FOR IMMEDIATE RELEASE
Media contact: Mike Corwin, 541-714-4286
mcorwin@osufederal.com
E-mail scam in progress:
OSU Federal alerts members,
community to phishing
attack using its identity
Corvallis, Oregon—OSU Federal, Your Community Credit Union, is taking
measures to eliminate an e-mail scam that is in progress using the credit union’s
logo and a fake web site to capture private financial information. OSU Federal
does not make it a practice to initiate requests for members or non-members
information via the Internet.
To date, this e-mail scam seems to target faculty, students, and staff of
Oregon State University. The Credit Union contacted University officials upon
learning of the phishing scam. The University contact indicated this is not the first
time a financial institution has been a target directed at individuals connected to
Oregon State University. This is the first instance of the Credit Union being the
specific target.
The credit union is working with a security firm to eliminate the scam e-mail
and trace its source.
Recommendations to victims
1. Anyone who clicked on the link in the e-mail and logged in to the fake
web site should call OSU Federal at 800-732-0173 for assistance.
2. Attacks of this type on financial institutions are more and more
common. Delete...hang up...shred—that's what anyone should do when
they receive e-mail, phone calls, or direct mail asking for private or
financial information. Fraud perpetrators try to trick people into believing
that their requests for personal financial information are legitimate.
Requests for information will seem legitimate, with very real, authentic-
D:\401252171.doc
Page 1 of 3
FOR IMMEDIATE RELEASE
Media contact: Mike Corwin, 541-714-4286
mcorwin@osufederal.com
looking logos, typeface, and letterhead. Scare tactics will be used, such
as "act now or your account will be closed." The smart move is to delete
such e-mail or shred similar printed materials without responding.
What is phishing?
Phishers send phony e-mails disguised as legitimate communications from
financial institutions or other organizations to gain access to sensitive information
that can then be used to access funds from a consumer's account. As many as
12% of consumers are fooled by e-mail and other types of phishing scams, which
have become an increasingly widespread and costly type of social engineering,
according to a recent Financial Crimes Enforcement Network (FINCEN) report.
The agency said phishing is the "most pervasive and most effective manner" used
to illegally access a financial institution's computer systems.
SAMPLE of the e-mail scam using OSU Federal identity
From: Oregon State University Federal Credit Union [mailto:service@osufederal.com]
Sent: Thursday, December 15, 2005 7:11 AM
Subject: Security Measures !
{OSU FCU LOGO}
Dear Oregon State University Federal Credit Union Member,
We recently reviewed your account, and suspect that your Oregon State University
Federal Credit Union Internet Banking account may have been accessed by an
unauthorized third party.
Protecting the security of your account and of the Oregon State University Federal Credit
Union network is our primary concern. Therefore, as a preventative measure, we have
temporarily limited access to sensitive account features.
To restore your account access, please take the following steps to ensure that your account
has not been compromised:
D:\401252171.doc
Page 2 of 3
FOR IMMEDIATE RELEASE
Media contact: Mike Corwin, 541-714-4286
mcorwin@osufederal.com
1. Login to your University of Oregon State University Federal Credit Union Internet
Banking account. In case you are not enrolled for Internet Banking, you will have to fill in
all the required information, including your name and you account number.
2. Review your recent account history for any unauthorized withdrawals or deposits, and
check you account profile to make sure not changes have been made. If any unauthorized
activity has taken place on your account, report this to Oregon State University Federal
Credit Union Bank staff immediately.
To get started, please click the link below:
http://www.osufederal.com/onlineservice/onlinebanking.com
<http://xxxxxxxxxx/mrtg/s49.lanxtra.com/index.htm>
We apologize for any inconvenience this may cause, and appreciate your assistance in
helping us maintain the integrity of the entire Oregon State University Federal Credit
Union Bank system. Thank you for attention to this matter.
Sincerely,
The Oregon State University Federal Credit Union Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For
assistance, log in to your Oregon State University Federal Credit Union Bank account and
choose the "Help" link in the header of any page.
END of SAMPLE of e-mail scam using OSU Federal identity
####
D:\401252171.doc
Page 3 of 3