What are Phishing and Pharming?

Phishing attacks use both social engineering and technical subterfuge to steal consumer's personal identity data and financial account credentials. Social engineering schemes use "spoofed" emails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers, and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.


How to avoid Phishing Scams

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving your personal financial information over the Internet.


  • Be suspicious of any email with urgent request for personal financial information
    a Phishers typically include upsetting or exciting statements in their emails to get people to react immediately
    a They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc.
    a Phishers emails are typically NOT personalized , while valid messages from your bank or e-commerce company generally are
  • Don't use the links in an email to get to any web page, if you suspect the message might not be authentic
    a Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser
  • Avoid filling out forms in email messages that ask for personal financial information
    a You should only communicate information such as credit card numbers or account information via a secure website or the telephone
  • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
    a To make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar-it should be https:// rather than just http://.
  • Consider installing a Web browser tool bar to help protect you from known phishing fraud websites.
  • Regularly Log into your on-line accounts.
  • Regularly check your bank, credit and debit care statements to ensure that all transactions are legitimate.
    a If anything suspicious, contact your bank and card issuers immediately!
  • Ensure that your browser is up to date and security patches applied.
    a In particular, people who use the Microsoft Internet Explorer browser should immediately go to the Microsoft Security home page at http://www. Microsoft.com/security/ to download a special patch relating to certain phishing schemes.

Please remember the Cincinnati Police Federal Credit Union and anyone associated with the Credit Union will not contact members asking for personal information. Anyone who receives an e-mail or phone call asking for account information should consider it to be a fraudulent attempt to obtain personal account data for illegal purposes and should not follow the instructions. Please contact the Credit Union with any questions.