FOR IMMEDIATE RELEASE Media contact: Mike Corwin, 541-714-4286 mcorwin@osufederal.com E-mail scam in progress: OSU Federal alerts members, community to phishing attack using its identity Corvallis, Oregon—OSU Federal, Your Community Credit Union, is taking measures to eliminate an e-mail scam that is in progress using the credit union’s logo and a fake web site to capture private financial information. OSU Federal does not make it a practice to initiate requests for members or non-members information via the Internet. To date, this e-mail scam seems to target faculty, students, and staff of Oregon State University. The Credit Union contacted University officials upon learning of the phishing scam. The University contact indicated this is not the first time a financial institution has been a target directed at individuals connected to Oregon State University. This is the first instance of the Credit Union being the specific target. The credit union is working with a security firm to eliminate the scam e-mail and trace its source. Recommendations to victims 1. Anyone who clicked on the link in the e-mail and logged in to the fake web site should call OSU Federal at 800-732-0173 for assistance. 2. Attacks of this type on financial institutions are more and more common. Delete...hang up...shred—that's what anyone should do when they receive e-mail, phone calls, or direct mail asking for private or financial information. Fraud perpetrators try to trick people into believing that their requests for personal financial information are legitimate. Requests for information will seem legitimate, with very real, authentic- D:\401252171.doc Page 1 of 3 FOR IMMEDIATE RELEASE Media contact: Mike Corwin, 541-714-4286 mcorwin@osufederal.com looking logos, typeface, and letterhead. Scare tactics will be used, such as "act now or your account will be closed." The smart move is to delete such e-mail or shred similar printed materials without responding. What is phishing? Phishers send phony e-mails disguised as legitimate communications from financial institutions or other organizations to gain access to sensitive information that can then be used to access funds from a consumer's account. As many as 12% of consumers are fooled by e-mail and other types of phishing scams, which have become an increasingly widespread and costly type of social engineering, according to a recent Financial Crimes Enforcement Network (FINCEN) report. The agency said phishing is the "most pervasive and most effective manner" used to illegally access a financial institution's computer systems. SAMPLE of the e-mail scam using OSU Federal identity From: Oregon State University Federal Credit Union [mailto:service@osufederal.com] Sent: Thursday, December 15, 2005 7:11 AM Subject: Security Measures ! {OSU FCU LOGO} Dear Oregon State University Federal Credit Union Member, We recently reviewed your account, and suspect that your Oregon State University Federal Credit Union Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your account and of the Oregon State University Federal Credit Union network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take the following steps to ensure that your account has not been compromised: D:\401252171.doc Page 2 of 3 FOR IMMEDIATE RELEASE Media contact: Mike Corwin, 541-714-4286 mcorwin@osufederal.com 1. Login to your University of Oregon State University Federal Credit Union Internet Banking account. In case you are not enrolled for Internet Banking, you will have to fill in all the required information, including your name and you account number. 2. Review your recent account history for any unauthorized withdrawals or deposits, and check you account profile to make sure not changes have been made. If any unauthorized activity has taken place on your account, report this to Oregon State University Federal Credit Union Bank staff immediately. To get started, please click the link below: http://www.osufederal.com/onlineservice/onlinebanking.com <http://xxxxxxxxxx/mrtg/s49.lanxtra.com/index.htm> We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire Oregon State University Federal Credit Union Bank system. Thank you for attention to this matter. Sincerely, The Oregon State University Federal Credit Union Team Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Oregon State University Federal Credit Union Bank account and choose the "Help" link in the header of any page. END of SAMPLE of e-mail scam using OSU Federal identity #### D:\401252171.doc Page 3 of 3