Risk Alert: Phishing may increase following recent Data Breach
Credit Unions should be aware that following the data breach at Atlanta-based Global Payments Inc., phishing attacks targeting credit union and other financial institution members may increase. We are posting this warning notice, advising members of this potential threat. The upsurge in phishing may impact all members regardless of whose cards were compromised, as well as any other non-affected members.
Global Payments reported that the breach involved less than 1.5 million debit and credit cards for which Track 2 data may have been stolen. Track 2 data includes cardholder names, card numbers and validation codes; however, it is important to note that cardholder addresses and social security account numbers were not stolen in the breach.
Because the addresses and social security numbers were not accessed in the breach, criminals may be seeking this information in particular, through the use of phishing. We are alerting our members to be wary of any suspicious e-mails, text messages, or phone calls, seeking such personal and financial information. Sensitive information that may be requested in a phishing attempt could include the cardholder’s billing address, the three digit CVV2/CVC2 code, found on the back of the card, or enrollment criteria/passwords for Verified by Visa or MasterCard SecureCode.
Once this other information is added to the stolen Track 2 data, an criminal would be able to perform “card present” or “card not-present” transactions on an account.
Recommendations:
· Members should never respond to telephone calls, e-mails, or text messages requesting personal or financial information.
In the event a member reports contact that appears to constitute a phishing attempt, where personal information of the member has been compromised, the Credit Union will implement the following actions:
· Immediately suspend the Member’s credit/debit account by blocking the account for all transactions, and issue the Member a new credit/debit card number;
· Red Flag the Member's accounts and advise the Member to monitor their accounts closely and report any discrepancies to you;
· Encourage the Member to report such incident to the credit bureaus and order a current credit report;
· As with any online fraud attempt, encourage the Member to report the incident to the Federal Trade Commission and to file a complaint with the Internet Crime Complaint Center at www.ic3.gov.
