Credit Union Email: Phishing or Not?

The Credit Union recommends we practice “Safe Computing” with this helpful advice (clicky for more dots):

HVFCU - Safe Computing - sketchy URL
HVFCU – Safe Computing – sketchy URL

The link leading to that page was on their website, but the page is on, whoever they are. Should I trust the links on that page to return me to the credit union site or not?

Here’s their definition of “phishing”:

HVFCU - Phishing description
HVFCU – Phishing description

Having just switched to “paperless statements” at the Credit Union, a recent email prompted me to look at my statement. Let’s start by seeing where the email came from:

HVFCU - Statement email - From address
HVFCU – Statement email – From address


It claims to be from the credit union, but does its actual address (insofar as anything concerning email can be actual) of sound a little phishy to you, too?

Well, let’s look at the full headers, which I can do because, yo, 1337 H4X0R. Here’s a snippet from the bottom of the stack:

HVFCU - Email detail header
HVFCU – Email detail header


So the email started from and bankshotted off Further up, the headers show it rattled through and eventually arrived in my inbox. As far as I can tell, it never touched its alleged starting point of at any point in its journey.

Quick: phish or no phish?

Of course, it’s a perfectly innocent message from the credit union, but it contains every single warning sign we’re supposed to notice in spam or phishing emails, complete with a clicky link!

[heavy sigh]

2 thoughts on “Credit Union Email: Phishing or Not?

    1. I might point ’em to this writeup, but, fer shure, that’s as far as it’ll go.

Comments are closed.