The Credit Union recommends we practice “Safe Computing” with this helpful advice (clicky for more dots):
The link leading to that page was on their website, but the page is on
trabian.com, whoever they are. Should I trust the links on that page to return me to the credit union site or not?
Here’s their definition of “phishing”:
Having just switched to “paperless statements” at the Credit Union, a recent email prompted me to look at my statement. Let’s start by seeing where the email came from:
It claims to be from the credit union, but does its actual address (insofar as anything concerning email can be actual) of
statement2web.com sound a little phishy to you, too?
Well, let’s look at the full headers, which I can do because, yo, 1337 H4X0R. Here’s a snippet from the bottom of the stack:
So the email started from
statement2web.com and bankshotted off
kbmla.com. Further up, the headers show it rattled through
pobox.com and eventually arrived in my inbox. As far as I can tell, it never touched its alleged starting point of
hvfcu.org at any point in its journey.
Quick: phish or no phish?
Of course, it’s a perfectly innocent message from the credit union, but it contains every single warning sign we’re supposed to notice in spam or phishing emails, complete with a clicky link!
2 thoughts on “Credit Union Email: Phishing or Not?”
And when you report this to them, you’ll get a big ‘huh?’ From them as well. .
I might point ’em to this writeup, but, fer shure, that’s as far as it’ll go.
Comments are closed.