E-mails purporting to be from the University Credit Union filled
UCLA inboxes this month, offering UCU customers the chance to sign
up for protection from fraud and identity theft.
But these e-mails themselves were a scam.
The messages were part of a trend in bank fraud called
“phishing,” in which third parties pose as trusted
companies and send fraudulent messages to customers, directing them
to Web sites and asking them to enter personal information.
Phishing scams routinely target customers of large companies
such as Citibank, PayPal and eBay. UCU, which offers banking
services mainly to the UCLA community, was first targeted in
February.
Two different fraudulent e-mails targeted UCU customers in the
past month, said UCU spokesman Steve Sercu. Both messages were
written as if they were from the credit union and featured UCU
logos.
UCU customers were not the only people who received these
e-mails. The messages were most likely sent at random to e-mail
addresses containing “ucla.edu,” Sercu said.
A few people have fallen victim to the latest scam.
“It’s been a low turnout as far as anyone
that’s been phished or scammed,” said Stacey McKenzie,
a UCU electronics service representative. “So far, it’s
not more than 20.”
The first scam message, sent in late July, warned customers that
their accounts would be closed if they were not
“verified” with personal information.
The second, sent early this month, warned customers of a
phishing scam that had taken place and offered to let them sign up
for a new identity theft protection feature.
“We’re serious about security,” said the scam
e-mail, and included a link to a page requesting customers’
identifying information as part of the sign-up procedure.
In reality, UCU does not use e-mail to request information from
customers.
“We would never ask for information to be entered like
that, especially credit card information and PINs,” Sercu
said.
“There’s no reason to ever give your financial
institution your PIN number,” Sercu stressed.
“That’s private to you.”
The credit union has posted a notice on its Web site warning
customers of phishing scams and reminding them never to surrender
account information over telephone or e-mail.
If UCU customers suspect they have become victims of a phishing
scam, they should use the UCU Web site to change their PINs and
call the credit union right away, Sercu said, adding that it is
best to contact financial institutions directly before trusting
e-mail.
“If it looks funny, it probably is. And if there’s
any question, call,” Sercu said. “That goes for any
financial institution, not only us.”
Contact UCU at (310) 477-6628.