May1
10:21 am (UTC-7)   |   by Fatima Bancod (Fraud Analyst)

At its official Web site, the U.S. Treasury Department Federal Credit Union (TDFCU) makes known that its mission is “to serve the financial needs of our members as a safe and sound cooperative financial institution under sponsorship of the Department of the Treasury.”

Its members include employees of the Treasury Department, Department of Homeland Security, U.S. Courts, and other similar companies & organizations in similar fields of government service. The TDFCU also has members who live, work, and do business with other similar governmental organizations located in Washington, D.C.

Recently, the TrendLabs Content Security team came across the phishing URL:

http://75.145.112.12/homepage/www.tdfcu.org/index.php

This loads a spoofed Web site that bears a close resemblance to the legitimate TDFCU’s online login page. This bogus site also lacks SSL security, as indicated by the absence of the lock icon in the status bar and the protocol used by the Web site.

tdfcu

One obvious indication that this is a bogus website is that no attempt has been made to disguise the phishing URL in the address bar, so it is quite easy for a user to determine that the website is not legitimate.

The phishing site of course, also asks unwitting users for their IDs and passwords. After clicking the login button, the user will be redirected to a web page that prompts for information, which includes the Card Holder Name, e-Mail Address, Phone Number, Credit Card Number, Expiration Date, Code Verification Number, and ATM PIN.

tdfcu2

Of course, this site is now blocked by Trend Micro’s WCS (Web Classify Server).

Like previous IRS-related phishing cases (see our posts here and here), this one could be targeting more high-profile personalities since members may belong to important government institutions (as mentioned in the beginning of this post). The TDFCU reminds its members that it does not send out e-mail requesting that the recipient download information onto their computers.

At the legitimate TDFCU website, they advise: “If you receive a request that appears to be from the Treasury Department Federal Credit Union with attachments requesting that you download information to your computer for security, DO NOT DO IT.”

That’s always good advice.

Updated by Mayee Corpin (Technical Communications) & Paul Ferguson (Advanced Threats Research)

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Thursday, May 1st, 2008 at 10:21 am and is filed under Phishing . Responses are closed, but you can trackback from your own site.



Comments are closed.


Barefaced Cyber Crime
Google AdWords Phishing


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice