Realistic phish causes flood of calls

MADISON, Wis. (6/7/06)--Some phishes swimming the web waters are so realistic that even well-informed recipients have trouble distinguishing whether they are legitimate. The Credit Union National Association (CUNA) is alerting readers to one that is especially convincing.

The phish purports to be from CUNA, Visa, and MasterCard. It claims that because of a recent phishing attack and identity theft, CUNA and the card companies have temporarily deactivated the recipient's debit card tied to a credit union account.

It then asks the recipient to "reactivate" the debit card at the CUNA website and specifies separate links depending on whether the card is from Visa or MasterCard. Of course, the phish asks for the card number, a ploy to gather information that possibly could be used for identity theft or fraudulent transactions.

"It's another 'spin' on phishing, and it's convincing enough that we have had a dozen calls this morning from consumers," said Dorothy Steffens, CUNA's vice president of web services, Tuesday. "At least they are beginning to question the messages before they reply," she said.

The phish, addressed to "Dear Credit Union National Association Member," also says there is "no need to call us in response to a phone message we've left in the last three days unless you see any transactions you don't recognize." It then says that if there are problems to call the customer service number on the back of the debit card.

CUNA warns recipients that it would never send an e-mail about a credit card deactivation and would never ask for personal information such as card numbers in an unsolicited e-mail. Recipients should not click on the links in the message. Instead, they should delete the message.