Consumer Safety Tips

Phishing scams that target credit union members often use urgent language and fake websites to steal login credentials and personal information. By learning to recognize the warning signs and following safe practices, you can protect your accounts and financial data.

Common credit union phishing scams

Scammers use a variety of tactics to trick members into revealing sensitive information, including:

• Spoofed email (phishing): You receive an email that looks legitimate, with your credit union's logo and branding. It may say your account is locked or that there's suspicious activity and direct you to click a link to "verify your identity".

• Fake website: The email's link sends you to a fraudulent website that is nearly identical to your credit union's official site. It is designed to steal your login credentials when you attempt to sign in.

• Phone call scams (vishing): You receive a phone call with a spoofed caller ID that appears to be from your credit union. A scammer posing as an employee may try to create a sense of urgency, claiming you must share your PIN or verification code to secure your account.

• Text message scams (smishing): A text message alerts you to "unusual activity" on your account and instructs you to click a suspicious link or reply with personal details.

• Urgent or threatening language. Messages claim your account will be locked, suspended, or compromised if you don't act immediately.

• Generic greetings. Phishing emails often use impersonal salutations like "Dear Member" or "Dear Customer," instead of your full name.

• Suspicious email addresses or links. The sender's email address may have a slight variation of the official domain, such as support@paypa1.com instead of support@paypal.com.

• Poor spelling and grammar. Many scam messages contain awkward phrasing, typos, and other errors that are inconsistent with professional communications.

• Unexpected attachments or links. Be wary of unsolicited messages containing links or attachments, which can infect your device with malware.

• Requests for personal information. Legitimate institutions will never ask for your password, PIN, or full Social Security number via email, text, or unsolicited phone call.

Best practices for protecting yourself

• To avoid getting hooked by a phishing scam, be proactive and cautious:

• Be skeptical. Never click on links or open attachments in suspicious messages. Instead, close the message and navigate directly to your credit union's official website by typing the address into your browser.

• Verify the source. If a message or call seems suspicious, hang up and contact your credit union directly using a phone number from your official statement or debit card. Do not use any contact information provided in the suspicious message.

• Use multi-factor authentication (MFA). This adds a crucial layer of security, requiring a second form of verification (like a code sent to your phone) to access your account.

• Monitor your accounts regularly. Set up account alerts for suspicious activity and review your account statements often to catch any unauthorized transactions immediately.

• Keep software updated. Enable automatic updates for your devices and antivirus software to protect against the latest security threats.

What to do if you fall for a scam

If you have accidentally responded to a phishing email or clicked a suspicious link, act quickly to minimize the damage:

• Change your passwords. Update your password for any compromised account, as well as any other accounts that use the same or similar password.

• Report the scam. Report the phishing attempt to the Federal Trade Commission (FTC) at reportfraud.ftc.gov.

• Monitor your credit. Place a fraud alert on your credit file with the credit bureaus to help prevent identity theft.pan of a year. In other words, if a $2,000 balance is carried over a full year, the user will owe roughly $600 dollars worth of interest at the end of that year. Just remember, a smaller interest rate and yearly fee is usually better.