Last week I received a email pretending to be from a credit union, in an email phishing attempt, which is insidiously credible. I can imagine that upwards of 90% of the population receiving this email would think that it legitimately came from their credit union. This email scam looks like a survey, from your credit union, where they are willing to pay you $100 for your opinion on a few simple questions. That sounds very much like something a credit union would do (well, okay, it’s a little bit too much to pay for a six question survey, but the most of the public doesn’t realize that.) Clicking the email takes you to a web page with the six easy questions. These questions LOOK legitimate… “Have you recently noticed changes to the speed at which our web site surfs? How would you rate our new banking system? Are you happy with the services we offer?”
Except for a few details, like the logo, and the fact that the amount being paid for your opinion is way too high, this email survey looks and smells very legitimate. Unfortunately, it will successfully fool many people. The scammers snare their prey immediately below the survey. The web page asks you for your account information so they can credit your account. They also ask you for your credit card number, CVV, expiration date, and PIN claiming that that is where they will credit your account. Very very sneaky! I know that many credit unions are trying to educate their members about phishing attacks like this. It’s just that I’ve never before seen one that was this cleverly convincing.