Recently i received an email to my Cornell account with a scam using CFCU. CFCU stands for Community Credit Union, which is one of the local banks in Ithaca serving the Tompkins & Cortland counties of NY State. The email looked like a typical bank security scam:
Dear Valued Member:
We recently noticed one or more unsuccessfull attempts to log in to your Internet Banking Account on 09/1/2007 from a foreign IP address.
At CFCU Community Credit Union we care about your security so, for your protection we are proactively notifying you of this activity.
The unsuccessfull log in attempts may have been initiated by you. However, if you did not initiate the logins, please sign in to our secure server at internetbanking.mycfcu.com and review your account (s) for any irregular activity. If you do not recognize any transactions, please contact us immediately at (607) 257-8500.
CFCU Community Credit Union
This e-mail may contain confidential information and is for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and delete the e-mail and any attachments from your computer. Personal e-mails are restricted by CFCU Community Credit Union policy. CFCU Community Credit Union specifically disclaims any responsibility or liability for any personal information, or opinions of the author, expressed in this e-mail. Although CFCU Community Credit Union takes reasonable precautions to ensure no viruses are present in e-mail, it will not be liable for any loss or damage arising from the use of this e-mail or attachments.
I really liked the disclaimer at the end, but that is not the main point. Usually i delete these emails without reading, but this time i decided to see what it actually looks like. The link in the email takes you to a third party URL based, i think in Netherlands (you can click it), that resembles the actual CFCU login webpage:
Here you can see the original.
I entered some random characters for the ID and the PW, which took me to the following page:
The fun part is that when you try entering random characters in the fields, they do not allow you doing that. They actually demand the right amount of digits for the credit card number, pin, expiration date, etc. When you enter all the data they take you to the login page on the original website after, of course, collecting all your info.
I find it really interesting. First, it seems like fishing frauds become personalized. CFCU is a rather small and local bank. Yet, the people behind the scam knew to send it to Cornelians, who are located in the same area. I am used to see this kind of spam arriving under the names of Bank of America or other huge institutions, but coming from such a small entity as CFCU actually triggered my curiosity to check it out. Second, there is a degree of sophistication there. The email came from firstname.lastname@example.org and the actual URL was disguised, which is a step forward compared to the regular spammers who do not even bother to hide their Yahoo emails. Also, the set of restrictions on data entry was impressive. Not in the technological sense, but in a sense that it actually was there (maybe it is a standard feature in this kind of fraud, but i am not familiar with that enough). Third, it made me thinking about the “new media” literacy issue for there must be people who are falling for this kind of fraud, even though it is a rather basic form of it.