DUBLIN, Ohio (8/21/08)--Phishing and vishing are "running rampant" in Ohio, with "people all over the state receiving messages" Tuesday and Wednesday purporting to be from three credit unions, says the Ohio Credit Union League. "We've taken dozens of calls from credit unions saying they're getting a ton of calls from their members," said Katie Walton, director of member communications at the league. The league has taken measures to assist the three credit unions: Credit Union of Ohio and CME FCU, both based in the Columbus area, and Superior CU, based in Lima. Both members and nonmembers received the calls. The messages were sent by e-mails, text messages, and auto-dialers leaving messages on consumers' answering machines. They claim the recipient's account has been suspended for suspicious activity. They provide a toll free number, but recipients who call the number get an automated answer that asks for debit-card and credit-card account information. "Some members submitted information such as their account numbers," Walton told News Now
Tuesday. Credit unions have put a hold on those accounts. "The credit unions leapt to action to inform their members about the scam," Walton said. "The league is doing some legwork in case it reoccurs or continues to develop," she added. "We have an advisory for credit unions set up on our website, ohiocreditunions.org," Walton said. The league helped alert its members and notified the press. An article appeared in Wednesday's The Columbus Dispatch
warning of the phishing scam and providing information for consumers about the attacks. The league also contacted the Federal Trade Commission, the Federal Bureau of Investigation, the National Credit Union Administration, and the Ohio Attorney General's office. The league's advice to credit unions in similar situations:
* Send an immediate alert to members and the media. * Call the credit union's regulator and insurer. * Try to determine the phone carrier of the suspicious phone number using a reverse search Web site, such as www.411.com. Ask the carrier to investigate and shut down the number.
Some companies, such as Perimeter, a CUNA Strategic Services provider, can conduct the take downs for the credit union. (For more information, use the resource link.) Also, credit unions are using their websites to educate members about how they will communicate with them. In essence, they're saying, "don't trust any text messages or auto dialers. Contact the credit union from a number that's different from the one listed in the message, such as the number listed on their statement." "It's important that credit unions regularly communicate with their members," Walton said. See "What should CUs do when members are phished?" in News Now's
System section, for procedures to follow when phishing and other attacks occur.