Scam e-mails target Credit Union members

The latest round of phishing attacks on IU Credit Union members displays a higher level of sophistication than previous scams -- though experts say this should come as no surprise. \nThe e-mails, sent to many IU students, faculty and staff as well as others outside the University, "warned" members that the credit union detected errors in their accounts due to fraudulent activity and urged them to click what looked like a link to the IU Credit Union Web site.\nThe URL, however, routed to a server and a fake credit union Web site based in Diboll, Texas, said Mark Weigle, IU Credit Union vice president in charge of security.\nCredit union officials learned about the phishing attacks shortly after 9 a.m. Monday. By 10:30 a.m., they had contacted the fake Web site's Internet service provider, and the page was taken down and the server removed, Weigle said.\nThis attack is more developed than the massive phishing scam that occurred in June, when phishers successfully defrauded about 70 to 80 members. The e-mails correctly referred to recipients as IU Credit Union members, not just customers, as in the last attacks. They also included the credit union's logo and a fake copyright claim.\nThe scams' small enhancements should not be surprising, said Markus Jakobsson, an associate professor of Informatics who specializes in cyber security. \nPhishers learn from previous attacks and adjust their tactics, he said. Bank customers were previously warned to look out for bad spelling and factual errors, so the scammers have improved their grammar and checked their facts.\nWeigle said he was not aware of any credit union members who fell victim to the latest round of attacks.