In May 2010, a phishing site was observed to be spoofing a credit union that provides financial services to members of the U.S. Defense Department and their family members. The defense forces covered by the credit union include the Army, Marine Corps, Navy, and Air Force. The services are provided to their customers even after they retire from the armed forces or join some other organization. Further, those who have joined the credit union can have the membership services extend to their family members. The brand has now grown to serve millions of customers across the U.S.
The phishing site states that the customer’s login has been locked because of several failed login attempts. The page further states that the customer needs to fill in a form with certain sensitive information to unlock the login. The sensitive information includes social security number, credit card details, date of birth, mother’s maiden name, and details of the account’s joint owner. The page also includes a fake CAPTCHA that accepts data irrespective of the number entered. When the sensitive information is entered, the phishing site states that the customer’s password is unlocked for logging in. The page is then redirected to the legitimate site.
The phishing site was hosted on an IP-based domain (IP-based URLs look like this - http://255.255.255.255/) based on servers in Taiwan. Variants of the phishing URL have been utilized to spoof other brands as well.
Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
• Do not click on suspicious links in email messages.
• Check the URL of the website and make sure that it belongs to the brand.
• Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.
• Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing.