Jordy Blog

I recently read about this amazing report detailing a phishing scam which targeted users of a relatively small credit union used by many Utahns, including myself. This scam was unique because even though it targeted such a small group of people, it used a “Secure Sockets Layer (SSL) encryption certificate issued by a division of the credit reporting bureau Equifax”, which is really above and beyond the call of most phishing scammers. The fact that they were able to get an SSL certificate represents some pretty fundamental security flaws.

I love my credit union, but I’m a little alarmed that it didn’t issue warnings to any of its users. More alarming is the fact that the only email that seems to address any security threats is (in fact) not really from Mountain America. Entitled “Identity Theft Education”, it is yet another phishing scam. The full text is here:

Identity Theft Education

Dear Customer,
Mountain America Credit Union is standing up for our members by offering ID theft education, resolution, monitoring and prevention services.

We’re serious about security.

Ten million U.S. citizens are victimized every year by identity theft.
Mountain America Credit Union is dedicated in keeping your personal information protected.
Now, we’re offering one of the nation’s premier identity theft resolution services, powered by Identity Theft 911.
We provide this service FREE to every member who has a checking account or a Mountain America Credit Union Visa® Credit Card.

Signup is easy, secure and free.

Activate your call-if® profile now to take advantage of our service.
To enroll for the upgraded identity theft prevention service, click here.

Thank you
Mountain America Credit Union. Security Center.

Copyright 2006 Mountain America Credit Union. All Rights Reserved.

I removed the link so as not to lend any additional Google Juice, but if you’ve received the email, hover your mouse over the link and you should see that it links to mtnameriica.org, rather than the correct website. It’s dangerous because even careful people who check the links before clicking may blend the letters in their head like I did. Luckily, the text was poorly written enough that I double checked the link, but I think a lot of people might fall for this sort of thing. The email address spoofing and registered trademark symbols do make it somewhat convincing.

If you know anyone that uses Mountain America Credit Union, please let them know to be extra careful.

If you liked this post, you may want to subscribe to my RSS feed. Thanks for visiting!

Tags: Business, Identy Theft, MACU, Mountain America Credit Union, Phishing, SSL, Technology, Utah

"Mountain America Phishing Scams" was posted on Monday, March 6th, 2006 and is filed under Business, Technology, Utah.