I got an e-mail from NFCU yesterday morning. At least, it claimed
to be an e-mail from NFCU:
Account has an NSF Check or ACH Debit
Your account, ending in , has a non-sufficient funds , in the amount of $. This item was presented for payment on , and subsequently returned for non-sufficient funds. A non-sufficient funds fee of $20.00 will be debited from your account. To view your account transaction history sign on to Navy Federal Online Account Access, www.navyfederal.org.
This e-mail has been sent to you based on the Member Notification preferences you previously established. If you would like to change your Member Notification preferences, please sign on to Navy Federal Online Account Access (www.navyfederal.org) and click on the Other Services link, go to the Member Notifications by E-Mail option, and then click on the Manage My Notifications tab.
Please Note: This Member Notification e-mail address is only used to generate Member Notifications. We will not read or respond to e-mails sent to this e-mail address. If you would like to contact Navy Federal with questions or comments, please sign on to Navy Federal Online Account Access (www.navyfederal.org) and click on the Check Messages link to send us an e-message.
My first thought was: "Damn, these sociopaths are good." The e-mail came with the proper header, it had an NFCU logo in the body, and it had the right look & feel. But I know that their URL is really www.navyfcu.org
and I figured that if they were legit then they'd include my account number and the amount of the NSF or ACH issue.
Just to be sure I logged into our accounts and checked. Nope, we were fine. Some scumbag was definitely phishing. Slimy $%^&ers!
As an ever-vigilant customer I immediately forwarded the devious e-mail to NFCU's phishing address and received the following comforting response:
Patricia Schneck/00/HQ/NFCU is out of the office.
I will be out of the office starting 07/29/2008 and will not return until
I will respond to your message when I return.
Great, thanks a lot guys. So I told the story to my spouse and our 15-year-old. I emphasized to our kid that this was the most sophisticated scam I'd ever seen and that she should make sure she only logged into her financial websites from her bookmarks, never from the e-mail links.
This morning I got the following from NFCU:
Member Notification E-mail
This is to advise you that an E-mail notification was sent to you in error from Navy Federal. The E-mail subject states, “Account has an NSF Check or ACH Debit”. Please note this E-mail did not accurately reflect your account status. Please disregard it. We apologize for the inconvenience.
Whoa, pretty slick! Those phishers were trying even harder to gain our confidence. Everyone knows that NFCU would've used their website's "secure member communication" system for us to learn more about the problem. But when I'd logged into our accounts the other day, there was nothing. So I forwarded this second phish to NFCU, and received the following:
Safioleas, George is out of the office.
I will be out of the office starting 08/07/2008 and will not return until
If you have any questions please contact Helen Barber at 43401.
Great. Feeling less than fully customer-served, I started the day's yardwork. 30 minutes later spouse came out with the phone and said "It's NFCU."
NFCU's (alleged) customer-service rep claimed that they really did send out both e-mails and that the first was sent in error. So sorry. Yes, navyfcu.org was their URL but they'd also purchased a bunch of similar-sounding URLs including navyfederal.org. And if I had any questions I should've contacted them.
I didn't even get into my previous experiences with NFCU's interactive phone system. I kvetched about the out-of-office replies, suggested that the NFCU website should be used to notify customers of this mistake, and told her that PenFed was looking pretty darn good about now. That was the first time in the conversation that a hint of contrition crept into her voice, but then again that was her job as NFCU's Chief Apologist. I suggested that she let management know that this 30-year customer was mighty unhappy about the whole thing and she agreed that she'd do that right away. Yep.
Somehow I'm not feeling like this customer has been satisfied. Serviced, maybe, but not satisfied.
Anyone else have this problem?