Email and Text Messaging Safety
Email and text fraud are two of the most common ways that Internet-based criminals steal personal and account information from their victims.
Sometimes with email fraud, the victim will receive an email message pretending to be from his or her credit union or bank. The email message tells the victim that his/her account has been compromised, locked or suspended. Or the message may tell the victim that he/she needs to "confirm" his/her account "due to security concerns."
In the message, there is usually a link to a website. The victim is told that he/she needs to click the link to reactivate his/her account.
These messages don't always come as email. Sometimes, the victim receives a text message on his/her mobile phone, claiming to be from the credit union or bank.
To the victim, the message usually looks legitimate, and may even contain the bank or credit union logo. Clicking the link in the message will often lead the victim to a website that looks like it belongs to the bank or credit union. On this website, the victim will be asked to enter his/her account number, Social Security number, password, and/or other personal information. In reality, this is a fraudulent website set up by the criminals to steal personal information from their victims. Once the victim has entered his/her personal information into the fraudulent website, the criminal now has it.
This method of stealing a victim's personal information is called "phishing."
There is another variation on phishing, where the victim receives a message similar to the one described above. The link may even take the victim to the real website of his/her credit union or bank. But first, it passes through another website that installs a malicious software program on the victim's computer or mobile device before taking the victim to the credit union/bank website. The malicious software that installs on the user's computer may allow the criminal to steal the victim's personal information in a different way (for example, capturing every key stroke entered into the computer, or taking and transferring pictures of the victim's computer screen). Often, the web page that installs the malicious software appears for less than a second -- so quickly that the victim never notices it, but long enough to do the intended damage.
A Few Things You Should Know
In most cases, phishing targets customers of larger banks. But with new Internet-based fraud attempts happening every day, it is important for you, as a member of MUCFCU, to know how you can keep yourself from becoming a phishing victim.
Here are some things you should know about MUCFCU's email practices and about phishing in general:
- MUCFCU will never ask for your account number or other personal information in an unsolicited email or text message.
- From time to time, MUCFCU may send out general security alerts via email, but we will also post the information on our main website. If we have reason to believe that specific members' information has been compromised, we will also attempt to contact the affected members by phone. We will never ask you to click a link in an email or text message to "reset your account." If you ever need to reset your Online Banking account, you can do so at one of our Credit Union offices. (Or if you are outside the area, call us to make other arrangements.)
- MUCFCU will never email you an attachment unless we have let you know beforehand.
- Most phishing emails have certain characteristics that indicate that the email is fraudulent. You should become familiar with these characteristics. Click here to read more about common characteristics of phishing emails.
If You Receive a Suspicious Email or Text Message
If you receive an email or text claiming to be from MUCFCU, "America's Credit Unions," or any credit union organization that seems suspicious:
- If possible, do not open the message.
- Absolutely do not give out your account number or any personal information in response to the message.
- If you accidentally open the message, do not click any links or download any attachments in the message.
- Send the email to us at reportspam@muccu.org.
- on't automatically assume an email message is from us, even if it says it is from an @muccu.org email address. Sometimes Internet-based criminals with advanced technology can set up a fraudulent email to say it is from a completely legitimate email address, so that the intended victim will be more trusting. This tactic is called "spoofing."
- If you believe you may have become a victim of an email or texting scam, or if you realize you have entered your personal information into a suspicious website, contact us immediately at (513) 523-8888.
Other Safety Tips
- Never send account numbers, plastic card numbers, passwords or Social Security numbers in an email message--not even if you're sending an email to us about your account. Email is not encrypted, so it is easier for criminals to break into and read.
- Always be alert for suspicious emails and text messages. Credit unions and banks are not the only way Internet-based criminals disguise themselves--fraudulent emails claiming to be from other financial services (such as Paypal and Western Union), shipping companies, and even social networking sites (such as Facebook) are also common. Never share personal information through links in emails that you think might be suspicious.
- Never download attachments unless you're expecting the attachment. One way computer viruses spread is through email attachments. Even if the message claims to be from a legitimate company, it may be a fraudulent message with a spoofed address.
- Always make sure the computer or mobile device you are using has adequate, up-to-date antivirus and anti-malware protection. There are a number of free antivirus programs that you can download and install. Some of the most popular include Avast, AVG, and Avira1.
For more information on protecting your computer, click on the following links:
Variations on Phishing Attacks
By Telephone
In this type of attack (also called voice phishing or "vishing"), the victim receives a call from someone claiming to be from his/her credit union, bank, or credit card company. The caller asks for personal information from the victim, such as his/her account, credit card, or Social Security number. Similar attacks have occurred through unsolicited faxes and voice mail.
MUCFCU will never initiate a call to ask for your personal information. We may ask for certain information to verify your identity when you call us, or when we're returning a call initiated by you. But if we initiate the call, we've already got your account number--we don't need to ask for it!
If you receive a phone call, fax, or voice mail that claims to be from MUCFCU but seems suspicious:
- Absolutely do not give the caller any personal or account information.
- End the call immediately. Hang up on the caller if you need to.
- Call MUCFCU immediately at (513) 523-8888. We will verify whether the call was legitimate. If the call occurs outside our business hours, call police immediately.
- If the call seems at all suspicious, do not automatically assume the call is from us, even if your caller ID says it is from (513) 523-8888. Criminals can send out false caller ID signals to say that a fraudulent call is from a different, completely legitimate telephone number. (This is a form of spoofing that targets caller ID devices). Before you give the caller any personal information, hang up and call MUCFCU to see if the call was legitimate.
1MUCFCU provides these links solely as a service to our members and website visitors. MUCFCU has not been paid by the companies whose products are linked or mentioned on this page, and any links or mentions should not be viewed as an endorsement of the products. MUCFCU guarantees neither the performance and quality of these companies or their products, nor the satisfaction of customers of these companies/products.