Navigate Up
Sign In
 Register / Login |
Enter your user name and password to sign in to your CU-XCHANGE® account.
Create a personalized
CU-XCHANGE® account to gain access to members only content. All employees and directors of member credit unions and regional centrals are welcome to join.
Forget your username / password?
 Home  |  Skip to Content  |  Contact Us  |  Careers  |  CUSOURCE 

This section contains information for credit unions and credit union members relating to online fraud.



Online Fraud: Phishing

Phishing – What is phishing?
Phishing, or ‘brand spoofing’ attacks use email messages and fraudulent websites that are designed to fool recipients into divulging personal and financial data such as credit card numbers, account usernames and passwords, SIN, etc. By hijacking the trusted brands of well-known financial institutions, government agencies, online retailers and/or credit card companies, phishers are able to convince some of the recipients to respond to them.
What should Internet users do about phishing schemes?
Internet users should follow three simple rules when they see email messages or websites that may be part of a phishing scheme: Stop, Look and Call.
1. Stop. Phishers typically include upsetting or exciting (but false) statements in their email messages with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before they take time to think through what they are doing. Internet users however, need to resist that impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.
2. Look. Internet users should look more closely at the claims made in the email. Think about whether those claims make sense, and be highly suspicious if the email asks for any items of personal information such as account numbers, usernames or passwords.
For example:
  • If the email indicates that it comes from a financial institution where you have a debit or credit card account, but tells you that you have to enter your account  information again, that makes no sense.
  • Legitimate financial institutions already have their customer’s account numbers in their records. Even if the email says a customer’s account is being terminated, the real financial institution will still have that customer’s account number and identifying information.
  • If the email says that you have won a prize or are entitled to receive some special “deal”, but asks for financial or personal data, there is good reason to be highly suspicious. Legitimate companies that want to give you a real prize don’t ask you for extensive amounts of personal and financial information before you’re entitled to receive the prize.
3. Call. If the email or website purports to be from a legitimate company or financial institution, Internet
users should call or email that company directly. Ask whether the email or website is really from that
company. To be sure that they are contacting the real company or institution where they have accounts, credit card account holders can call the toll-free customer numbers on the backs of their debit/credit cards. Financial institution customers can call the telephone numbers on their financial statements. Never call the number given in the email to confirm the contents validity as it will lead
to the criminals who sent the email and they will verify whatever was said.
Remember, never respond to a message from someone you don’t know and never click on a link in an unsolicited message, including instant messages.
If the phishing involves impersonation of Credit Union Central of Canada (Canadian Central), such as the following example, please forward the email to  If it involves your credit union, contact them directly as well as your local authorities, and report it to the Anti-Fraud Centre at
Dear CU Client,
We noticed that your credit union account was accessed from an unrecognized device and location in Quang Ngai,Vietnam,ASIA with IP:
We also noticed that the sum of $495.98 was transferred to an external account ending ****9811.
Due to this, your account has been blocked and your internet access disabled. You can restore your account access by clicking on the below link:
CLICK HERE TO RESTORE YOUR ACCOUNT If you were the one who initiated the transfer, you can chose to complete it after you might have restored your account.
Credit Union Canada.
Following is a list of the top words cybercriminals use to create a sense of urgency, to trick unsuspecting recipients into downloading malicious files. The top word category used to evade traditional IT security defenses in email-based attacks relates to express shipping, according to FireEye.
List of Keywords Cyber Criminals Used in 2011/2012

Urgent terms such as "notification" and "alert" are included in about 10 per cent of attacks. An example of a malicious attachment is ""
According to Ashar Aziz, founder and CEO, FireEye – an organization that is involved in cyber protection,  "Cybercriminals continue to evolve and refine their attack tactics to evade detection and use techniques that work. Spear phishing emails are on the rise because they work. Signature-based detection is ineffective against these constantly changing advanced attacks, so IT security departments need to add a layer of advanced threat protection to their security defenses."
Cybercriminals also tend to use finance-related words, such as the names of financial institutions and an associated transaction such as "Lloyds TSB - Login Form.html," and tax-related words, such as "" Travel and billing words including "American Airlines Ticket" and "invoice" are also popular spear phishing email attachment key words.
Targeted phishing emails are particularly effective as cybercriminals often use information from social networking sites to personalize emails and make them look mostly authentic. When unsuspecting users respond, they may inadvertently download malicious files or click on malicious links in the email, allowing criminal access to corporate networks and the potential exfiltration of intellectual property, customer information, and other valuable corporate assets.
FireEye highlights that cybercriminals primarily use zip files in order to hide malicious code, but also notes use of additional file types, including PDFs and executable files.