Stay Alert!

Stay Alert! Watch Out for Phishing!

Please remember that we will never e-mail or call you asking for updated information. Identity thieves have new tricks up their sleeves, and Extra Credit Union wants to make sure you’re aware of them and know how to protect yourself.

This type of scam is called “phishing,” which refers to a technique where phony e-mails are sent to consumers asking for personal information. These messages often look authentic, even displaying a copied logo of the company they’re impersonating, and ask e-mail recipients to “verify” personal information or account numbers. They then capture this information and use it to commit fraud.

These messages are often sent at random to a large number of e-mail addresses, which the thieves hope will reach at least some people who actually have an account at the bank or credit union they are impersonating and will take the bait. Often, they use tactics like claiming there is a problem with your account or that you will be entered to win a prize for responding.

In addition to phishing, some thieves now even "spoof" legitimate Web sites by creating fake sites to get people to enter personal information that they can then capture. Again, sometimes these can look sophisticated and feature a copied logo of the company. Consumers may be directed to a spoofed Web site from a phishing e-mail or the site may be set up at a Web address similar to the actual URL.

Please be aware that these are scams, and remember that Extra Credit Union will NEVER e-mail or call you seeking account numbers or passwords. Your financial institution already has your information on file and will only ask for it to verify your identity when you initiate a call or e-mail us. If you receive an e-mail asking you to visit a special Web site to enter personal information, we urge you not to respond.

New Phishing Scam

Digital Insight, our home banking platform, has informed us of a phishing scam that is using their name to trick users into giving away private information, such as passwords or financial information. If a user receives a suspicious email they are strongly encouraged to disregard it. This scam targets users by sending emails that appear to be from an official Digital Insight source (for example, “Digital Insight Customer Care,” “Digital Insight Administration,” etc.), and is designed to trick the recipient into clicking a link in the e-mail for the purpose of acquiring sensitive data, such as passwords or financial information.

Please remember that neither Extra Credit Union, nor our trusted partners, will call or email you seeking passwords or account information. Please see the email below for a fraudulent example. If you have any questions or concerns, please call to speak to a credit union representative at (586) 276-3000.

Users are advised to NEVER click links to install programs suggested in emails, even if the email appears to be from an official or familiar source. We will never send members emails containing links to download software or applications.

-- Sample Phishing Email --

From: "customer-care@digitalinsight.com" <administration@digitallnsight.com>
Date: July 16, 2008
To: <name>
Subject: Attention - Important Notification!

Dear Administrator,

We inform you that your account is about to expire. It is strongly recommended to update it immediately. However, failure to confirm your records may result in account suspension.

-- End --

The email described above is not from Digital Insight. Users should be advised to immediately delete emails such as these, and be careful not to take the actions requested.

If you have questions about this, or wish to report what you believe to be a phishing incident, please contact us at (586) 276-3000.