\|Home \| Apply for Loans \| Membership \| Branch/ATM Locations \| Contact \| Rates \| Search
Live Chat Member Support Financial Learning Center
Accounts Mortgages Loans Business Services Electronic Services Financial Services Youth Finance FMFCU Info
Checking \| Savings \| Certificates \| IRAs \| Money Markets \| Clubs \| Direct Deposit \| Rates Mortgage Center \| Apply Online \| First-Time Buyers \| CU Realty \| Mortgage Options \| Checklist \| Mortgage FAQs Apply for Loans \| Vehicle Center \| Home Equity \| Credit Cards \| Personal \| Student \| Credit Services \| Rates Business Services Center \| Business Deposits \| Business Lending Home Banking \| eTransfers \| Bill Payment \| e-Statements \| Phone Banking \| Check Card \| Other Services About Financial Services \| Financial Services Team \| Newsletters \| Auto and Homeowners Insurance Kids \| Student Loans \| Start Smart Accounts \| FMFCU & Education About FMFCU \| FMFCU & Education \| Foundation \| Business Partners \| News & Events \| Publications/PR \| Careers

Security Links

Additional Resources

FMFCU Security Info

About SSL Certificates

FMFCU Security Center | Web Targeting and Prevention

Online Targeted Attacks have become extremely widespread in today's Internet world. Fraudsters are targeting individuals, businesses, and worldwide corporations using some of the following:

Phishing
Vishing
Pharming
Viruses

Every day someone is attacked and their computer or personal information is compromised. FMFCU members need to be prepared to recognize these attempts and this section will help you understand what to look for when surfing the net or reading e-mails.

PHISHING

Phishing is defined as the use of fraudulent communications, fraudulent web sites, and popups to lure victims into divulging personal information such as passwords, financial data and other sensitive information. This information then leads to financial crime and identity theft.

How It Works

The term Phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' private information. The most common ploy is to copy the look and feel of a web page from a major site and use that design to set up a nearly identical page that appears to be part of the company's site.

LEARN HOW TO IDENTIFY PHISHING AND TAKE ACTION

It is very important to read our section on how to identify phishing. Internet users around the world are getting phished daily and it's up to you to know how to prevent these criminals from getting your personal information.

Learn how to identify phishing and take action
Make sure you have updated browsers - examples of how current versions of Internet Explorer and Firefox try to help you identify phishing sites
See three examples of phishing: example #1 - example #2 - example #3
Another related scam is using a "Call Foward" technique

See our Library of FMFCU attacks.

VISHING

Vishing is a combination of "voice" and phishing. The criminal uses a computer to receive "Voice Over IP" calls from legitimate consumers who have been told to call a certain number from a phone call made by the criminal.

How It Works

The fraudster sets up software to dial select phone numbers. When the phone is answered, an automated voice recording is played. It tells the consumer that fraudulent activity has occurred on their credit or debit card. It then instructs them to call a certain phone number which is actually the criminal's computer. Then the consumer is instructed to enter their card number, PIN, expiration date, and other personal information. Once the consumer does this, the criminal now can use the card and commit fraud.

PHARMING

Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning. The fraudster can either change the hosts file on a consumer's computer or typically, the criminal can somehow get into an ISP's server and change the web site's IP address so that when you type in a web site name, it goes to the criminal's web site and not the official site.

This type of attack is not common and many ISPs have upgraded their software to prevent pharming since it's introduction.

Example: The fraudster sets up an 800 phone line to have people call in. They mail (yes, snail mail) bogus postcards or letters to victims and have them call the telephone number. Once the victim calls the telephone number, the victim provides all the typical information needed to validate an account. In the mean time, the fraudster collects what is needed and the victim is assured things are fine based on the validated information. The sad part is that the victim actually is completely unsuspecting that anything fraudulent occurred since they personally called the telephone number rather than receiving a call. It is also more assuring that the inquiry was via the mail. Based on simple marketing metrics for response rates, the numbers will add up for a fraudster to spend the money to mail the letters.

How the pharm works: The pharm uses a toll free number, which would have been registered, possibly using fake names or contact information. The appearance of a toll free number on the pharm resonates with the typical toll free phone numbers used by the legitimate financial institution. When users dial the toll free number, they are greeted by a recorded message apparently from the FI. Below is a transcript of a recorded message:

Pharmer: Welcome to FI account verification.
Please type your 16 digits card number.
user: [types invalid 16 digit credit/debit card number]
Pharmer: Please type your 16 digits card number.
user: [types valid 16 digit credit card number]
Pharmer: Please type expiration date, month first year later.
user: [types 4 digit date]
Pharmer: Please type the last 4 digits of the primary card holder's social security.
user: [types 4 digits]
Pharmer: Wait please till processing. Thank you. Your account has been verified. [Message terminates]