More cases of the fraudulent e-mail scam targeting IU Credit Union members have been reported this week and the credit union now is aware of several cases where unauthorized ATM charges have been made on member's accounts, said the credit union's Vice President of Management Information Systems Mark Weigle.
As of Friday afternoon Weigle said the credit union now knows of at least 65 people who responded to the phishing e-mail scam, providing sensitive data like their debit card number and pin codes. That number cites a significant rise since Wednesday's report, in which 15 to 20 respondents were counted. \nWeigle said in most instances the credit union shuts down that person's account before illegal transactions can take place. \nSeveral different versions of the fraud e-mail have been sent that requests the user to follow a link to a seemingly authentic, but actually fake, Web site that requests the member's credit information. Weigle said they believe once the information has been sent from this link, their data may be compromised. He added they know already that several fake debit cards have been created based on the stolen information, allowing the perpetrator to gain access to the user's account. \n"We are continuing to shut down the Web sites," Weigle said. "We are adding information to our own Web site and we'll be sending something out in our statement at the end of the month to make sure people look at their accounts. Also, we continue to warn our members about responding to unsolicited e-mail from or us or anyone else."\nHe added that even if unauthorized action may have taken place on its members' accounts, they will not be held accountable for the losses and will be covered because it's a fraud. \n"Phishing is the practice of using deception -- either deceptive language, fake Web sites, or both -- in an attempt to acquire others' credentials or identity on the Internet," said Informatics graduate student Jacob Ratkiewicz, who specializes in studying phishing attacks. \nHe added that if someone replies to one of these e-mails "in general the phisher gains your credentials -- that is, becomes you -- on whatever site is targeted ... If anyone at IU is victimized by the (credit union) scam, the phisher would potentially be able to empty their account." \nA new type of the fraud e-mail has been noticed as well that may take advantage of the situation where credit union members are aware of the threat of the e-mails.\n"We have reasons to believe that (your account) may have been compromised by outside parties," the new fraud e-mail reads. "In order to protect your sensitive information, we temporarily suspended your account access. This is a fraud prevention measure meant to ensure that your account is not compromised."\nThe e-mail then asks the user to follow a link to the site and log in to restore their account. \nWeigle said while this e-mail may appear to be from the IU Credit Union warning of the fraud e-mails, it is actually just another phishing e-mail that is in no way from the credit union. He said this may be part of the scammers' strategy to gain access to more accounts. \nIn total, Weigle said he believes it is possible that hundreds of thousands of the fraudulent e-mails have been sent out during the past week. The credit union has already received 28,000 e-mails that have been sent back to them in some way -- either by automated replies or concerned people forwarding the message back to the credit union. \nBoth Weigle and Ratkiewicz said that people should exercise extra caution when they receive any kind of e-mail that requests personal information. Ratkiwicz said a good practice to follow is not to click on links found in e-mail and instead independently travel to the Web site. \n"When in doubt, customers should always go to the Web site for the company in question and try to find the same information there, or call the company on the telephone," he said. \nAfter the spike in reported cases, Weigle said they are now seeing a slowdown in the number of people saying they may have responded to the e-mail. Weigle credits this in part to the media coverage over the past few days. \n"I think so many people have read (the media reports) and then checked their e-mail and wondered if they need to do anything," he said. "I think media coverage helps in general, whether the phishing scam for the IU Credit Union or anything else, when people see other have been victims, they may think twice before clicking on an unsolicited e-mail."\nThe IU Credit Union's Web site is www.iucu.org. A helpline is available at 855-7823.
