• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Credential Phishing Attack Targets Navy Credit Union Accounts

Credential Phishing Attack Targets Navy Credit Union Accounts

2020-05-26 by Michelle Dvorak

Navy Credit Union Phishing

Hackers Impersonating US Navy Federal Credit Union to Steal Customer Accounts

Hackers have launched an email phishing campaign targeting US Navy Federal Credit Union account holders. The phishing emails impersonate official credit union communications. The messaging informs the user they have received a stimulus check and need to validate some information to accept the money. When the recipient follows the instructions in the hacker’s email, they are redirected to a malicious website that steals account information.  According to a report by email security company, Abnormal Security, this attack affects over 70,000 account holders.

The email sent on Office 365 by hackers impersonates the US Navy Federal Credit Union. The email is designed to trick the recipient into thinking it is an official email from their credit union. The body of the email states that the recipient is to receive an $1,100 dollars deposit as a so-called stimulus payment. The recipient should be immediately suspicious of this email since “stimulus payment” is not an official name for the Coronavirus Aid, Relief, and Economic Security (CARES) Act.

Chip Kohlweiler, US Navy Federal Credit Union Vice President of security, said in a statement: “We’re aware of the various ways fraudsters try to steal information, and our team is constantly taking steps to protect our members’ information and accounts. In addition, we regularly provide our members with tips on how they can avoid phishing scams. We encourage everyone to be wary of unsolicited messages and to follow best practices when it comes to email security.”

READ: Get a Free Credit Report for Military Service Members

The email urges the user to click on a link in the email to validate tehri credit union account to that they may receive the money. The link in the email is cloaked so hide the website name, If the user clicks on the link, they are sent to a spoof website that prompts them for account login credentials. The landing page is designed to trick the reader into thinking it is a legitimate Navy Credit Union website. When they enter their account details to supposedly validate the account, the information is sent to the hackers and their credit union account is now compromised.

US Navy Federal Credit Union Phishing Email Content

and states that the user has received $1,100 dollars due to the COVID-19 pandemic. The message claims that if the user has not received funds, they must validate their account with the link provided, which directs them to a phishing credentials webpage.

  • The recipient’s email address is in the BCC field. The “TO” field sends the email back to the sender
  • The mail greeting does not contain personalization – meaning it does use the recipient’s name in the first line

READ: Six Government Cyber Security Jobs for Veterans

How Can I Tell If a Navy Credit Union Email Is Fake?

  1. The official name of the program is, “economic impact payment”
  2. Although some call its stimulus check or stimulus money this is not an official phrase used by governmental agencies or banks
  3. The economic impact payment amount is $1200 per individual, not $100 as the phishing email states
  4. No bank or agency will contact you to inform you that you need to take action to receive your economic impact payment
  5. If you are eligible your payment will be direct deposited to your bank account. No action by you is needed to “accept” the money

How Can We Prevent Phishing?

Protect Yourself from Phishing Scams

  1. Be suspicious of all emails you receive, even if it the email appears to be from someone you know
  2. Keep in mind, hackers send emails using contacts names of your friends or companies you do business with
  3. Never click on any links in a suspicious email
  4. Do not open any attachments contained in a suspicious email. When in doubt call the sender first to verify they sent an attachment
  5. Do not follow instructions in any email to send sensitive information as a reply email or to go to a website to submit the data
  6. Use antimalware application to filter phishing emails and detect malicious websites.

Filed Under: News Tagged With: phishing

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version