Symantec reports that a phishing site spoofing a credit union that provides financial services to service members is yet another example of online scams. The phishing site states the customerâs login has been locked because of several failed login attempts. The page then prompts the user to fill in a form to unlock the login, with information including Social Security number, credit card details, date of birth, motherâs maiden name, and details of the accountâs joint owner.
When the information is entered, the phishing site states the customerâs password is unlocked for logging in. The page then redirects to the legitimate site.
According to Symantec, the phishing site was hosted on an IP-based domain based on servers in Taiwan. Other variants of the phishing URL have been used to spoof other brands as well.