Phishing is when criminals pretend to be representatives of legitimate businesses in order to induce individuals to reveal personal or account information such as passwords or credit card numbers. With the increasing number of phishing scams and fraudulent messages being sent online, it’s important to know how to spot them.
SMS Text Phishing
Criminals in possession of card details and other forms of personally identifiable information try to spoof financial institution phone numbers in an effort to fool you into thinking that text messages are actually from the fraud department. Fraudsters may send text messages under the guise of trying to validate recent card activity and are including hyperlinks within some text messages.
They may also impersonate financial institutions and then request a change in contact information such as mobile numbers. Fraudsters have also contacted financial institutions themselves, impersonating members to report upcoming travel as a means of lowering the monitoring of debit and credit card transactions.
Enhanced Fraud Protection
With Enhanced Fraud Protection, you’ll receive text messages, emails, and/or phone alerts when potentially suspicious activity occurs on your credit or debit card. Below is a summary of what SMS/text information from DuPage Credit Union will and will not include.
SMS/Text will include:
- DuPage Credit Union abbreviated name
- Last 4 of Card #
- $ Amount in question (with dollar sign)
- Merchant Name
- Reply Options: YES, NO, STOP (to opt out)
SMS/Text will NOT include:
- Requests for cardholder data, such as card numbers, PINs, CV2 Codes, Expiration Dates
- Vague reference of “Merchant” transaction details
- Hyperlinks to unknown websites
- Phone numbers as hyperlinks
Similar to SMS Text Phishing, fraudsters may imitate a well-known business or financial institution via email in order to trick you into clicking on a link or attachment. This allows them to hack into your computer, cell phone, or tablet and steal personal information such as passwords, usernames, addresses, etc. In addition to spelling or grammatical errors and business email addresses with public domains (i.e. @gmail.com), the following are a few common email phishing tactics to look out for.
- Being asked to provide or confirm personal information
- Stating that there’s an issue with your account or payment
- Asking you to click on a link to make your payment
- Suspicious links or attachments
- Incorrect bills or invoices
If you believe you’ve been a victim of email phishing. Do not click on any links or open any attachments. Simply delete it and, if it is a business you use or are familiar with, let them know.
Voice Phishing (Phone Calls)
In another scenario, fraudsters may pose as employees in order to obtain One Time Passcodes (OTP). While on the phone with a member, the fraudster logs into an online banking site. When the OTP is sent to the member’s phone, the fraudster asks the member to provide the OTP as a means to validate. When the information is shared with the person the member believes is an employee, the fraudster uses the OTP to finalize access to online banking, which is typically followed by changing the online banking password and transferring funds from member accounts.
How to avoid phishing scams
- Be cautious when responding to SMS text messages as well as voice calls, even if they appear to come from the credit union.
- Call the credit union using a reliable phone number to question any SMS text messages or voice calls purportedly from the credit union.
- Never provide personal information in response to SMS text messages and phone calls purportedly from the credit union.
- Do not click on links included in text messages from unknown sources. Legitimate requests to validate card activity will request a simple response of YES or NO. They will not include hyperlinks to other websites or ask for any personal info.