Yolo Federal Credit Union Hours

I’ve gotten reports from a few people about an SMS phishing scam that is targeting customers of a small credit union near Sacramento, CA. Ordinarily I’d just ignore it as one more bit of flotsam in the teeming sea of junk that’s on the net, but this one has a few interesting aspects.

Here is the text that has been going out to cell phones in the 530 area code [1]:

NOTICE: Your YOLO-FCU CARD starting with 4661* has been put on hold. Please call us at (888) 819 9661.

Calling the line (which is still active as of this morning, 6/19) gives you a synthesized-voice prompt:

Thank you for calling Yolo Federal Credit Union 24 hours (sic) credit activation services.

For card card activation, press 1.
To change your pin, press 2.
To end this call, press pound.

The usual first line defense of simply reading the text (and listening) in this case should be a least a mild tipoff. The first detail that jumps out is the use of the first four digits of the account number (“starting with 4661″)[2]. Banks and card issues always refer to accounts by the last four digits, because the first four are always the same for a given issuer; they’re called the Issuer Identification Number (IIN). What’s particularly devious about this detail is that it lends false credibility to the phish because it invites users (victims) to improperly generalize from the familiar security practice of referring to an account by only the last four digits.

The next detail that seems a bit incongruous is the synthesized voice message. While not entirely unknown, one might expect a reputable credit union to use a real voice in the recorded message (if only for customer service reasons).

Other than those couple details (and the fact that no bank should ask for the information it’s requesting), this is a pretty decent phish. I give it a C+.

Related posts: