The USF Federal Credit Union has issued a warning to all of its bankers stating a “phishing” scam is trying to hook consumers into giving out personal information.
The bank posted on its Web site that an e-mail titled “About your Online Services” is notifying bankers that their service will be deactivated and deleted if not renewed immediately. The e-mail provides students with an embedded link to arealistic-looking Web site with a near-identical log-in to the one used for current USF Federal Credit Union bankers. Alex Campoe, Associate Director for Academic Computing, said only 160e-mail messages successfully got through the college’s spam software system. All other e-mails were caught and terminated in the software system.
An e-mail was sent to school administrators to warn them of the scam, but Campoe said an official e-mail would not be sent to the entire student body. Instead, the school will try to send an e-mail only to the students affected. But Campoe said it wouldn’t be an easy process.
“It’s difficult to track these remote controller bots,” Campoe said. “We can filter them, but it’s not easy. It’s always a battle. The best way is to just inform the users.”
The official USF Federal Credit Union log-in address is https://hbs.creditunion.usf.edu/cgi-bin/mcw000.cgi. The fake email gives http://hbsusf.com/hbs.creditunion.usf.edu/cgi-bin/mcw000.cgi/MCWSTART as a log-in address.
USF Federal Credit Union Senior Vice President Bruce Koehler said the bank hasn’t had many complaints, but warns members not to give out their information to anyone.
“No one will ask for your information at that level,” Koehler said. Koehler said the Credit Union is going to focus on education instead of law enforcement at this point. University Police spokeswoman Lt. Meg Ross said anyone with an Internet connection has to be careful with personal information, adding that there isn’t much the police can do.
“It is very important for people to deal with the institution directly instead of responding to unsolicited emails,” Ross said.
Campoe said an increased number of phishing scams appear around tax time because scammers believe people might be more willing to give out personal information.
Phishing is one of the latest forms of identity theft. Typically used in the form of an e-mail, these scams provide consumers with an embedded link to what appears to be a legitimate business in order to trick users into releasing personal information.
While they may look identical to their official counterparts with convincing graphics, logos and URL address, the sites are used to gather personal information such as PIN and social security numbers so a thief can later withdraw money from bank or credit card accounts.
“The best thing to do is contact the entity in question or open your browser and try going to the official site,” Campoe said. “If the site doesn’t have similar information or warnings, you know the e-mail is a scam.”