Log In | Subscribe | | |

Credit union scam

BIScom Subsection: 
Author: 
CoNet Administrator

A spam purporting to be for "Richard White" a customer of the Main Savings Federal Credit Union has arrived. It tells him that he has collected more than 15,000 "CURewards points". And it wants him to log into a website for one of several different options.

The website isn't specified because the criminals behind this apparent spear-fishing attempt (which fails because there's no one hear called Richard White) have used a mailing service called Digital Intersection which as part of its tracking system uses an opaque link in the mail to a page on its own website with a token to identify whoever clicks on a link in the spam e-mail. The IP address is shewn as 129.33.240.194. That IP address is a dedicated IP address for IBM registered in Chicago. The "from" address is reported as an address at curewards.com . digitalintersection.com is a designated sender from that IP address. It is clear that Digital Intersection is a legitimate business which has at least one customer using its system to commit fraud. We should make it clear that the technique which leads to opaque links is extremely common in mailing list systems. But common only means that it widens the potential pool of victims where mails are fraudulent.

The mail is heavily dependent upon HTML to obscure its true purpose.

Subject: Your CURewards Statement is Ready. Explore your options!

The target is users of Credit Unions and the rewards points they offer. The scam is to say that the target has built up a lot of points and that the company has recently added a variety of new things for which points can be redeemed. CURewards seems to be a legitimate operation but it plays into the hands of the spammers - when one enters the URL, the browser goes immediately to a log-in page that even offers a re-registration facility. In the wrong hands, such an approach is a phisherman's dream. It is only by clicking onto another link within that page that any information, at all, about the organisation can be accessed. In fact, nothing about the website allayed our concerns that it is a data collection scheme. That is not to say that actually is but it just feels wrong. Has the site been hijacked? We don't know.

There is no criticism of Main Savings Federal Credit Union who appear to be the unknowing hook for this fraud and, perhaps eventually, also a victim of it.

The spam-scam says "Don’t forget to use your Maine Savings Federal Credit Union Card and watch your points continue to add up!"

We'll pass. And if you've any sense, so will you, even if you do have such a card, until you can be certain that the entire thing - from your card to the rewards scheme - is safe. It would be a good idea to check directly with your credit union - and probably to use email filters to block future mail from digitalintersection.com due to the inclusion of opaque links which prevent recipients knowing where they will be taken if they were to click it. .

---------------- Advertising ----------------

Spear phishing is one of the topics covered in our e-learning course for young people.
The course is designed to help them identify and avoid a wide range of harms including county lines, on-line abuse and people trafficking.

--------------------------------------

hahagotcha