May 1, 2008 - "At its official Web site*, the U.S. Treasury Department Federal Credit Union (TDFCU) makes known that its mission is “to serve the financial needs of our members as a safe and sound cooperative financial institution under sponsorship of the Department of the Treasury.” Its members include employees of the Treasury Department, Department of Homeland Security, U.S. Courts, and other similar companies & organizations in similar fields of government service. The TDFCU also has members who live, work, and do business with other similar governmental organizations located in Washington, D.C. Recently, the TrendLabs Content Security team came across the phishing URL:
hxxp ://220.127.116.11 /homepage /www .tdfcu .org/index .php
This loads a spoofed Web site that bears a close resemblance to the legitimate TDFCU’s online login page. This -bogus- site also lacks SSL security, as indicated by the absence of the lock icon in the status bar and the protocol used by the Web site... Like previous IRS-related phishing cases, this one could be targeting more high-profile personalities since members may belong to important government institutions (as mentioned in the beginning of this post).
The TDFCU reminds its members that it does not send out e-mail requesting that the recipient download information onto their computers. At the legitimate TDFCU website, they advise: “If you receive a request that appears to be from the Treasury Department Federal Credit Union with attachments requesting that you download information to your computer for security, DO NOT DO IT.”
Edited by AplusWebMaster, 01 May 2008 - 01:05 PM.