Members of the Army, Marine Corps, Navy and Air Force and their families have been targeted by a phishing attack that attempts to extract information linked to their credit union accounts.
Symantec reports that a phishing site spoofing a credit union that provides financial services to service members is yet another example of online scams. The phishing site states the customer’s login has been locked because of several failed login attempts. The page then prompts the user to fill in a form to unlock the login, with information including Social Security number, credit card details, date of birth, mother’s maiden name, and details of the account’s joint owner.
When the information is entered, the phishing site states the customer’s password is unlocked for logging in. The page then redirects to the legitimate site.
According to Symantec, the phishing site was hosted on an IP-based domain based on servers in Taiwan. Other variants of the phishing URL have been used to spoof other brands as well.