Internet/E-Mail Fraud Alert
Recently, there have been multiple e-mail fraud attempts, known as "Phishing”,
that were initiated via e-mail sent to both the general public and to some
credit union members that appeared to be from NCUA. This false e-mail asked
for the recipient to click on a link to verify their credit union account
registration. If the recipient proceeded to do so, the link directed them to
a false website and asked for their credit union account number and PIN,
along with other personal information.
NCUA does not ask credit unions members for such personal information.
Anyone who receives an e-mail that purports to be from NCUA and asks for
account information should consider it to be a fraudulent attempt to obtain
their personal account data for an illegal purpose and should not follow the
instructions in the e-mail.
If you responded to such an e-mail and provided any confidential account
information, please notify your credit union immediately of the scheme. You
should also change your account’s PIN, and take any additional action
recommended by your credit union to protect your account.
If you feel that you have received a fraudulent phishing e-mail
purportedly from NCUA please forward the entire e-mail message to
Additionally, you can file formal complaints concerning any suspected
fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at
The IFCC is a partnership between the
Federal Bureau of Investigation, and the National White Collar Crime
Reminder: Carolina Cooperative Credit Union will never ask for your Credit
Card Number or
Debit Card Number and pin number for Internet Banking authentication
Beware of unsolicited email with links to fake sites or surveys that request
your Debit Card or Credit Card numbers and Passwords. These are fraudulent
"phishing" schemes designed to obtain your personal financial information.
Many of these fraud sites use official looking logos. Call us at
1-800-726-8901. You may also call your local branch office for more
Please help us fight fraud by reporting any "phishing" schemes or
fraudulent web sites immediately.
10 WAYS TO
RECOGNIZE FAKE (SPOOF) EMAILS
- Generic greetings. Many spoof
emails begin with a general greeting, such as: "Dear PayPal member." If
you do not see your first and last name, be suspicious and do not click on
any links or button.
- A fake sender's address. A spoof
email may include a forged email address in the "From" field. This field
is easily altered.
- A false sense of urgency. Many
spoof emails try to deceive you with the threat that your account is in
jeopardy if you don't update it ASAP. They may also state that an
unauthorized transaction has recently occurred on your account, or claim
PayPal is updating its accounts and needs information fast.
- Fake links. Always check where a
link is going before you click. Move your mouse over it and look at the
URL in your browser or email status bar. A fraudulent link is dangerous.
If you click on one, it could:
- Direct you to a spoof website that tries to collect your personal
- Install spyware on your system. Spyware is an application that can
enable a hacker to monitor your actions and steal any passwords or
credit card numbers you type online.
- Cause you to download a virus that could disable your computer.
- Emails that appear to be websites.
Some emails will look like a website in order to get you to enter personal
information. PayPal never asks for personal information in an email.
- Deceptive URLs. Only enter your
PayPal password on PayPal pages. These begin with https://www.paypal.com/
- If you see an @ sign in the middle of a URL, there's a good chance
this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
- Even if a URL contains the word "PayPal," it may not be a PayPal
site. Examples of deceptive URLs include: www.paypalsecure.com,
www.paypa1.com, www.secure-paypal.com, and www.paypalnet.com.
- Always log in to PayPal by opening a new web browser and typing in
the following: https://www.paypal.com/
- Never log in to PayPal from a link in an email
- Misspellings and bad grammar. Spoof
emails often contain misspellings, incorrect grammar, missing words, and
gaps in logic. Mistakes also help fraudsters avoid spam filters.
- Unsafe sites. The term "https"
should always precede any website address where you enter personal
information. The "s" stands for secure. If you don't see "https," you're
not in a secure web session, and you should not enter data.
- Pop-up boxes. PayPal will never use
a pop-up box in an email as pop-ups are not secure.
- Attachments. Like fake links,
attachments are frequently used in spoof emails and are dangerous. Never
click on an attachment. It could cause you to download spyware or a virus.
PayPal will never email you an attachment or a software update to install
on your computer.
If you receive a spoof email, forward the entire email - including the
header information - to us at: firstname.lastname@example.org,
then delete it from your mailbox. Please note that the automatic response
you get from us may not address you by name.
*Although this information
comes from Paypal.com please be aware that these criminals also use other
companies names to do their dirty work. (i.e.Amazon, Citibank, E-Bay)