Category Archives: Phishing

Phishing Alert: 07/06/09

Emails and text messages that claim to come from Allegius Credit Union are rampant in Northwest Indiana right now. In fact, several REGIONAL employees have received these over the past two weeks.

Of course, not everyone who gets one of these messages is a member of Allegius, in which case it’s easy to see through the phishing attempt, like a few years ago when I received a phishing message that claimed to be from a credit union in Hawaii. However, Allegius does have a lot of members, and that’s what the criminals are counting on.

For example, let’s say they sent 100,000 emails, and 5,000 of those people are members. If only 1% of those people fall for it, they’ve got 50 account numbers, PINs, and probably some other information as well. That’s more than enough to do some serious damage and drain a lot of money from victim’s accounts.

I’m pasting the text of these email messages below. I don’t have an example of the text message version of this scam, but it essentially said the same thing: “your account has been suspended, please go to this site and log in.”

Your financial institution will never contact you in this way regarding account security. If you receive such messages, delete them immediately. Never click a link inside an email message of this nature, as it will take you to a website designed to appear legitimate, but set up for the sole purpose of stealing your information.

Example #1:

Subject: You have 1 new ALERT message

You have 1 new ALERT message
Please login into your Allegius Credit Union
account !
To Login, please click the link below:

Click Here

Copyright © 1998-2009 Allegius Credit Union All Rights Reserved.

Example #2:

Subject: Important Security Information

Dear Member,

Your It’s Me 247 Online Banking account has been locked temporarily due to many unsuccessful login attempts.

You are kindly advised to Login to It’s Me 247 Online Banking and follow the instructions on your screen.

The data submitted will be transmitted over an SSL encrypted connection (128 bit Secure Socket Layer).

The line about SSL encryption in the second message is a cute touch. Yet another attempt to make the message seem realistic. You might also think the phrase “You are kindly advised” seems a little off. It doesn’t seem like a phrase a financial institution would use, does it? It has a weird, “translated” aroma to it. Since a lot of these scams originate overseas, that’s probably not far from the truth.