Credit union members must stay alert to the latest attempts by scammers to access personal financial data. Fraudsters spoof credit union email addresses and phone numbers and use pieces of personally identifiable information to gain member trust.
The most important thing to remember:
NO ONE FROM THE CREDIT UNION WILL EVER CALL OR EMAIL YOU ASKING FOR SENSITIVE INFORMATION, LIKE YOUR ACCOUNT NUMBER. NOT EVEN OUR CEO.
Here’s what you need to know about credit union impersonation scams.
What Is a Credit Union Impersonation Scam?
Successful credit union impersonation scams occur when members are convinced they’re communicating with an actual credit union representative via email (Phishing), SMS text message (SMishing), or live voice call (Vishing). But in reality, they’re sharing confidential information with a scammer.
Fraudsters use spoofing techniques to make it appear as though the communication is from the institution so they can:
- Steal your debit card information
- Bypass security protections and access your account online; and
- Solicit funds for fake payments
Credit Union Impersonation Scam Scenarios
A scammer will do everything they can to appear as if they are a real credit union employee attempting to assist you with your account.
Typical Phishing and SMishing scenario:
Posing as a credit union fraud department employee, the scammer sends a spoofed email or text message to a member alerting them to suspicious debit card activity. Instructions urge the member to reply to the original message with account details, such as card numbers, CV2 codes, PINs, or other online account credentials. Phishing and SMishing gives the scammer valuable data they can use to make unauthorized charges or access the member’s account.
Typical Vishing scenario:
Posing as a credit union representative, the scammer contacts the member using a spoofed phone number. The caller claims they need to discuss an important matter, but they must first confirm the member’s identity. The scammer is already on the credit union’s online banking website and informs the member they need them to provide the PIN sent to the member’s phone or answer security questions. Since the caller says they’re from the credit union and the number appears to confirm it, the member doesn’t hesitate to provide the requested information.
Vishing allows the scammer to use the information provided by the member to complete the login. They proceed to lock the member out of their account by changing the online banking password. The fraudster then transfers funds from the member’s account to their own temporary account before vanishing without a trace. The caller might even encourage the member to transfer funds to an external account claiming that the payment will be applied to a specific credit union loan.
How to Protect Yourself from Credit Union Impersonation Scams
- Never share private information via SMS text message. Legitimate attempts to validate credit or debit card activity only requires a simple response (YES or NO) via text.
- Do not click on hyperlinked phone numbers sent via SMS text or on links inside emails.
- Pause before providing personal data via voice calls you did not initiate, even if the caller ID reads “Jefferson Credit Union”. Hang up and contact us.
When in doubt, always reach out to us if you receive any suspicious correspondence.