Articles

Hardly a week goes by without several phishing attempts hitting everyone's inboxes, text threads, or voicemail. While phishing emails purportedly from financial institutions date back over 25 years, they continue to work.

Latest trends in account takeover fraud use similar tactics from the traditional Zelle fraud scam. One variation of the scam is:

• Members receive an account alert (text or email) appearing to come from their financial institution and alerting them to unusual/suspicious activity on their account
• If the member responds to the texts, fraudsters will call the member spoofing the financial institution’s phone number and claim to be from the financial institution’s fraud department
• Fraudsters will then have the member provide them with their online username (to verify the member)
• Then using the "forgot password" feature on online banking. they will trigger a passcode to be sent to the member’s mobile phone
• The fraudster will the convince the member to provide the "security code" as an additional step in verifying their identity
• The fraudster will then review fictitious transactions with the member and then assure them that they will have those charges removed, after which the call will be completed
• At the same time, the fraudster will use the passcode the member read to them to reset the member’s online banking password
• Once logged into the member’s account, the fraudsters will use the external transfer or transfer to an internal account function to move money into accounts belonging to money mules who will withdrawal the funds. 

Scammers are constantly sending phishing emails and text messages impersonating trusted organizations in an attempt to trick members into sharing their personal information by clicking through a fake/lookalike online banking website.

Here are a few tips for spotting spoofed websites and phishing emails:

• Look for misspelled words
• Random phone numbers that are not the credit union’s phone number
• Hover over a link to see if it shows a random website (for example: welsfargo12vste/gioagions.com).

As a reminder, NW Plus CU will never call, text, or email asking for:

• Account number and routing number
• Credit or debit card PIN
• Digital banking username or password
• FULL Social Security number
• CVV2 code on the back of their credit or debit card
• Verification codes

Additional steps you can take to protect yourself: 

• Never click on links in unexpected texts or emails
• Do not use a phone number that was provided in the text or email
• Do not share your personal information with an unknown caller
• Beware of caller ID – it can be spoofed
• If you are unsure or suspect you have been scammed, contact NW Plus CU right away.