll free number, they are greeted by a recorded message apparently from the FI. Below is a transcript of a recorded message:

Pharmer: Welcome to FI account verification.
Please type your 16 digits card number.
user: [types invalid 16 digit credit/debit card number]
Pharmer: Please type your 16 digits card number.
user: [types valid 16 digit credit card number]
Pharmer: Please type expiration date, month first year later.
user: [types 4 digit date]
Pharmer: Please type the last 4 digits of the primary card holder's social security.
user: [types 4 digits]
Pharmer: Wait please till processing. Thank you. Your account has been verified. [Message terminates]


SMiShing

SMiShing are cell phone and mobile device text messages with links to web sites that extracts credit card numbers and other private data. Targeted victims could also be coaxed into downloading unsuspecting software containing Trojan horse viruses. SMiShing is short for "SMS phishing."

How It Works

Cell phone users receive messages that read: "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order at our website." Many consumers fearful of incurring premium rates on their cell phone bill visit the web site. However, once they arrive, they are prompted to download a program which is actually a Trojan horse.

Cell phones with Internet access are especially at risk. By clicking on a link in a smishing message, you can unknowingly allow a hacker to steal your personal information, activate your phone’s camera or even listen in on your private cell phone conversations. In some cases, these programs can send fake messages to people in a phone’s contact list. It's important to think before you click.

Copyright © 2014 FMFCU. All Rights Reserved. Federally insured by NCUA.