Accounts and Passwords, Email, Security

Franklin Mint Federal Credit Union Phishing Emails

On occasion, Swarthmore College email users are subjected to focused phishing attacks appearing to originate from the Franklin Mint Federal Credit Union. Phishing involves sending a bogus email, appearing to originate from a legitimate source, which attempts to get the recipient to click on a malicious URL. Phishing emails typically try to steal a user’s logon credentials, or other private information, by getting them to enter information into a malicious site that can look exactly like the authentic site. These emails rely on social engineering to mislead, cause panic, and/or coerce the user into thinking the email is legitimate.

According to the Franklin Mint Federal Credit Union (FMFCU) web site, they promise to never ask users for personal account information via email. Additionally, emails from FMFCU’s general address (e.g., eservices@eservices.fmfcu.org, e-statements@eservices.fmfcu.org, etc.) will contain a unique Email Key (at the bottom of their email) in a format like: B341F6AD-E44D-4F41-9237-78AEC1181D50

Although, nothing prevents a determined phisher from forging a similar key, you can verify the validity of a received email key by calling the FMFCU Member Service Center at 610-325-5100. You can also send FMFCU emails that you believe involve phishing to abuse@fmfcu.org

In general, when reading any emails, never click directly on any web links. It’s always best to manually retype the URL address into your browser. If you’re not sure whether an email is legitimate, it’s always safer to call the sending organization directly. Also, be aware that email “From” addresses can be easily forged so never rely on them to determine the true origination.

Additional information related to FMFCU and Phishing can be found at:

http://www.fmfcu.org/security/phishingprevention.htm

http://www.fmfcu.org/security/emailinfo.htm

The FMFCU also maintains a “library” of phishing attacks at:

http://www.fmfcu.org/security/phishinglibrary.htm

A great site for additional information on Phishing can be found at the Anti-Phishing Working Group’s web page:

http://www.antiphishing.org/