Fishy – Phish Emails

We see it all too often – news of hackers, scams, and data breaches, all in an effort to steal our personal and financial information. As consumers, we must always be vigilant when it comes to protecting this important information. At HCFCU, security of member information is of utmost importance. In addition, we strive to provide helpful security tips, fraud prevention information, and the latest scams to be on the lookout for. Fraudsters use many techniques to try to gain access to our personal information. Continue reading for some of the latest attempts.

DocuSign, a leader in obtaining digital signatures, recently notified users that a sub-system was hacked. Although HCFCU does not utilize DocuSign for our eSign program, many companies you receive documents from may. Fortunately, only email addresses were obtained from this hack, as DocuSign stated in a post, “No Content or any customer documents sent through DocuSign’s eSignature system was accessed…”. This is reassuring, however, fraudsters can now send these newly obtained email addresses a phishing attempt using DocuSign’s logo, or they can use those email addresses to match with personal data taken or leaked elsewhere to build an identity that includes an individual’s online habits. If you were not expecting a document for eSignature and you receive an e-mail indicating you have a document ready – proceed with caution! (See below for additional tips.)

The WannaCry ransomware was also recently in news, it locks down a users computer data until a ransom is paid to have it released. This can also occur when you download attachments from unknown individuals or from seemingly safe sites, or when you click links within an email from a fraudster.

Phishing emails are sometimes easy to spot because they use an email sent from a similar domain, contain misspellings within the email, or provide web addresses that are not familiar. Some of the recent subject lines used in phishing attempts are, “Accounting Invoice”, “Document Ready for Signature”, “Invoice Copy” and “Verify Documents”. These emails can come with an attachment, embedded image, or fishy links. An individual can use other subject lines, familiar contact names, or subject matter to send you a fake email in hopes of you downloading or clicking away your information. Eventually, scammers learn what individuals are not falling for and they continue to evolve and become harder to detect.

If you are ever concerned with one of our emails, call us or email us! We will gladly tell you if we sent something out. If you ever receive something ‘fishy’, it is a good practice to contact the business directly about the email. Use contact information from their website or using an email address you have used before. Phishing mailers usually disguise the sender’s email address to come from a familiar person’s name, but when you hit reply, a different email appears. This email address contains a different domain or ending.

We’ve included some examples below:

Good/Familiar Bad – Fishy
Hcfcu@hcfcu.com info@hcfcu3.com3 / hcfcu@hcfcu.cu / admin@hcfcu.uk
cuatwork@hcfcu.com cu@work.com / cuatwk@hcfcu.org / cuatwork@hcfcu.co
Customercare18923 Newcustomercaree18923
Familiar Name (email@domain.com) Familiar Name (3mail@d.domain.com)

Keep your eyes and ears open for signs of fishy looking emails or tricks to obtain your information. Sometimes the emails are sent to simply collect your email login credentials or a password to another site. The fraudsters then can access your information and attempt to use the same password or passwords on other sites. It is also a good practice to use different passwords for different site types, never write down your passwords or store them in an email.

For more on DocuSign hack check out Forbes article, and PC World article.

Click here to download a sheet of online best practices.