Phishers Steal Funds From Y-12 FCUMembers

OAK RIDGE, Tenn. - (01/12/06) -- Internet phishers convinced membersat Y-12 FCU to give out their account numbers and PINs this weekwhich were used to steal at least $70,000 from member accounts. Thephishers apparently found a security hole in the Microsoft WindowsMetafile, which allowed them to break into websites all over theworld, including Y-12's. The hole was discovered on December 27 andpatched on January 8, according to Chris Smith, spokesman for the$365 million credit union. The fraud allowed the hackers,apparently located overseas, to used credit card numbers and PINsthey obtained to manufacture their own cards and use them towithdraw cash at ATMs in foreign countries, including Pakistain.Transaction records at the credit union show that the informationwas stolen and the accounts accessed between 7 pm and 8:30 pmMonday, when the credit union discovered the activity and took thewebsite down. “There was about a 90-minute window for them todo damage,” Smith told The Credit Union Journal. At least 17members reported their accounts had been compromised.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER