October 8, 2019
Alert from Interior Federal Credit Union
Interior Federal Credit Union would like to share some basic fraud intelligence, from our partners at CO-OP Financial Services about intermittent scams that are currently operating in the state of Michigan and potentially other areas of the U.S.
Criminals in possession of card details and other forms of personally identifiable information (PII) are spoofing credit union phone numbers in an effort to fool members into thinking that text messages are actually from the fraud department of a particular financial institution. Fraudsters are sending text messages under the guise of trying to validate recent card activity and are including hyperlinks within some text messages.
Fraudsters are also using text messaging to deceive members into providing card related data and log in credentials. Instances have been reported of fraudsters impersonating members to request a change in contact information such as mobile numbers. Fraudsters have also contacted financial institutions, impersonating members to report upcoming travel as a means of lowering the monitoring of debit and credit card transactions. Learn more about Card Controls to combat fraud, here.
Attacks to obtain personal information from credit union members are known as SMishing (SMS text phishing) and Vishing (Voice phishing). A typical SMishing occurrence can begin with a member receiving a text message inquiring about a suspicious transaction on an account. In reality, the fraudster is looking to obtain other information from members such as debit card numbers, CV2 codes, expiration dates, PINs and other web login credentials.
In another scenario, fraudsters are posing as financial institution employees in order to obtain One Time Passcodes (OTP) from members. While on the phone with a member, the fraudster logs into an online banking site. When the OTP is sent to the member’s phone, the fraudster asks the member to provide the OTP as a means to validate the member. When the information is shared with the person the member believes is a credit union employee, the fraudster uses the OTP to finalize access to online banking, which is typically followed by changing the online banking password and transferring funds from member accounts.
Suggested Best Practices for Members
- Warn members of SMiShing and Vishing scams. Instruct members to be cautious when responding to SMS text messages as well as voice calls, even if they appear to come from the credit union.
- Advise members to call the credit union using a reliable phone number to question any SMS text messages or voice calls purportedly from the credit union.
- Inform members to never provide personal information in response to SMS text messages and phone calls purportedly from the credit union.
- Do not click on links included in text messages from unknown sources.
Digital security is very important to the Credit Union and we want our members to be educated. For more information on digital defense, please visit Security Awareness section of our website.
Want more credit union information?
Subscribe to eNews