A phishing attempt to get University Credit Union account and
personal identification numbers from students and employees
yesterday was quickly halted Monday by the UCU’s Internet
security services.
In the fraudulent e-mail, recipients were requested to click on
a link that would then take them to the credit union’s Web
site, prompting them to enter their account and PIN.
After the attempt was discovered by the credit union’s
security services, which identified the Web site as fraudulently
using the company’s name, the site was shut down within
hours.
The UCU and most other businesses would never ask for a
consumer’s account and PIN or discuss account business
through e-mail, said Steve Sercu, vice president of the credit
union’s information services.
Sercu said any e-mail requesting sensitive information, such as
a social security number or bank PIN, should be seen as an
immediate tip-off that the e-mail is fraudulent.
Sercu recommended that anyone receiving the e-mails should not
respond to them and should report them to the credit union.
The obtained personal information is used to open credit
accounts, which are often quickly abandoned by criminals, leaving
behind a trail of unpaid bills and negative credit history for the
person whose identity was stolen.
User responsibility and education are the keys to preventing
identity theft through “phishing,” Bruin OnLine Manager
Jeff Baughn said.
This most recent phishing attempt, which tries to obtain
personal information through fraudulent e-mails, contained graphics
from the credit union’s Web site, which is not uncommon or
difficult to do, Sercu said.
Graphics and wording from actual Web sites are frequently used
in creating fraudulent ones, making it harder for e-mail recipients
to tell the difference.
The goal of phishing attempts is to make them very specific and
enticing in order to get as many people’s information as
possible, Sercu said.
For example, Monday’s e-mail appeared to be sent from a
William Robertson in the credit union’s online department,
but Sercu said no one by that name works there and there is no
specific online department that discusses business transactions
through e-mail.
Identity theft from phishing is a common occurrence and UCLA
students have fallen victim to the practice in the past, though no
reports had been filed regarding the recent attempt, said Nancy
Greenstein, director of university police’s community
services.
UCPD has a detective who specializes in computer crimes, though
he was unable to be reached for comment.
According to FirstGov for Consumers, a federal consumer Web
site, anyone who suspects they may be a victim of identity theft
should place a fraud alert on their consumer reports, close all
tampered accounts, file a report with the local police or the
police in the community where the theft took place, and file a
complaint with the Federal Trade Commission.
With reports from Derek Lipkin, Bruin senior staff.