Phishing Email Aimed at Stealing Member Credentials

Security Notice - December 5, 2018

Goldenwest Credit Union has discovered a new phishing attack against our members. Members have reported receiving fake emails directing them to the website https://ohmiesemporium.com/goldenw. See a copy of the email below. The fraudster is spoofing our email address to appear as though it is coming from Goldenwest, but it is not. Goldenwest will never notify you by email if your online banking was suspended. Goldenwest recommends never clicking links in emails to sign into accounts. This site is not hosted or owned by Goldenwest Credit Union. The site is designed to look like Goldenwest's online branch in order to lure members into giving away usernames and passwords. Before you enter your credential's into any website, make sure it has the correct URL. Goldenwest uses the URL "https://online.gwcu.org". The gwcu.org is the most important piece as that is the domain that Goldenwest owns the rights to use. Also look for https as that indicates your credentials are encrypted while traveling to our servers. If you are concerned about your account, please go directly to gwcu.org home page and sign in from there and feel free to give our contact center a call at 1-800-293-4550.

Below are screenshots of the fake website and Goldenwest's real online banking website. Notice that Goldenwest does not request your password at the same time as your username. Instead you are directed to the next screen which includes your "security phrase" and "security picture". You should always verify that your phrase and picture match before entering in your password. We use this feature to combat the very attack that this notice is about.

Phishing email Fake gwcu website Real gwcu website continued login screen

How to Report Suspicious Activity

If you have received a suspicious e-mail or other fraudulent correspondence regarding Goldenwest Credit Union, please forward it to phishing@gwcu.org.