Phishing – Example 1 “Gesa Credit Union”

1. What is phishing?
2. “Gesa Credit Union” phishing example
3. protecting yourself

1. What is phishing?

Phishing is when bad guys try to steal your personal information* using fake emails and Internet sites. For example you may receive an email seemingly from your bank asking you to log on to confirm your personal information. The email looks official and grabs your attention. But it is a trap. The Internet link they so helpfully provide actually takes you to their bogus web site and when you type in personal information they capture it. Next they can raid your account or steal your identity.

2. “Gesa Credit Union” phishing example

Everyone is vulnerable to phishing – both customers receiving these bogus emails and financial institutions getting attacked. I am using this email example because I received it recently and it makes a good study. Not singling out Gesa Credit Union.


Here is the email I received in my Hotmail account. At first glance it looks official. It looks like my credit union is trying to warn me about some irregularity.

In reality this is a phishing scam trying to steal from me – my money, my identity.

The main thing to know is that no financial institution will initiate the conversation and ask you for personal information in an email, at a web site or on the telephone.

That said, what are the warning signs in this email?


There are a lot of red flags in this email suggesting that it is not valid.

The first big red flag is – I don’t have an account at Gesa Credit Union.

The email itself has a lot of clues that it is not for real (the numbers refer to the picture) –

1. Your ISP, email system, email client or spam filter may flag the message or contents as trouble.

2. The company name is repeated. A reputable company email would not have obvious mistakes.

3. The return address is obviously wrong. The returen address should be the company that sent the email.

4. The email system has flaged this message “This message may be a phishing scam.”

5. The To: field is blank. A company that I do business with on the Internet would know my email address.

6. A graphic has been blocked. May be a simple blocking by the email system.

7. Grammmer errors. A reputable company email will not have grammer errors.

8. Formatting errors. A reputable company email will not have formatting errors.

9. The Internet links. When you hover your mouse over a link, down at the botom of the window, the task bar shows the URL, the actual Internet web address of the link**. A reputable company would have a simple URL to their web site. A URL that is odd or points to a web site that is not the company’s is suspect.

In this case hovering over the link they want you to follow we see the web URL is
http://201.31.61.3/icons/www.gesacreditunion.com/index.html
which just does not look right.

A URL with mixed numeric IP address and another web address is not standard and suspect. Real URLs are domain names and sometimes with a path attached. Let’s investigate further.

The ownership of the IP address can be checked using www.arin.net
In this case ARIN sent me to whois.lacnic.net and the owner and location of this IP is in Brazil. This is suspicous that a small credit union in Washington state would use a location in Brazil for customer service.

Included in this oddly formed URL is www.gesacreditunion.com. Surfing to this address reveals that the credit union does not use this URL.

This URL is highly suspicous and most likely a phishing attempt.

3. protecting yourself

To protect yourself, the most important thing is Knowledge!

Don’t give out personal information unless you are sure who you are talking to.

If someone asks you for information by unsolicited, by email, web site or telephone don’t give it.


Technology can help protect us – the ISP, email provider, email system, anti-malware, spam filters, appliances, proxies and firewalls can stop or flag potential phishing and spam email.

This picture shows Hotmail caught this phishing message and flaged it.

But the bottom line is you – recognize theft attempts and don’t give up your personal info unless you are really sure who is getting it.

Notes:

1. Search. If you suspect a scam, type the info into a search engine. I typed “gesa phishing” into a search engine and got a lot of hits. The Gesa Credit Union has been the victim of several scams well documented.

2. Consult with your local nerd. I suggest www.markdigital.com

* Personal information: data like your name, account number, account username, account password, social security number, credit card number, date of expiration, date of birth, mother’s maiden name, pet’s name, etc.

** To see the URL when you hover your mouse over a link, you need your browser’s status bar enabled. Enable it in Tools > Toolbars > check Status Bar.

Leave a Reply

Your email address will not be published. Required fields are marked *