• Home
  • Products & Services
  • Membership
  • Apply Online
  • Convenience Services
Fraud & Security Resources


Online Fraud

"Phishing" is an e-mail which looks just like it came from a company or enterprise with which you are familiar. It may include the company's name, logo, and even wording from the company's website. In many cases, it also includes a convincing message explaining why you need to log in and verify your account information.

The e-mail being sent to you is fake - meant to lure you to a website that doesn't belong to the company at all. It is simply a vehicle used to steal personal identifying information about you. Identifying information may include your user name, password, debit and credit card numbers, or account number.

If you fall into the trap and enter your log-in name and password on this fake webpage, the thief may use your log-in information and make transactions on your account. By knowing how to identify a phishing attack e-mail, you'll protect your account and personal information. US Federal Credit Union will never ask you via e-mail to verify account information. We will never use e-mail to threaten account closure. Please know this, as one defense against phishing.

Warning Signs
Be aware of any e-mail that asks you to log in to your account, verify your account, or provide any other identity information. Be wary no matter what reason is given, and no matter how convincing the e-mail may be.

Follow these simple rules below to avoid phishing scams.

  • Don't click on any links within an e-mail asking you to access your account or to verify PIN numbers, passwords or other sensitive information.

  • If you get an e-mail that appears to be from your credit union asking you to log-in or for other information, immediately contact us and report the incident. Be prepared to forward a copy of the message to them for review if requested to do so.

  • If you or someone in your family mistakenly follows a link and provides sensitive information, immediately call 1 800-345-2733 or (952) 736-5000 so we can monitor your account or change your account number.

  • Remember, the thief copies text and images from credit union websites to make the e-mails look authentic and fool people into divulging sensitive information.

  • Never give out your personal or account log-in information after following a link from an e-mail, even as "identity verification" for a contest. Attackers frequently use such tactics to lure you into giving up identifying information.

  • Delete suspicious email messages without opening them. If you do open a suspicious email message, do not open any attachments or click any links.

  • Install and regularly update virus protection software.

  • Keep your computer operating system and web browser current.

Phishing vs. Pharming
Phishing requires victims to voluntarily visit a criminal's website; pharming simply redirects victims to fraudulent websites without assistance. Pharming subverts a basic service of the Internet known as the 'Domain Name Service,' or 'DNS.' Each machine connected to the Internet knows the location of one or more DNS servers. This service translates a human-friendly URL name such as www.usfed.org into an IP address, which is a unique number that has been assigned to each web server on the Internet.

To execute pharming, suspects first must gain access to the DNS server used by many people, such as the server of an ISP. Once accessed, the suspect will replace the IP number for the financial institution's URL with the IP number of his or her fraudulent website. When this occurs, any person using that DNS server will be redirected, silently, to the fraudulent website. Pharming requires either an unpatched software/server vulnerability to exist on the DNS server itself, or the criminal needs an insider at the ISP or financial institution to make unauthorized DNS server changes. This is rare.

Please be assured that US Federal Credit Union manages and updates its DNS server's software to maintain a high level of security. We maintain the highest standards; our customers are protected from pharming that would result from a compromise of our DNS server.

How to report 'Phishing'
We suggest reporting "phishing" or "spoofed" emails to the following groups:

  • Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")

  • When forwarding phishing messages, always include the entire original email with its original header information intact 
     

NCUA Equal Housing Lender
blank