Banks and credit unions are experiencing an increased number of phishing emails & phone calls. Phish emails request the email recipient to link to a phony website and submit personal account information. Phish phone calls ask someone to give out their personal account information over the phone. Elevations Credit Union has reports of phishing emails and websites and is working to shut these sites down.

View a printable guide to avoid phishing scams. [PDF]

Definitions
Phishing (fish’ing) (n.) Also known as “Spoofing” – The act of sending an email in an attempt to get the recipient to visit a fraudulent website and enter sensitive personal information. Phish emails and websites try to fool the recipient by mimicking a legitimate business. Any information collected by the phisher is then used to steal the recipient’s money or identity. View a screenshot of an actual phish email.

Sensitive personal information - Any information about an individual that can be used to verify their personal financial information or identity. This includes: Social Security Number (SSN), credit card, account or PIN numbers, usernames and passwords, birthdates, passport and visa documentation.

Phish emails typically:

• Copy a legitimate company’s logos and graphics
• Appear to come from a legitimate business (Example from an email: “From: service@elevationscu.com”)
• Include a generic greeting or subject (Example: “Dear Elevations Credit Union Member”, “Dear Member” or “Important Information About Your Account”)
• Have an urgent tone for quick action (Example: “Ignoring this message will result in a suspension of your account within 24 hours”)
• Contain links that resemble the Credit Union’s web address (Example: http://bank-elevationscuonline.com/)
• Contain links that appear to be legitimate in the email, but go to a fraudulent phish website. This type of link is called a “masked” or “embedded” link (Example: “Please visit http://www.elevationscu.com/security “ - this link actual goes to a fraudulent website address such as “ http://elevationscu-security.com/ “ or “ http://202.52.132.5:82/www.elevationscucu.com/secure/forms/link24_locked_out.cfm “)
• Depend on the recipient taking action by clicking on a masked link and entering sensitive personal information into the fraudulent website.

Please note: Phishers are getting more sophisticated. Recent phish emails cloak themselves as security and phish alerts. In these cases, they alert the member to never click a link in an email, and then present the recipient with a masked link to a fraudulent website to unlock their account.

More Detail on Phishing

How Phishers Gather Email Addresses

• Phishers get emails from many sources, including the Internet, third-party sites, etc.
• Lists of email addresses are circulated and sold between spammers.  Once an address is on a list it may be distributed to many others.
• Generated list - Spammers have applications that guess email addresses. The more popular addresses such as first name only, business type usernames made of first initial and last name, and nicknames are common guesses.
• If a person has given their email address on a publicly available webpage or forum (MySpace.com, etc.), it could be harvested and used in mass mailings.

Phishing In Depth

Why & What - Phishers hope to get away with stealing people’s sensitive personal information on the internet without getting caught. Once they have obtained this information, they try to use it to steal money or to mimic a person’s identity.
Who - Like any theft, a phisher can be anyone that has the technical knowledge and an intention to steal.
Where - A phisher could be located anywhere in the world because they have the technology to make their websites appear to be located anywhere. Phishers will often locate fraudulant websites on servers that are out of the United States. This makes it more difficult for authorities to take action and have a site taken down.
When – Phish emails are received at any time. Often, phishing attempts are sent at the same time because phishers try to gather as much sensitive personal information as possible in the shortest time.

Please report any suspicious emails or security questions to security@ElevationsCU.com.

More Resources
RealityCheck Consumer Guides - Phishing's Hot in the Summertime.

Security Center | Privacy Policy | Disclosures | Downloads | Fees | Third-Party Sites Disclosure
© 2009 Elevations Credit Union. All Rights Reserved. This site is best viewed with a standards compliant browser with the Adobe Flash player.