Credit Union Impersonation Scams
Credit union members must stay alert to the latest attempts by scammers to access personal financial data. Some of our members have recently received emails, text messages, and phone calls from cyberthieves posing as credit union employees. Fraudsters spoof credit union email addresses and phone numbers and use pieces of personally identifiable information to gain member trust before stealing account funds.
Here’s what you need to know about credit union impersonation scams.
What Is a Credit Union Impersonation Scam?
Successful credit union impersonation scams occur when members are convinced they’re communicating with an actual credit union representative via email (Phishing), SMS text message (SMishing), or live voice call (Vishing). But in reality, they’re sharing confidential information with a scammer.
Fraudsters use spoofing techniques to make it appear as though the communication is from the institution so they can:
- Steal your debit card information
- Bypass security protections and access your account online; and
- Solicit funds for fake payments
Credit Union Impersonation Scam Scenarios
A scammer will do everything they can to appear as if they are a real credit union employee attempting to assist you with your account.
Typical Phishing and SMishing scenario:
Posing as a credit union fraud department employee, the scammer sends a spoofed email or text message to a member alerting them to suspicious debit card activity. Instructions urge the member to reply to the original message with account details, such as card numbers, CV2 codes, PINs, or other online account credentials. Phishing and SMishing gives the scammer valuable data they can use to make unauthorized charges or access the member’s account.
Typical Vishing scenario:
Posing as a credit union representative, the scammer contacts the member using a spoofed phone number. The caller claims they need to discuss an important matter, but they must first confirm the member’s identity. The scammer is already on the credit union’s online banking website and informs the member they need them to provide the PIN sent to the member’s phone or answer security questions. Since the caller says they’re from the credit union and the number appears to confirm it, the member doesn’t hesitate to provide the requested information.
Vishing allows the scammer to use the information provided by the member to complete the login. They proceed to lock the member out of their account by changing the online banking password. The fraudster then transfers funds from the member’s account to their own temporary account before vanishing without a trace. The caller might even encourage the member to transfer funds to an external account claiming that the payment will be applied to a specific credit union loan.
How to Protect Yourself from Credit Union Impersonation Scams
- Never share private information via SMS text message. Legitimate attempts to validate credit or debit card activity only requires a simple response (YES or NO) via text.
- Do not click on hyperlinked phone numbers sent via SMS text or on links inside emails.
- Pause before providing personal data via voice calls you did not initiate, even if the caller ID reads “Call Federal Credit Union”. Hang up and contact us using a phone number or form provided on our website.
If you believe someone is attempting to access your account, or already has, call us at 804-274-1200, between 8:00 a.m. and 5:00 p.m., or 800-796-2328 after hours. You can also visit a local branch for assistance.
Share this post
July 17, 2018
Banks and credit unions are becoming more sophisticated with the security of your data. That means identity thieves …Read More about How ID thieves get your information
May 2, 2017
Indicator #1 Oftentimes, people who have been the victim of identity theft will begin receiving letters or phone calls …Read More about How to know if you are a possible victim of identity theft