60 NDFCU members affected by scam
Marcela Berrios | Wednesday, September 5, 2007
More than 60 Notre Dame Federal Credit Union (NDFCU) accounts may have been compromised as a result of a multi-part e-mail scam Friday, NDFCU President Leo Ditchcreek said Tuesday.
The NDFCU information technology (IT) team tracked the origin of the fraudulent e-mails – which rerouted users to a counterfeit NDFCU Web site that asked for their debit card numbers and security codes, among other sensitive information – to the Netherlands, Ditchcreek said.
The scammers may never be found, he said.
“Unfortunately in these cases, it’s almost impossible to track down the criminals, especially at the international level,” Ditchcreek said. “Nine out of 10 times you’ll never discover the identity of the fraudsters, and that’s very frustrating for the law enforcers and the victims, but sadly, it would cost too much to launch a search abroad.”
Over 60 NDFCU members have contacted the credit union to freeze their accounts after receiving one or more e-mails from an unknown scammer masquerading as the NDFCU.
Ditchcreek said the first wave of e-mails asked users to click on a link and fill out a survey for the NDFCU. A pop-up window asked them to enter their member number and password.
A different e-mail informed members their online access to their accounts had been limited until they reviewed and confirmed their information. A link on the e-mail directed them to a site where they could enter their user name and password, Ditchcreek said.
After the NDFCU learned of these e-mails Friday, a warning was posted on the credit union’s homepage.
“If you have received an e-mail message that appears to have originated from Notre Dame Federal Credit Union telling you that ‘your access has been limited’ or asking you to participate in a survey, please do not click on any links that ask for your personal information,” the warning said.
Late Friday, a second wave of fraudulent e-mails capitalized on the warning and the members’ fear by telling them the credit union had noticed “one or more unsuccessful attempts to log in to your Online Banking Account on 08/31/2007 from a foreign IP address.”
The e-mail – from an address that appeared to users as email@example.com – told users to sign in to the credit union’s secure server by clicking on the attached link and review their accounts. The link directed them to a non-NDFCU Web site designed to look exactly like the NDFCU homepage, but it lacked the warning.
The credit union’s IT staff tracked the e-mails and the Web site to the Netherlands Saturday, Ditchcreek said, but it was unable to contact the illegitimate site’s service providers abroad during the weekend. The Web site was shut down Monday morning after the credit union was able to report it to the service provider, Ditchcreek said.
By Monday morning, however, more than 60 customers had viewed the site and entered their banking information. Ditchcreek said at least five customers who gave the scammers their debit and credit card information were facing transactions that added up to more than $2,000.
These costs, however, would not fall on the customers, Ditchcreek said.
“Besides the costs of reissuing more than 60 debit cards – which is fairly nominal – the credit union will also have to absorb those couple of thousands of dollars,” he said. “Thankfully, the losses are not as large as they could be, but it’s still money that we will lose to this hoax. But of course the member doesn’t take the financial loss in these cases.”
Ditchcreek said the scammers may have used the information they obtained from the credit union members to fabricate ATM cards and withdraw the cash abroad.
He said he did not have an estimate of the total loss the NDFCU would have to absorb, because he expected more customers would contact the credit union in the coming days. He encouraged customers to review their accounts and transaction and report any suspicious activity immediately.
Senior Zach Labrecque was among the students who received the second-wave e-mail and gave his debit card number, security code and expiration date to the fraudsters.
“I checked my e-mail Saturday morning and didn’t stop to think too much about it,” he said. “But as soon as I hit ‘Enter’ I realized banks don’t need to ask for this information because they already have it.”
He immediately tried to contact the NDFCU to put a red flag on his debit card – but he was told that couldn’t happen since the card wasn’t physically stolen. He also tried to freeze the account but that was not possible either since it was a football Saturday and Labor Day weekend, and the credit union branches were closed.
Labrecque said he preferred to transfer all the money in his NDFCU account to a different bank rather than wait until Monday to freeze the funds.
“I know how these scams work,” he said. “I noticed the different URL and the strange nature of the information requests a minute too late, but I was definitively surprised to see how difficult it was for me to block the account.”
Ditchcreek said the NDFCU’s priority during the weekend was shutting off the illegitimate Web site.
He said he did not know how the fraudsters obtained the e-mail list, but the customers who filed reports to the credit union Monday were not all students.
“We don’t know what e-mail list was used or how they got it, but it wasn’t just students,” he said. “The general public, members and non-members alike, also received the e-mails.”