This e-mail went out this afternoon to CalPERS' employees:
From: Hofer, Sheri
Sent: Thursday, June 04, 2009 2:36 PM To: Exchange Users, All Subject: Security Bulletin - Scam Involving Golden 1 Credit Union
Phishing, Vishing, and Smishing are examples of blended threats using social engineering techniques; perfectly camouflaged to look like something else - something familiar - until they strike. The California Office of Information Security has issued the following advisory for all employees regarding the latest scam involving the Golden 1 Credit Union.
The California Office of Information Security has received reports that a new scam is currently being used to obtain individual's personal financial information through a social engineering technique. Social engineering is an approach used to gain unauthorized access to or acquisition of information assets. This approach relies on misrepresentation and the trusting nature of individuals, and is often carried out through the use of phishing telephone calls or email. A phishing telephone call or phishing email may sound or look as though it comes from an organization you do business with, such as a bank or government entity, but they are generally from a scammer trying to obtain your personal information under false pretenses.
This particular scam is being carried out by telephone as follows:
An individual leaves a message on an employee's work phone number, stating they are with the Golden 1 Credit Union. In this scam, the message states that the targeted person's credit and/or debit card has been temporarily suspended and instructs them to push "1" to reach security. Do not push "1". If you push "1", a second recording will ask you put your card number. DO NOT PUT IN YOUR CARD NUMBER!!!!
The following are general practices to avoid becoming a victim of these types of scams:
· Do not respond to unsolicited (spam) e-mail. Simply delete it.
· Be skeptical of individuals representing themselves as officials soliciting personal information via e-mail, telephone or other means.
· Do not click on links contained within an unsolicited e-mail.
· Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
· Validate the legitimacy of the organization by directly accessing the organization's website rather than following an alleged link to the site.
· Do not provide personal or financial information to anyone who solicits information.
The Golden 1 Credit Union has been made aware of this scam. Additional information from Golden 1 Credit Union regarding fraud is available on their website at: https://www.golden1.com/privacysecurity/phonefraud.aspx
The California Office of Information Security (COIS) has also published a monthly newsletter on Social Engineering released in April 2008 which discusses the various attack methods, and ways individuals can defend themselves against these types of attacks. The newsletter is accessible on the COIS website at: http://www.oispp.ca.gov/government/library/documents/April2008.doc .
Caland Security Office