ANCHORAGE, Alaska (KTUU) — Alaska's Attorney General is warning Alaskans of a phishing campaign attempting to steal the usernames and passwords of Alaska USA Federal Credit Union members.
According to the Attorney General Kevin Clarkson's office, scammers are targeting Alaskans with text messages or emails claiming the recipient's account has been suspended.
The phishing texts and emails include a web link for users to click on, claiming it will reactivate their account.
Users will then be asked to enter their username and password.
"The text message or email may look legitimate, but it is not," a release from Clarkson's office reads. "The scammers are trying to steal your money and your identity. Do not click on the link or provide any personal information."
In a statement Thursday, the Credit Union said the phishing campaign cast a wide net. "This particular campaign was targeting '907' area code phone numbers and there is no indication the perpetrator had any other information than an Alaska phone number," the statement said.
The Attorney General's warning includes three tips to help prevent Alaskans from falling victim to scammers:
- Alaska USA Federal Credit Union will never contact you by text message or email asking you to click a link to reactive your account
- If you receive an unexpected text message or email from any company asking you to click a link or provide login credentials, do not click the link or respond. Call the company at a publicly available and advertised phone number, or visit the company in person.
- If you have already responded to the Alaska USA phishing scam you should call the Alaska USA Member Service Center at (800) 525-9094, and visit Identitytheft.gov where you can report and recover from identity theft.
Alaska USA FCU does not currently support enhanced multi-factor authentication logins via text message or authentication apps — an added layer of security which could prevent unauthorized logins before they happen.
The bank does offer an optional authentication method allowing members to use biometric ID features of their mobile devices to access their accounts in lieu of entering a Personal Access Code. However, it's not clear from Alaska USA FCU documentation whether the biometric feature would actually prevent unauthorized logins.
The Alaska USA Federal Credit Union website includes a section about phishing detailing the common signs of phishing attempts:
- Look for misspellings and other typographical anomalies - although this clue is less common now that crooks have gotten more sophisticated.
- Before you log in to any secure site, check to make sure the lock or key icon is displayed in your browser. These symbols indicate that the page you are using will encrypt data sent from your computer. Most spoofed websites are located on servers that do not display this icon (although some are now getting tricky and hoping to fool you by incorporating the lock or key imagery into the web page itself).
- Confirm the web address (URL) in the location bar of your browser before entering confidential information. It should begin with "https."
Thursday, Alaska USA said the company "employs safeguards to protect its members and systems and we utilize monitoring services to identify and take down fraudulent phishing sites and/or mobile apps."
The company says to contact its 24/7 Member Service Center or email firstname.lastname@example.org if you've received a suspicious message.
In the release from the Department of Law, Clarkson says citizens have to practice vigilance in safeguarding their own personal data.
“Scammers are good at mimicking trusted businesses," Clarkson says. "We all have to be vigilant in protecting our personal information, and in reporting suspected scams to the authorities.”
Anyone with concerns or information about scams is urged to contact the Department of Law Consumer Protection office at 907-269-5200 or online.
Copyright 2020 KTUU. All rights reserved.