(Published May 2, 2007, 9:32 a.m.)
Beware of those e-mails from Blackhawk Community Credit Union letting you know you need to reset your password.
They appear to be a scam attempt to gain access to customer accounts.
The e-mail isn't from Blackhawk at all. The company, with branches in Delavan, Janesville and Edgerton, has received more than a hundred calls about this latest "phishing" scam, the first to hit the local company, CEO Stewart Ramsey said.
Here's what you need to know:
Q: What should I do if I receive the e-mail?
A: Delete it. A reputable financial institution would never ask for personal or sensitive information through e-mail, Ramsey said.
Q: How does the scam work?
A: The e-mail contains a link to what appears to be Blackhawk's Web site. When you click on the link, it asks for your account number and personal identification number or access code, the same information you would enter to log into an online bank account.
Once you enter the information, the scammers have access to that information and can log into your real bank account, potentially clearing it out.
Q: What if I already followed the link and entered the information?
A: Call Blackhawk immediately at 1-800-779-5555. An employee will reset your access code on the spot so scammers can no longer get to your account, Ramsey said.
By Monday afternoon, Ramsey knew of about a dozen people who had entered their information, but none had lost money from their accounts.
Q: Who's really sending the e-mails?
A: That's a mystery so far, Ramsey said. The credit union called federal authorities, who have traced the e-mails to somewhere overseas, probably Russia, he said. The U.S. government has no jurisdiction over overseas e-mail accounts.
Authorities also don't know how the scammers got local e-mail addresses, Ramsey said. An unknown number of e-mails have gone to customers and non-customers alike, but they seem to be confined to this area. The farthest report Ramsey received of an e-mail was from northern Illinois, he said.
Q: Why can't I get on Blackhawk's Web site?
A: The scammers also are "blasting" Blackhawk's site, clicking on it so many times that it slows or crashes the server, Ramsey said. Blackhawk can block the user, but then the scammers switch to a different account.
"At some point they'll give up because we keep blocking them," Ramsey said.
The scammers hope that by crashing Blackhawk's legitimate Web site, they will convince people to follow the e-mail link to the fake site, he said.
Although the scammers might be able to crash the site, they can't break into it, he said. The only way they can get the sensitive information is if people give it to them.
"Never provide personal information on an e-mail," Ramsey said. "We'll never ask for that information on e-mail, nor will any financial institution."
Content may not be published, broadcast, re-distributed or re-written.