Who hasn't received a spam email saying their credit or debit card has been deactivated and the consumer needs to call the bank to straighten things out? Usually, that entails providing account numbers, user names and passwords, and other sensitive information.
And of course, it's not the bank that's requesting the information, but a criminal.
In the Pacific Northwest, Coulee Dam Federal Credit Union is the target of a phishing scam that attempts to disarm savvy consumers with a little honesty. The spam email informs the recipient their debit card has been deactivated and that they need to take action.
If the consumer doesn't have a CDFCU account, they are likely to see the email for what it is. But if you're one of the credit union's 11,980 members, you might be fooled. The scammer even includes a link in the email not to some bogus, look-alike site but to CDFCU's actual Web site.
To straighten everything out, the consumer is told to call a toll-free number. When you call the toll free number, you hear a generic message saying to leave a message at the tone. There is no request for you to provide sensitive information.
That may be because law enforcement can use such recordings in court as evidence of a fraud if the scammer is ever apprehended. The scammer, instead, needs a way to speak directly with the victim without the danger of being traced.
They do that by simply asking the caller to leave a message. Someone sincerely concerned about their debit card might leave their phone number. If they do, the scammer can call them back, using an untraceable phone, and obtain the sensitive information that could then be used to steal the victim's identity and clean our their bank account.
A spokeswoman for CDFCU told ConsumerAffairs.com that the credit union is aware of the scam and is currently working with investigators.
In the meantime, consumers should take the advice of security experts who say never to respond directly to any email that appears to request any sensitive information. If you're not sure, they say, call the bank by looking up the number in the telephone book, not by calling a number in an email.