Card skimmers at gas pumps, phone calls from phony law enforcement agencies, fraudulent ATM card readers, IRS phone scams — everywhere you turn these days it seems someone wants to victimize you and get rich quick off your good name and information or empty your account of your hard-earned money.
Last week, Whatcom Educational Credit Union members received an email warning that a phishing scam is targeting WECU members. According to the email, a fraudulent email asked members to verify their account information via a “secured link,” but the link directed them to a fraudulent website for the purpose of stealing valuable account information.
“WECU will never ask you to log into online banking via an email link,” the warning read. “We do not and will not call, email or text you and ask for confidential or financial information. Do not respond to requests of this nature and contact us immediately at 800-525-8703 if you feel you may have become a victim of a scam.”
A follow-up release from WECU program manager for public relations and content Keith Mader said some members of WECU were targeted by the fraudulent phishing email, though the exact number is not known.
Lt. Claudia Murphy said the Bellingham Police have received one report on that specific phishing email scam this month, and Undersheriff Jeff Parks said the Whatcom County Sheriff’s Office is familiar with the scam but had not received any complaints from potential victims as of late last week.
“The WECU alert email is legitimate,” Murphy said. “There is a phishing scam going on in Whatcom County, where WECU members and non-members are getting phishing email asking them to verify their account information.”
According to the release from Mader, “phishing” comes from the analogy that internet scammers get a list of potential victims and use email lures to “fish” for passwords and financial data. Some of the email recipients last week weren’t even WECU members. As in fishing, phishers hope to hook a few unsuspecting victims.
The WECU phishing scam occurred at 2 p.m. on Aug. 22, Mader said, and WECU quickly invoked its incident response plan, convened its crisis response team and alerted members to the scam in approximately 2 1/2 hours. The fraudulent websites were identified and removed from the internet within approximately four hours.
WECU member data was not compromised during the event, according to the release, but it serves as a reminder for everyone — WECU member or not — to remain vigilant.
“We continue to see instances where folks do get caught by these due to the mass distribution of these scams over every channel,” Parks said. “I think that there are always a few that get sucked in, which is unfortunate, and most are untraceable when it comes to enforcement.”
According to the WECU release, the credit union had already taken several steps before last week’s phishing attempts to keep its members safe, including:
▪ Publishing articles on its website with tips on how members can protect themselves from various types of cybercrime. Mader said WECU had published an article about phishing the week before last week’s scam attempt.
▪ Hiring an experienced information security officer to help provide more insight into protecting member security.
▪ Working to finalize implementation of an added layer of security that will ask members “out of wallet” questions when they access banking information from a new device.
▪ Collaborating with other credit unions to share information about digital fraud prevention.
“Information security has always been a focus for WECU,” Chief Information Officer Jack Ingram said in the release. “We owe it to our members to do everything we can to stay one step ahead of the fraudsters. It can be a challenge, but we are committed to doing all we can to minimize the potential impact on our membership.”
Protecting yourself from phishing attempts
Lt. Claudia Murphy of the Bellingham Police Department and Undersheriff Jeff Parks of the Whatcom County Sheriff’s Office offered these tips to help protect yourself from phishing scams:
▪ Be wary: “Credit Unions and banks will never ask you to verify your online banking information via an email,” Murphy said. “The best advice is to carefully inspect all emails, not to open any links and to remember that banks and credit unions do not ask for verification of account information via email.”
▪ Talk to your bank: “If you are suspicious and worried that the bank wants you to update or verify your account, call them to make sure it is a legitimate request – you will find out it is not,” Murphy said.
▪ Protect yourself: “Never give out your personal/financial information and do not respond to unsolicited email requests to go to sites and fill in information,” Parks said.