In a new twist on a classic "phishing" scam, cyber thieves have pilfered around $70,000 so far from Y-12 Federal Credit Union and its customers. Usually, phishers will send out an e-mail claiming to be from a bank or credit card company and direct the recipient to a phony Website asking for financial information. In the case of Y-12, no e-mails were ever sent. "That's the new wrinkle in this case," Y-12 Federal Credit Union spokeperson Chris Smith. Instead of sending e-mails, hackers took advantage of a recently discovered security hole in Microsoft software and accessed Y-12 Federal Credit Union's Website. For around 90 minutes Monday evening, January 9, when customers would enter their user name and password into the legitimate site, they were then redirected to a bogus site — based in Greece, Smith said — that asked for their credit card number and personal identification number or PIN. The hackers then used the information to create magnetic strips like those found on the back of credit and ATM cards. The credit union and the Federal Bureau of Investigation have spotted ATM transactions related to the Y-12 breach all across the United States and even as far away as Pakistan.

Source: http://www.thedailytimes.com/sited/story/html/227429