Phishing is an attempt, via e-mail, text or phone, to steal personal identity data and financial account information for the purpose of committing fraud. The e-mail may ask the receiver to “update”, “validate” or “confirm” account information, including passwords or personal identification numbers (PINs). Some may threaten that an account will be closed or a card will be disabled. More recently, text messages claiming that the victim's card has been blocked or deactivated have been sent and they ask the victim to call a phone number. The e-mail addresses and phone numbers of the victims are not obtained from Heartland Credit Union itself but from external sources, or just randomly created.
Heartland Credit Union works diligently to close down each of the sources of these phishing e-mails and text messages as they are identified. Unfortunately, it may take several days to identify the source and shut down the originator, who may then quickly move to another internet site and continue to operate. Many scams are unable to be traced.
Embedded within a phishing email is a link to a spoofed website. The spoofed website appears to be exactly like the credit union's legitimate website. Once the member is redirected to the spoofed website, the scam phishing e-mail asks the member to fill in required information to keep his/her credit/debit cards or online banking active. The spoofed website asks for name, account number, card numbers and other sensitive account information.
Because the spoofed websites have a very authentic appearance, members are giving up their credit and debit card information, including PINs. Within minutes of a member responding to a phishing e-mail, there are fraudulent transactions on the credit and debit card accounts.