During the fourth quarter of 2006, the National Credit Union Administration (NCUA) assessed Civil Money Penalties against 22 federally insured credit unions that were late in submitting 2005 Home Mortgage Disclosure Act (HMDA) data.

Board Member Gigi Hyland spoke today before participants at CUNA’s 2007 Government Affairs Conference (GAC).

Websense® Security Labs™ has received reports of a phishing attack that targets customers of Hang Seng Bank. Users who visit the site will be asked for personal as well as account information, such as ATM pin number, account number, and details.

Phishing screenshot:

NCUA Chairman JoAnn Johnson told over 3,000 assembled today at CUNA’s Governmental Affairs Conference (GAC) in Washington, D.C., using the words of inventor Charles Kettering, “If you have always done it that way, it is probably wrong.”Not advocating a disregard for established practices, precedents and traditions, NCUA is rather evaluating current procedures and considering potential changes in three areas — Bylaw enforcement, the CAMEL matrix, and Prompt Corrective Action.

Letter to Credit Unions 07-CU-03 - Reminds credit unions of the upcoming change in the schedule for Daylight Saving Time (DST)

National Credit Union Administration (NCUA) Chairman JoAnn Johnson has been invited to testify at a hearing before the U.S. House of Representatives Appropriations Subcommittee on Financial Services and General Government.

The National Credit Union Administration Board has selected Deputy Executive Director Jane Walters to be Capital Region II Director filling the position left vacant with the retirement of Edward P. Dupcak.

Websense® Security Labs™ has discovered emails that attempt to lure users to click on a link in order to upgrade their system security. The emails, which are spoofed from Monster, are written in HTML and claim that Monster systems have been upgraded and that users need to download a certified utility to be able to use Monster.  The domain name that the emails point to are using five different IP addresses. Upon connecting to one of the IP addresses, the code is run, several files are downloaded and installed on the user’s machine, and another file is downloaded and installed from a server in Denmark. The files appear to be designed to steal end-user information.

Websense® Security Labs™ has received reports of a phishing attack that targets users of Banco Banvivienda. Users receive a spoofed email message which claims that new servers have been deployed and that, in order to keep customer data secure, they will have to log on to their account to restore the data on record. The email provides a link to a phishing site that attempts to collect personal and account information.

This phishing site is hosted in Spain and was up at the time of this alert.

Translated Phishing email text:

Dear Banvivienda Customer,

Banvivienda informs you that with the beginning of the new year 2007, the Banvivienda banking servers have been updated and are now operative. But due to the high volume of people using internet as a secure paying method, we see an obligation to ask you for your collaboration to quickly restore data in the new platforms.
If you have not logged on to your internet banking in the last 12 minutes we ask you to do so immediately to avoid any anomaly in your account or future loss of data.

Please log in to your account through the following link:

< LINK REMOVED >

Banvivienda puts at your disposition, without additional costs, new servers that take advantage of the latest data protection and encryption technology.
One more time Banvivienda is the leader in the field.

Lastly we remind you that, recently, fraudolent fake emails have been sent out for lucrative purposes. Please, never put your bank card details on an email and always confirm that the provenience of the email is @banvivienda.com.

Phishing Screenshot:

The National Credit Union Administration (NCUA) Board has scheduled a special closed Board meeting for February 23, 2007, at 10 a.m.