On October 31, 2023, notification was received regarding a CAFT spoofed website which was discovered late that afternoon. Website spoofing is when attackers set up a fraudulent website that looks nearly identical to the legitimate one to exploit visiting users. Their goal is to redirect unsuspecting users to the spoofed website where they may be able to harvest credentials, payment information or other personally identifiable information.
CAFT (Customer Automated Funds Transfer), a credit union system for business payroll, deposits and payments, provided the following details:
The CORRECT CAFT site address is caft.paymentsanytime.com.
*More than one spoofed website address that look very similar to the above have been discovered. If a CAFT user logs into a spoof site, we believe user ID and passwords are being compromised.
Immediate action to be taken:
- All CAFT users must reset their passwords immediately. Please create unique user passwords that contain a minimum of 8 and maximum of 14 characters. Passwords should be unique using a combination of words, numbers and both upper and lower case. Do this by:
- Accessing CAFT through “manage my password” on the CAFT Main Menu Screen
- Through the Self-Service option through the CAFT Log in Screen
- Contact the credit union
- Activate features built into the CAFT system that help mitigate risk—such as establishing limits on transaction and file amounts and enabling dual authorization.
- Don’t click on a link to CAFT that was provided in an unexpected email.
Cyber security is everyone’s responsibility.
It is the aim of CAFT and the credit union to prioritize payment security, and promote member education. Please take a moment to review tips on how you can protect yourself online.
For more information
While this matter is being investigated, steps are being taken to protect members from any potential negative impacts. In the meantime, if you have any questions or concerns, please contact our team at 1-877-828-4343.