New Online Scams Target Wisconsin's Two Million Credit Union Members

A new "phishing" scam aims to prey on members of credit unions which have more than two million members in Wisconsin. Several members of a Wisconsin credit union received an email questionnaire recently that prompted them to "take part in a quick and easy 5 question survey" and offered to credit $100 to member accounts for doing so. Following the questions, members were prompted for personal information -- including account numbers and passwords. The message appeared to be generated by the credit union's online services department.

Though the credit union alerted its members upon discovering the scam, it is unclear how many individuals may have fallen victim to this growing form of identity theft.

"No credit union -- or any credit union-affiliated organization -- would ever send an email like this asking its members for personal information," says Brett Thompson, President and CEO of The Wisconsin Credit Union League, the trade association for more than 270 credit unions in the state.

Thompson adds, however, that this new spin on "phishing" -- where con artists use mass messages like emails or advertisements to elicit personal information -- has been particularly effective in other situations.

"It plays on people's desire to get something free -- in this case, cash -- for relatively little effort. It's not surprising many people react quickly to what they see," Thompson says.

Similar "questionnaire" scams, he adds, have been reported by credit union members in Illinois and Minnesota.

Consumers who are concerned they may have received this solicitation should contact their credit union as well as the Federal Trade Commission or 1-877-IDTHEFT.

The Wisconsin Credit Union League offers the following tips to avoid phishing:

• Don't trust links provided in email messages. Even if the web and email address mentioned in a solicitation appear to match the official URL of the credit union, the link may actually redirect to a spoofed site. To ensure a site is legitimate, always type the Web address yourself and bookmark a link in your browser for future use.
• Seek security first. When you're on a site you trust, look for a padlock icon on the browser's status bar -- the bottom bar of the viewing screen -- not in the content of the webpage. Or, ensure theweb address begins with "https" before submitting personal information.
• Avoid providing account numbers and passwords via telephone or email. It's generally not a good idea to discuss account information in phone or email conversations. If someone who contacts you asks sensitive questions, say you will call them back (using their phone number as listed) or stop in.
• Use anti-virus software and keep it updated. Updated computer security -- including a firewall -- can protect you from accepting fraudulent files and alert you to unsafe or unsecured Internet transactions. Download free software patches to maximize protection.
• Review your statements. Track your monthly transactions to ensure there aren't any unauthorized charges to your account.
• If it sounds too good to be true, it usually is. If you receive a message that offers a reward or promotion, check it out carefully before responding.