Protect Yourself from Fraud

Phishing, Smishing and Vishing are types of deception designed to steal your personal data such as credit card numbers, passwords, PINs, or account data. Con artists may send millions of fraudulent email messages, text messages, or even phone solicitation that appear to come from companies you trust, such as your financial institution or credit card company, and request that you provide personal information.

Protect Yourself from Smishing (SMS Phishing) Attacks
Credit Unions from across the country have reported their members receiving false text message (smishing) alerts. The text message indicates it is from the Credit Union and advises the member to call the number provided in the text message to have their card reactivated. This is a scam as a credit union would not ask a member for this type of information using text messaging – do not provide any ATM card, Visa debit card, or Visa credit card information. If you do provide access to your card or card number, you are liable for all transactions incurred with the card or card number.

Please be aware that TEFCU will never ask for personal information via text message, email, or phone.  If you have given out your Visa credit card, Visa debit card, or ATM card information or suspect that your card(s) has/have been compromised in any way, please call TEFCU as soon as possible. When calling TEFCU, have your account number and your account password available. If you call after business hours, follow the prompt for reporting the compromised card(s).

What does a phishing/vishing scam look like?
As scam artists become more sophisticated, so do their attacks. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate websites. To make these phishing email messages appear legitimate, the scam artists may place a link in the messages that appears to go to the legitimate website. However, the link takes you to a scam site or possibly a pop-up window that looks exactly like the official site.

These copycat sites are also called "spoofed" websites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.

How to tell if an email/text/phone message is fraudulent

Below are a few phrases to look for:

  • Verify your account - TEFCU and other businesses will not ask you to send passwords, usernames, social security numbers, or other personal information through email or text.
  • If you do not respond within 48 hours, your account will be closed  - These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing email messages may even claim that your response is required because your account might have been compromised.
  • Dear valued customer - Phishing email messages are usually sent out in bulk and often do not contain your first or last name.
  • Click the link below to gain access to your account - Specially formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a website.

The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony website.

Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting or transposing letters. For example, our URL "" could appear instead as:


How to avoid phishing/vishing scams....
Nothing is more important to us than the security of your personal information. But you have to take simple precautions to protect yourself:

  • Never respond to an unsolicited e-mail/text that asks for detailed financial information.
  • Report anything suspicious to the proper authorities.  Alert TEFCU through our web address, email or telephone number that you know is legitimate - not one listed in the email or text. Click here to become familar with our contact information.
  • Stop, look and call - Resist the urge to immediately respond to a suspicious email, text or phone call.  Ask yourself why the information requested would really be needed.  Call us if you suspect any type of scam. Never share your PIN with anyone and do not enter your PIN into any terminal that appears to be modified or suspicious.

What to do if you've responded to a phishing/smishing/vishing scam
If you suspect that you've responded to a scam with personal or financial information or entered this information into a fake website, take these steps to minimize any damage:

  1. Report the incident to the following authorities - TEFCU, credit reporting agencies and
  2. Change the passwords on all your online accounts - Start with passwords that are related to your financial institutions or other sensitive information.
  3. Routinely review your credit card and bank statements - Review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.

For more information or if you feel you have been a victim of a scam, please call our Contact Center immediately at (301) 289-9800, option 1.


Securing Your Online Visit

Recommended Browsers

TEFCU's website and Online Banking have been optimized for viewing within certified browsers. Browsers that are certified have passed our security testing. By using an unsupported browser, you may not be able to view and take full advantage of all the features within Online Banking and our website. See below for a list of recommended browsers.

  • Windows Internet Explorer 11.0
  • Mozilla Firefox 46.0.1
  • Safari 9.1


TEFCU uses software that incorporates full RSA data encryption to ensure security and privacy of transactions. TEFCU requires the use of a secure browser to access your account online. Your browser must be equipped with SSL (Secure Socket Layer) with 128-bit encryption to communicate with TEFCU's servers.


Protecting the confidentiality of your information over the Internet is of the utmost importance to TEFCU. Anyone surfing our website will be in a secure environment. The use of a secure browser provides Secure Socket Layer (SSL) protocol protection. SSL utilizes public key cryptography.

Online Banking ID & Password

The safety of your Online Banking session begins with you. Your password is critical to the security of your Online Banking session, so never share your Online Banking ID or password with anyone. For added security, if a password is entered incorrectly three times, we automatically lock the your account from Online Banking, Mobile Banking, and Tele-Connect.

For your password, it is best to select a random combination of letters and numbers than to choose something identifiable such as your mother's maiden name, the name of your children, the name of your pet, your house number, or your birthday. We also recommend that you do not auto save your password in your browser or mobile device. TEFCU employees do not have access to your password.

Should your account become locked out, you will need to answer the security question correctly or contact TEFCU at (301) 289-9800, option 1 to reset your account. We recommend that you always log out when you have completed your session/transactions within Online Banking or Mobile Banking.

Timeout Feature

For additional security, TEFCU uses a Timeout Feature within Online Banking and Mobile banking. This setting will automatically log you out after a pre-set period of inactivity.

You are leaving Transit Employees Federal Credit Union's (TEFCU) website and entering a third-party website unaffiliated with TEFCU. TEFCU is not responsible and takes no responsibility for products, services, overall website content, security, or privacy policies on the external website you are entering or any external third-party website. The third party website is responsible for their content and offerings on their site, and their level of security may be different from ours. TEFCU's privacy policy and security policies do not apply to the external third-party website. Please refer to the website's policies and terms of use for details.