Phishers try to reel in [Lockheed] credit union accounts

Phishers recently cast yet another net. This time the con artists hoped to bait people who hold accounts with Lockheed Federal Credit Union. As with all phishing scams, the culprits send out spoof e-mails to the masses - whether or not they were LFCU account holders.

The intent: To trick at least some e-mail recipients into revealing their personal information - checking or savings account numbers, credit card numbers, Social Security numbers and other data that could be used to steal money from the unsuspecting victims.

That's the bad news. The good news: Through quick action on Friday afternoon representatives from LFCU traced the source of the fake e-mails to Germany and are blocking the site.

"At Lockheed Federal Credit Union the greatest responsability to our customers is the safekeeping of confidential information you have entrusted to us and using it in a responsable manner."

Both the words "responsibility" and "responsible" are spelled incorrectly, a telltale sign of a fraudulent message. The notice also contains some other misspelled words and grammatical errors typically found in phishing scams.

One glaring clue: The message asks recipients to "confirm your online account" information.

Dave Styler, the president and chief executive officer for LFCU; Andrea Carpenter, first vice president of marketing for the credit union; and Judy Boswell, the branch service manager at the Palmdale site, concurred that the organization would never seek any account information via an unsolicited e-mail.

They emphasized that any request to confirm online account information is definitely bogus.

Another tipoff: The phisher asks that the e-mail recipient expedite the response "with no delay."

Lisa Scates, senior public safety officer with the Business Watch Program for the city of Palmdale, advises people to watch out for any e-mails that seek a rapid response.

Scates conducts quarterly seminars to educate residents on the wiles of fraud artists. She focuses much of her material on identity theft and phishing scams. She explained that con artists want their targets to respond immediately because they usually shut down the fake Web sites within a couple of days to avoid being tracked by law-enforcement officials.

The final indicator is in the link contained in the body of the e-mail. Scates and other law enforcement fraud experts caution potential victims to never click on those links, even if they look official.

Clicking on a link contained within a phisher's bogus e-mail often launches spyware that can harvest personal information from victims' computers, law-enforcement authorities say.

In the recent credit union e-mail, the link read: https://www.lockheedfcu.org/login.htm.

"We didn't send that out," she said, despite the fact that the sender used the name of the credit union's assistant vice president of security to sign off with "best regards."

"They're getting more sophisticated," Styler said. "If only they could learn to spell."

Styler said LFCU has embarked on a campaign to educate its account holders. If the public is better informed, he said, criminal activity could be curtailed.

"We've also been worried about such an attack, specifically in the Palmdale area, since our members do constitute a large percent of the population in the Antelope Valley," the president and CEO said.

Although the credit union is a separate entity from Lockheed Martin Aerospace Corp. at Plant 42, many aerospace workers have accounts at the facility because of its convenient location.

Dianne Knippel, director of communications at Lockheed Martin, said she would alert employees to keep on the lookout for spoof e-mails.

Meanwhile, the LFCU Web site contains information on the subject of online fraud, with prevention tips such as "never respond to an unsolicited e-mail" and "do not open attachments." It also provides links for reporting instances of spam and identity theft.

Financial institutions claim they will never ask for your account information via unsolicited email. However, Schwab sends me notification of online statements and provide a url link to their site where I can pick up the information. Naturally, this link will take me to a page where I must logon and provide my ACCOUNT INFORMATION!

Wake up folks! Do NOT use links from any unsolicited email. I get official looking email in my Lotus Notes account where the link displayed by Lotus looks correct. However, if you examine the HTML source code being sent, the actual address is bogus.

If you are notified of a problem or offer or information via email where you think it might be legitimate, then (1) close the email [analog to "step away from the gun", (2) open your favorite web browser, (3) navigate to the site using the bookmarks that you put in place, (4) finally, when you arrive at the site, take a quick glance at the http address in the address bar to verify that it looks legitimate [there have been virus attacks where the bookmarks have been hijacked].

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.