Phishing scams and how to spot them
Phishing is when criminals pretend to be representatives of legitimate businesses in order to induce individuals to reveal personal or account information such as passwords or credit card numbers. No matter how you are contacted, phishing scams have one thing in common: They create a sense of urgency to get you to respond with information they, as a legitimate organization, should already have.
Remember: DuPage Credit Union will never contact you by unsolicited phone call, email, or text and ask for your member number; credit or debit card number; your PIN, CVV/CV2 or expiration date; your Digital Banking User ID; your password; or other sensitive information. If you receive an email asking for any of these, it is most likely a scam. If you’re unsure, do not click on any links or open any attachments. Contact us immediately.
With the increasing number of phishing scams and fraudulent messages being sent via email, text, and via phone calls, it’s important to know how to spot them:
Phishing emails are designed to look like they are coming from either an organization or a person within that organization. These emails imply urgency and sometimes have misspellings and poor grammar. They may ask you to click a malicious link or open an attachment. Here are some of the most common email phishing tactics to look out for:
- Ask you to provide or confirm personal information
- State there’s an issue with your account or payment
- Request confirmation for a contest or to obtain winnings
- Request action under threat of cancelling insurance or accounts
- Provide or confirm bills or invoices
- Ask you to complete an application for products or services
Text SMS Phishing (Smishing)
Criminals in possession of card details and other forms of personally identifiable information try to spoof bank phone numbers in an effort to fool you into thinking that text messages are actually from the fraud department. Criminals may send text messages pretending to need to validate recent card activity. Similar to emails, they may include hyperlinks and ask that you change or provide contact information by clicking that link or texting back.
With DuPage Credit Union’s Enhanced Fraud Protection, you’ll receive text messages, emails, and/or phone alerts when potentially suspicious activity occurs on your credit or debit card. Below is a summary of what SMS/text information from DuPage Credit Union will and will not include:
SMS/Text will include:
- DuPage Credit Union abbreviated name
- Last 4 of Card #
- $ Amount in question (with dollar sign)
- Merchant Name
- Reply Options: YES, NO, STOP (to opt out)
SMS/Text will NOT include:
- Requests for cardholder data, such as card numbers, PINs, CVV/CV2 Codes, Expiration Dates
- Vague reference of “Merchant” transaction details
- Hyperlinks to unknown websites
- Phone numbers as hyperlinks
Remember: Never provide personal information in response to SMS text messages and phone calls purportedly from the Credit Union. Legitimate requests to validate card activity will request a simple response of YES or NO. They will not include hyperlinks to other websites or ask for any personal info. If you are ever in doubt, contact us directly.
Phone/Voice Phishing (Vishing)
Telephone phishing attempts may come from real people or robocalls. They may even threaten jail time or lawsuits if you don’t take action and provide information or pay them.
Fraudsters may pose as employees in order to obtain One Time Passcodes (OTP). While on the phone with a member, the fraudster logs into an digital banking site. When the One Time Passcode is sent to the member’s phone, the fraudster then asks the member to provide the passcode as a means to validate. When the information is shared with the person the member believes is an employee, the fraudster uses the passcode to finalize access to digital banking, which is typically followed by changing the digital banking password and transferring funds from member accounts.
Increasingly, criminals are using COVID-19 as a means to take advantage of people via charity scams, fake checks from the government, and testing scams. For a list of the latest coronavirus scams and banking scams, visit the US Government’s Common Scams and Frauds webpage.