Consumer Fraud Reporting
National Credit Union
Reporting on the Latest Frauds, Scams, Fake Lotteries, Spams and Hoaxes

Home GovernmentAgencies Recognize a scam Report a Scam If you are scammed Prevent scams Free Publications Recommended Feedback to CFR Glossary Search
 

Up

Recommended:
books

Recommended
AV product:

Phishing and Vishing Identity Theft Scams
The National Credit Union Administration Email Scam

From: "National Credit Union Adminstration" < uqqixk@cox.net
Subject: Important Notification Regarding your Credit Union Profile

You may have received an email like the one below that looks very authentic, like it came from National Credit Union Administration, or a phone call about the same subject. It is an attempt you get you to enter confidential information (typically a social security number, name, address, bank account information, etc., to allow the scammers to steal your identity and open credit cards in your name.

The email version typically asks recipients to click on a link to confirm, verify or approve financial account information. If the recipient proceeds, the link directs them to a false website to verify or re-submit confidential information such as account and credit card numbers, Social Security number, password, and personal identification number, or  to complete a member satisfaction survey and receive $80.

This email was not sent by National Credit Union Administration; National Credit Union Administration is a victim as well. This is referred to as "phishing" (when by email) or "vishing" (when by telephone). If you receive an email similar to the one below, DO NOT click on the link, and do not enter any information on the forms there.

The website that the link leads to is a spoof; a fake website, not created by National Credit Union Administration. It goes to a fake website, not National Credit Union Administration! When you enter the information they ask for, you will simply be handing the thieves the keys to your bank accounts.  That is how spoofing, phishing and vishing works. See this page for more alerts at the NCUA website.

A variant, “vishing” uses telephone systems. A vishing scam occurs when a consumer receives a recorded message telling them a credit card and/or financial institution account has been breached and to immediately call a number provided in the message. The phone number leads the consumer to a fraudulent call center where people are asked to supply or verify pertinent financial account, social security or credit card information.

NCUA does not ask credit unions members for personal information. Anyone who receives an supposed e-mail or phone call from NCUA that asks for account information should consider it a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail or phone call.

Anytime you need to go to a website for your bank, credit card companies or other personal, financial or confidential information; do not follow a link in an email; just type their address in your browser directly (such as http://www.ncua.gov )

Below are actual phishing emails that started circulating in early 2008. We have put a warning over the links to the phisher's website. Notice the misspelling of "administration" and the return email address.

Message heading from the scammer:

From: "National Credit Union Adminstration" < uqqixk@cox.net >   

Subject: Important Notification Regarding your Credit Union Profile

Date: Thu, 24 Apr 2008 19:52:28 +0300

Email from the victim:

They are wanting me to submit information about my account.  Telling me someone or me has used my account at different locations.  I do NOT have an account with this company.  Ask me to confim online account gave this web link. https://www.ncua.gov/administration/auth/Authorize?=Submit

When you go to it, they ask for credit card information

What to do

If you inadvertently respond and provide confidential account information, please notify your credit union immediately. You should change affected accounts and PINs, and take any additional action recommended by your credit union to protect your account.

If you feel that you have received a fraudulent NCUA phishing e-mail, please forward the entire e-mail message to Phishing@ncua.gov

Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center. 

For more information about phishing, see this page.

Copyright CFR 2005, 2006, 2007, 2008  - Definition of scam, fraud, etc.Legal disclaimer / corrections / complaints 
Names used by scammers in the examples on this page and others often belong to real people and businesses who often have no knowledge of nor connection to the scammer's use of their name and information.  Sample scam emails and other documents are copies of the scam to help potential victims recognize and avoid it.  You should presume that any names used and presented here in a scam are either fictitious or used without their legitimate owner's permission.
Email us at: