Alerts

U W Oshkosh Website

Staff and Board Member Area

Alerts

Check here for information on phishing e-mails or other items of concern to our members

You can get more information on phishing on our FAQ page

11/21/08 - A new e-mail “phishing” scam seeks to plant malicious software on the computers of recipients who open an attachment purportedly related to the purchase of an airline ticket.
The fake e-mails use the names of various U.S. airlines including Northwest Airlines, Continental Airlines, Sun Country Airlines, US Airways, Allegiant Air, Delta Air Lines, Alaska Airlines, Midwest Airlines, and Hawaiian Airlines.

The e-mail messages urge recipients to confirm a ticket purchase they never ordered. The e-mail requires an entry by thanking recipients for buying the tickets using the “Buy flight ticket online” service offered by the airline. Giving fake details of the purchased ticket, it asks them to confirm the purchase by printing the invoice and the ticket after clicking on an attachment in the mail.

However, when unsuspecting recipients click on the e-mail, a malicious software program downloads onto their computers. This “malware” enables the fraudsters to gain confidential information such as credit card access codes, Social Security numbers, and net banking passwords by allowing them remote access to the computers..

Airlines say there are a couple of things inside the mail that should warn people of the scam. The e-mails contain mistakes in spelling and grammar, and the formats in which the itineraries are presented are different than those used by the airlines.

You and your members should be aware that these e-mails are not coming from the airline. If the format does not look familiar to you, and you have not recently purchased a ticket, do not open the attachment. Delete the e-mail right away.

Below is an example of an e-mail received by a credit union executive:
8/1/08 - some members may have received an e-mail with the subject "The importance of customer credit card protection" This e-mail was not sent by us and does not have our name mentioned or affiliated with it. Please disregard this e-mail and delete it. The text of the message is as follows:

Dear Customer,

All UW Credit Union accounts were recently update with a new security enhancement.
For your security, we have temporary suspended your account.

To reactivate your account call us: 1-800-518-5443 (Toll-Free)

Never access the UW Credit Union Web site by clicking on a link provided in an e-mail. Your
UW Credit Union will never solicit you to provide or update personal or financial information.
And, will never send an e-mail containing links to Credit Union's Web sites.

Note:
* If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your ISP
* For security reasons, we will record your ip address, the date and time.
* Deliberate wrong imputs are criminally pursued and indicted.
6/25/08 - Credit unions across the country are reporting that their members are receiving unsolicited text messages. It’s an attempt at Smishing, the latest form of phishing. In Smishing, an e-mail tries to lure a recipient into giving personal information via SMS, the communications protocol used to send text messages to a wireless device. The recent scam is targeting credit union and other financial institution members.
In smishing, the members receive a text message via cell phone warning that their bank account has been closed due to suspicious activity. It then tells them they need to call a certain phone number to reactivate the account.

Unsuspecting callers who dial the number provided in the text message will be taken to an automated voice mail box that prompts them to key in their credit card or debit card number, expiration date, and PIN to verify their information.

If you have a question concerning your account or credit/debit card, contact your financial institution using a telephone number obtained independently, such as the phone number from your statement, a telephone book, or other independent means.
- - Be wary of any message received from an unknown sender.
  - Do not open unsolicited e-mails or text messages.
  - Do not click on any links provided in unsolicited e-mails.
- Don’t display your wireless phone number or e-mail address in public. This includes newsgroups, chat rooms, Web sites, or membership directories.
- If you open an unwanted message, send a stop or opt out message in response.
- Check the privacy policy when submitting your wireless phone number or e-mail address to any Web site. Find out if the policy allows the company to sell your information.
- Contact your wireless or Internet service provider about unwanted messages.
5/30/08 - An e-mail went out to many e-mail accounts with uwosh.edu in the address today. The e-mail claims to be from Oshkosh Central Credit Union, however it is not from them, Upon investigation of the IP address where it was generated from, it came from somewhere in Canada. We at the UW Oshkosh Credit union made Oshkosh Central Credit Union aware of the situation and are in no other way involved with the scam.

11/1/07 - Identity Theft Protection Program Scam - There is an e-mail going around that asks you to call to activate identity theft protection. This is NOT a legitimate e-mail. Please delete this message should you happen to receive it. The text of the e-mail is below:

Dear Credit Union customer,

We regret to inform you that we have received numerous fraudulent emails which ask for personal account information.
The emails contained links to fraudulent pages that looked legit. Please remember that we will never ask for personal account
information via email or web pages.

Because of this we are launching a new security system to make Credit Union accounts more secure and safe. To take advantage
of our new consumer Identity Theft Protection Program we had to deactivate access to your card account.

To activate it please call us immediately at (425) 998-1153

Activation is free of charge and will take place as soon as you finish the activation process.

If you think your identity has been stolen, here's what to do now:

1) Contact the fraud departments of any one of the three major credit bureaus to place a fraud alert on your credit file. The fraud
alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon
as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified, and all three credit reports
will be sent to you free of charge.

2) Close accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavit (PDF) when
disputing new unauthorized accounts.

3) File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.

4) File your complaint with the Federal Trade Commission (FTC). The FTC maintains a database of identity theft cases used by law
enforcement agencies for investigations. Filing a complaint also helps the FTC gather more information about identity theft and the
problems victims are having.

For more information, go to: http://www.consumer.gov/idtheft/.

Please do not reply to this message. For any inquiries, contact Customer Service.
NCUA, CUNA, Credit Union - Copyright 2007

10/31/07 - Credit Card Scam - Scammers pretend to be fraud investigators from Visa and MasterCard in order to obtain credit card security codes from card holders. Read more about it on Snopes.com
7/11/07 - Grant Scam As another school year is approaching, the Better Business Bureau, law enforcement and other agencies are busy alerting the public of a new type of online scam for grant money through JQ Bank. Read more here.
3/19/07 - NCUA E-mail scam - There is an e-mail that went out appearing to be from the NCUA Account Review Department. This is not a legitimate e-mail. Please delete it if you receive it. The text in the e-mail is the same as the 3/6/07 alert.

As always, if you have given out any personal identification, please contact us immediately.

3/12/07 - There is a fraudulent e-mail that incorrectly implies it is from the UW Credit Union going around again. If you receive this e-mail, please disregard it and delete it. If you look at the message, it appears to be from the UW Credit Union (Not the UW Oshkosh Credit Union) and it has the UW Credit Union logo in the message (again, not the UW Oshkosh Credit Union logo). If you hold your cursor over the CLICK HERE link, it shows a web address that is completely different from both the UW and UW Oshkosh Credit Union's addresses.

If you have given out any personal information on this link, please contact our office immediately.

3/6/07 - low level alert
There is a phishing e-mail with the subject "Official information for all Federal Credit Union" containing the following text:

Dear Credit Union holder account,

This notice informs you that your Credit Union bank has joined our Federal Credit Union(FCU) network. For both, our and your security, we are asking you to activate an online account on our database. After activation you can login on our system with your SSN and your Credit/Debit PIN number.

You must visit the FCU activation page and fill in the form to activate your online account:

https://www.ncua.gov/activate_account

In accordance with NCUA User Agreement, you can use your online account in 24 hours after activation. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account.

National Credit Union Administration Team apologize for any inconvenience.

Sincerely,
NCUA Account Review Department

This is not a legitimate e-mail. If you receive this message, please do not reply, and delete it immediately.

If you did go to the site and entered any information, please contact us immediately.

Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government

E-mail us at uwoshcu@uwosh.edu. We will get back to you within one business day.
Copyright © 2006 UW Oshkosh Credit Union
Last modified: 11/21/08