Dear Board of Directors:
The purpose of this Risk Alert is to ask you to continue your efforts with raising consumer awareness on phishing1 schemes and to inform you of steps NCUA has taken to combat this threat. I want to commend the efforts many credit unions have already made to highlight this issue for consumers. This has been achieved in part through web site posting and statement stuffers offered by many of you. But, over the last several weeks, so-called phishing perpetrators have expanded their schemes to mimic NCUA’s web site, and target consumers by asking them to provide confidential information to purportedly verify account registration information or to maintain insurability of accounts. NCUA is highly sensitive to the risk that use of our official agency logo could potentially make the scam more deceptive to unsuspecting members.
What Credit Unions Can Do:
I want to remind you of a useful brochure NCUA and other FFIEC member agencies developed to supplement your member education awareness efforts on phishing. As outlined in this brochure, NCUA strongly recommends the credit union’s member education campaign reinforce the following message to your membership:
• Never provide your personal information in response to an unsolicited request.
• If you believe the contact may be legitimate, contact the credit union yourself.
• Never provide your password over the phone or in response to an unsolicited Internet request.
• Review account statements regularly to ensure all charges are correct.
This brochure is a convenient one-page resource designed for inclusion with mailings such as monthly statements. It is available for download at: http://www.ncua.gov/Publications/brochures/IdentityTheft/index.htm or can be purchased directly from NCUA by calling our publications line at 703-518-6340.
Steps NCUA Has Taken:
As I mentioned earlier in this Risk Alert, NCUA itself has been the target of recent phishing schemes. We are working closely with the FBI to investigate these attacks and prosecute those responsible. We have also notified staff concerning these emails and have instructed them to forward instances of internet fraud or phishing attempts utilizing NCUA’s web site to the following agency mailbox: Phishing@ncua.gov.
I encourage you to make this information available to your membership so they may also beable to provide us timely information. Additionally, consumers should be referred to the following link:
http://www.ncua.gov/Phishing/phishing.htm, for more information regarding the ongoing fraud to the agency's webpage and how they may file a formal complaint with the Internet Fraud Complaint Center2 at http://www.ic3.gov.
I appreciate your cooperation in getting this important message out to your membership. Together, we can help to ensure credit union members are best prepared to protect their personal financial information. NCUA will continue to follow this issue and provide you with additional information when available. In the meantime, if you have any questions, please contact your district examiner, Regional Office, or State Supervisory Authority.
1 The term phishing refers to fraudulent attempts to gain access to consumers’ non-public personal information through the use of unsolicited emails intended to direct consumers to a web site “spoofed” to appear like a legitimate web site.
2 The Internet Fraud Complaint Center (IFCC) was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints, research, develop and refer the criminal complaints to law enforcement agencies for any investigation they deem to be appropriate.