Phishing, Smishing and Vishing are types of deception designed to steal your personal data such as credit card numbers, passwords, PINs, or account data. Con artists may send millions of fraudulent email messages, text messages, or even phone solicitation that appear to come from companies you trust, such as your financial institution or credit card company, and request that you provide personal information.
Protect Yourself From SMiShing (SMS Phishing) Attacks
Credit Unions from across the country have reported their members receiving false text message (smishing) alerts. The text message indicates it is from the Credit Union and advises the member to call the number provided in the text message to have their card reactivated. This is a scam as a credit union would not ask a member for this type of information using text messaging – do not provide any ATM card, Visa debit card, or Visa credit card information. If you do provide access to your card or card number, you are liable for all transactions incurred with the card or card number.
Please be aware that TEFCU will never ask for personal information via text message, email, or phone. If you have given out your Visa credit card, Visa debit card, or ATM card information or suspect that your card(s) has/have been compromised in any way, please call TEFCU as soon as possible. When calling TEFCU, have your account number and your account password available. If you call after business hours, follow the prompt for reporting the compromised card(s).
What does a phishing/vishing scam look like?
As scam artists become more sophisticated, so do their attacks. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate websites. To make these phishing email messages appear legitimate, the scam artists may place a link in the messages that appears to go to the legitimate website. However, the link takes you to a scam site or possibly a pop-up window that looks exactly like the official site.
These copycat sites are also called "spoofed" websites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.
How to tell if an email/text/phone message is fraudulent
Below are a few phrases to look for:
- Verify your account - TEFCU and other businesses will not ask you to send passwords, usernames, social security numbers, or other personal information through email or text.
- If you do not respond within 48 hours, your account will be closed - These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing email messages may even claim that your response is required because your account might have been compromised.
- Dear valued customer - Phishing email messages are usually sent out in bulk and often do not contain your first or last name.
- Click the link below to gain access to your account - Specially formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a website.
The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony website.
Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting or transposing letters. For example, our URL "www.TEFCU.org" could appear instead as:
These are examples:
How to avoid phishing/vishing scams....
Nothing is more important to us than the security of your personal information. But you have to take simple precautions to protect yourself:
- Never respond to an unsolicited e-mail/text that asks for detailed financial information.
- Report anything suspicious to the proper authorities. Alert TEFCU through our web address, email or telephone number that you know is legitimate - not one listed in the email or text. Contact us for more information.
- Stop, look and call - Resist the urge to immediately respond to a suspicious email, text or phone call. Ask yourself why the information requested would really be needed. Call us if you suspect any type of scam. Never share your PIN with anyone and do not enter your PIN into any terminal that appears to be modified or suspicious.
What to do if you've responded to a phishing/smishing/vishing scam
If you suspect that you've responded to a scam with personal or financial information or entered this information into a fake website, take these steps to minimize any damage:
- Report the incident to the following authorities - TEFCU, credit reporting agencies and firstname.lastname@example.org.
- Change the passwords on all your online accounts - Start with passwords that are related to your financial institutions or other sensitive information.
- Routinely review your credit card and bank statements - Review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.
For more information or if you feel you have been a victim of a scam, please call our Contact Center immediately at (301) 289-9800, option 1.