honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Tuesday, August 8, 2006

Credit union stops 'phishing' scam

By Greg Wiles
Advertiser Staff Writer

PROTECT YOURSELF:

  • Do not respond to e-mail messages asking for personal information.

  • Typically, financial institutions do not ask customers for private information such as account numbers, passwords and credit card numbers via e-mail.

  • spacer spacer

    Hawaii State Federal Credit Union, the largest local credit union, was able to get a bogus Web site shut down yesterday to prevent members from being scammed.

    The Web site's link was included in a fraudulent e-mail spread over the Internet yesterday aimed at getting credit union members to divulge personal information.

    It was the first time Web thieves had targeted Hawaii State Federal members with an e-mail, the credit union said. Customers of other local institutions, including American Savings Bank, Bank of Hawaii and First Hawaiian Bank have been targeted in the past.

    Hawaii State Federal spokeswoman Pauwilo Look said the credit union received its first call questioning the e-mails yesterday morning and notified the Internet Crime Complaint Center about the scam. The credit union was able to get the fake Internet site taken down by noon.

    The e-mail told recipients that their account information may have been obtained by outside parties and asked them to click on a link to go to a "secure site" where they could reactivate their account.

    "We regret to inform you that we had to lock your account access because we have reasons to believe that it may have been compromised by outside parties," the e-mail read. "In order to protect your sensitive information, we temporarily suspended your account access."

    Look said the credit union previously alerted its 63,000 members through newsletters that they needed to be vigilant for suspicious e-mails and that it would never send something seeking personal account information.

    The so-called phishing message sent yesterday was written with a businesslike tone, but on close inspection had several clues that it was fake. These included a sender's address that wasn't associated with the credit union and the wrong address for the credit union's Internet site.

    At least two of the messages carried incorrect dates and mentioned the credit union's membership in the Federal Deposit Insurance Corp., which provides deposit insurance for banks.

    The Hawaii State Federal Credit Union's deposit insurance is provided through the National Credit Union Administration.

    Web thieves who send bogus e-mails are getting more sophisticated in targeting consumers of financial institutions by obtaining localized e-mail lists.

    Reach Greg Wiles at gwiles@honoluluadvertiser.com.