Protect Yourself From Fraud
Phishing, Smishing and Vishing are types of deception designed to steal your personal data such as credit card numbers, passwords, PINs, or account data. Con artists might send millions of fraudulent email messages, text messages, or even phone solicitation that appear to come from companies you trust, like your bank or credit card company, and request that you provide personal information.
Protect Yourself From Smishing (SMS Phishing) Attacks
Credit Unions from across the country have reported their members receiving bogus text message (smishing) alerts. The text message indicates it is from the Credit Union and advises the member to call the number provided in the text message to have their card reactivated. This is a scam as no credit union would ever ask a member for this type of information using text messaging – do not provide any ATM Card, Visa Check Card, or credit card information.
Please be aware that TEFCU will never ask for personal information via text message, email, or phone. If you have given out your credit card account information or suspect that your card(s) has/have been compromised in any way, please call TEFCU as soon as possible. When calling TEFCU, have your account number and your account password available. If you call after business hours, follow the prompt for reporting the compromised card(s).
What does a phishing/vishing scam look like?
As scam artists become more sophisticated, so do their attacks. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate websites. To make these phishing email messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate website. But it actually takes you to a phony scam site or possibly a pop-up window that looks exactly like the official site.
These copycat sites are also called "spoofed" websites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.
How to tell if an email/text/phone message is fraudulent
Here are a few phrases to look for:
- Verify your account - Businesses and TEFCU will not ask you to send passwords, log-in names, social security numbers, or other personal information through email or text.
- If you do not respond within 48 hours, your account will be closed - These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing email messages may even claim that your response is required because your account might have been compromised.
- Dear valued customer - Phishing email messages are usually sent out in bulk and often do not contain your first or last name.
- Click the link below to gain access to your account - Specially formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a website.
The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony website.
Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting or transposing letters. For example, our URL "www.TEFCU.org" could appear instead as:
How to avoid phishing/vishing scams....
Nothing is more important to us than the security of your personal information. But you have to take simple precautions to protect yourself:
- Never respond to an unsolicited e-mail/text that asks for detailed financial information.
- Report anything suspicious to the proper authorities. Alert TEFCU through our web address, email or telephone number that you know is legitimate - not one listed in the email or text.
- Stop, look and call - resist the urge to immediately respond to a suspicious email, text or phone call. Ask yourself why the information requested would really be needed. Call us if you suspect any type of scam.
What to do if you've responded to a phishing/smishing/vishing scam
If you suspect that you've responded to a scam with personal or financial information or entered this information into a fake website, take these steps to minimize any damage:
- Report the incident to the following authorities - TEFCU, credit reporting agencies and email@example.com.
- Change the passwords on all your online accounts - Start with passwords that are related to your financial institutions or information.
- Routinely review your credit card and bank statements - Review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.
For more information or if you feel you have been a victim of a scam, please call our Contact Center immediately at (202) 832-5100.
Securing Your Online Visit
Our website and Online Banking have been optimized for viewing within certified browsers. Browsers that are certified have passed our security testing. By using an unsupported browser, you may not be able to view and take full advantage of all the features within Online Banking and our website. See below for a list of recommended browsers.
- Windows Internet Explorer 9.0
- Mozilla Firefox 13.0
- Safari 5.0
We use software that incorporates full RSA data encryption to ensure security and privacy of transactions. We require the use of a secure browser to access your account online. Your browser must be equipped with SSL (Secure Socket Layer) with 128-bit encryption to communicate with our servers.
Protecting the confidentiality of your information en route over the Internet is of the utmost importance to TEFCU. Anyone surfing our website will be in a secure environment. The use of a secure browser provides Secure Socket Layer (SSL) protocol protection. SSL utilizes public key cryptography.
Username & Password
The safety of your Online Banking session begins with you. Your password is critical to the security of your Online Banking session, so never share your username or password with anyone. For added security, if a password is entered incorrectly three times, we automatically lock the your account from both Online Banking and Tele-Connect.
For your password, it is best to select a random combination of letters and numbers than to choose something obvious or identifiable like your mother's maiden name, the name of your children, the name of your pet, your house number, or your birthday. We also recommend that you do not auto save your password in your browser. TEFCU employees do not have access to your password.
Should your account become locked out, you will need to answer the security question correctly or contact TEFCU at (202) 832-5100 to have your account reset. We recommend that you always sign off (log out) when you have completed your session/transactions with Online Banking.
For additional security, TEFCU uses a Timeout Feature within Online Banking. This setting will automatically log you out after a pre-set period of inactivity.