AG: Bank customers shouldn't take bait from phishers
Posted February 26, 2009
Updated March 9, 2009
Raleigh, N.C. — The North Carolina State Employees Credit Union warned its customers Thursday that text messages, purportedly from the company, are part of phishing scam.
The fake messages also went to members of the Local Government Federal Credit Union, which has 170,000 members in North Carolina, spokeswoman Erica Hinton said.
Some SECU members have gotten text messages telling them to call an 800 number, said Leigh Brady, senior vice president at SECU. When people call the number, they are asked to enter credit-card number and online credentials.
A message on SECU's Web site read: "This is a scam. This is not coming from SECU. We do not have any text addresses. Do not provide any information."
Anyone who gave out information over the 800 phone number should call SECU's call center immediately at 888-732-8562 or their local branch. LGFCU members can call 888-732-8562 and get their card blocked immediately.
Brady said the text messages appear to be part of a big scam targeting numbers in the 919 area code. SECU's call center has been slammed with people – including many who aren't its members – who got the text messages.
SECU officials said they believe the list of phone numbers came from one of their carriers, since people who aren't SECU members got the text messages also. The source of the breach, though, has not yet been determined.
Officials with the state Attorney General's Office said that SECU contacted them and the office is working with federal authorities to disable the toll-free number.
Attorney General Roy Cooper said the phishing scam is only the latest one to target North Carolinians. He issued tips to avoid falling for a phishing scam.
"Hard times make scammers even more creative. They will call you, e-mail you or even text message you to try to steal your information and your money," Cooper said. "Don't fall for these tricks."
Other phishing attempts have used calls, e-mails and Web sites and the names of a variety of banks – including Wachovia, Telco Credit Union and Fleet Bank – to try to get customers' personal account information. Often, the messages claim there's a problem or suspicious activity on an account and ask a victim to confirm that information.
Another popular scheme, Cooper said, uses e-mails to direct people to Web sites saying they are eligible for a tax refund from the Internal Revenue Service. The victims are asked for their bank account or credit card number.
“The IRS isn’t going to e-mail you for your personal information. Your bank and your credit card company already have your information and won’t call or e-mail you to ask for it,” Cooper warned. “No matter how real these messages sound or look, don’t take the bait.”