Update (Nov. 12, 10 AM PST): Twenty-two hours later, the Verity website has been taken offline, but the blog is still running. However, there are no new posts since the original, although Verity's Shari Storm has responded to several member comments. From information in the comments, it sounds like Verity's log-in page was redirected for up to four hours on Saturday morning beginning about 6:00 AM. At least one member said they answered "screening questions" including mother's maiden name.
Seattle-based Verity Credit Union is in the midst of a major website spoof that began earlier today. The credit union is reporting that the log-in function to online banking, located on its homepage (upper-right below), has been redirected by a hacker.
Apparently, only the log-in function was hijacked. The credit union has control of its homepage and plastered a large warning over the front. The link after the warning, "more information," linked to the Verity blog for updates (see below).
It appears the log-in process is back under the credit union's control, although the warning is still there. When attempting to log in at 3:15 PM with a test name (I do not have a Verity account), I was redirected to an error message at <https://secure-veritycu.com/Common/SignOn/SignOnError.asp>, which appears to be a legitimate Verity secure page. There was no follow-up question asking for my credit card number as mentioned in the blog post (see below).
The incident was first posted to their blog at 12:02 PM today (see post below).
The silver lining
As bad as this is, Verity should be applauded for the rapid response, using both its website and blog to get the word out. Presumably, they also emailed customers, but those messages may or may not be believed in this day of rampant phishing.
You can follow the ongoing drama at the Verity blog, where customers have been redirected for the latest news. We'll keep you posted.