Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Scam Alert: Cornerstone Will Not Call You to Make Your Hotel Reservation for Leadership Conference & Expo
Thursday, June 12, 2014 7:00 AM

The Cornerstone Credit Union League has been made aware of a vishing scam. A credit union CUSO in the Southeastern region of the U.S. received a voicemail from “Henry,” who informed them of the limited hotel room availability for Cornerstone’s Leadership Conference & Expo Sept. 4-6. “Henry” asked this individual to call a 1-800 number to secure their hotel reservations. Fortunately, this person was suspicious and instead called Cornerstone.

A Cornerstone staff member, posing as an exhibitor, called the 800 number and spoke with “Henry,” who transferred her to another individual to complete her reservation. This individual created a sense of urgency by saying there were only six rooms left in the room block for exhibitors. The Cornerstone staff member was asked for her email address so she could be sent an email with a link for her to click on to complete the reservation. The individual explained to the Cornerstone staff member that he would stay on the line with her to walk her through the process, which would include providing a credit card number. The Cornerstone staff member terminated the call before divulging any personal information – including email address.

Credit unions should know that Cornerstone, nor the conference hotel, which is the Marriott Rivercenter, will call them to make their hotel reservation. Credit unions can reserve their hotel room online. Simply go to and click on “Location.” Credit unions will then see “Book Your Room Online.” If you wish to make your hotel reservation over the phone, you may call the Marriott Rivercenter at (877) 622-3056. Again, neither Cornerstone nor the hotel will call you to make your hotel reservations. The discounted room rate of $199 (single/double) is available until Aug. 1. If you choose to make your reservation over the phone, you will need to indicate that you are with the Cornerstone League conference in order to receive the special rate.

Vishing is similar to phishing in that both scams rely on e-mail as a means of delivering bait. However, the two use different hooks in order to obtain personal data. In phishing, the potential victim receives an email driving them to a fraudulent web site; whereas in vishing, the potential victim receives a phone call requesting for an email address so the fraudster can email them a link. If the recipient clicks on the link that was provided in the email, they will be taken to website where they’ll be asked to divulge personal information, such as a credit card number. 

Identifying phishing and vishing scams is not always easy and the criminals who use them are becoming more sophisticated about creating them.  Here are some tips for spotting fraudulent emails:

  • Urgent or threatening tone — in this particular case, the Cornerstone staff person was told she needed to make her reservation at this very moment because if she delayed, a room might not be available tomorrow.
  • Request for personal or financial information — the purpose of vishing and phishing scams are to obtain your personal and financial information. In this case, the scammer was seeking credit card information. In other vishing and phishing scams the fraudster might try and get other personal data, such as Social Security numbers.
  • Misspellings and poor Grammar — fraudulent emails often use improper grammar and contain misspellings

The best defense against phishing or vishing is a little common sense.  Here are some tips consumers can use to avoid becoming a victim of cyber fraud:

  • Do not respond to unsolicited (spam) e-mails or phone calls.
  • Do not click on links contained within an unsolicited e-mail, and do not provide your email address to anyone with whom you are not familiar.
  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
  • Avoid filling out forms in e-mail messages that ask for personal information.
  • Always compare the link in the e-mail to the link that you are actually directed to.
  • Log on to the official website, instead of "linking" to it from an unsolicited e-mail.
  • Contact the actual business that supposedly sent the e-mail, or made the phone call, to verify if the e-mail is genuine.