Frauds and Scams

Be on the Alert. Stay Informed

In this section, NCUA reports on frauds and scams aimed at credit union members. You can view alerts on recent fraud activity, and fraud resources that will help you stay informed.

For more details about frauds and scams aimed at credit union members see the information below – we have a few listed for you with details on each.

• Cyber Crime

• Identity Theft

• Phishing

• SMishing

• Unsolicited Text Messages

• Vishing

Cyber Crime

Anyone who believes they have been a target of a cyber crime should immediately contact their financial institutions and promptly report it to the Internet Crime Complaint Center’s (IC3) website at www.ic3.gov. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The IC3 also uses complaint information to identify emerging trends and patterns.

The IC3 is a joint effort of the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C) and the Bureau of Justice Assistance (BJA).

Identity Theft

If you suspect identity theft, you may need to place a fraud alert on your credit report, close compromised accounts, file a complaint with the FTC, or file a police report.

Start by visiting the Federal Trade Commission’s (FTC) identity theft website or by calling their Identity Theft Hotline toll-free at (877) ID-THEFT (1-877-438-4338).
The FTC places the reported information into a secure consumer fraud database and shares it with local, state, and federal law enforcement agencies.

Phishing

Beware of Phishing! Don’t click on links in e-mails that ask for personal information. Never open unexpected attachments. Delete suspicious messages, even if you know the source.

Phishing is when internet fraudsters impersonate a business in an attempt to trick you into giving out your personal information, such as usernames, passwords, and credit card details. Legitimate businesses don’t ask you to send sensitive information through insecure channels.
For example, a fraudulent email may state that NCUA will add money to the member's account for taking part in a survey. The link embedded in the message directs members to a counterfeit version of NCUA's website with an illicit survey that solicits credit card account numbers and confidential personal information. NCUA will never ask credit union members or the general public for personal account or personally identifiable information as part of a survey.

For more information:

• View the FTC’s phishing e-card and consumer alert on phishing

• Visit http://OnGuardOnline.gov/phishing - the federal government’s website to help you be safe, secure and responsible online

SMishing

The term SMishing is a combination of “SMS” and phishing. SMishing uses cell phone text messages or SMS (Short Message Service) to deliver a message in order to get you to divulge your personal and financial information. The method used to obtain information in the text message may be a web site URL, however it has become more common to see a phone number that connects to an automated voice response system.

For more information:

• View the FBI's article on cyber crime

Unsolicited Text Messages

Unsolicited text messages sent to cell phones urge the recipient to call a number provided for information about account discrepancies and then solicits individual account information and pin numbers. Cell phone users should be wary of unsolicited text messages. Such messages should be deleted and all deleted text messages should be removed, if possible, as the perpetrators have been known to use Spyware1 in conjunction with their text message solicitation.

Vishing

The term vishing is a combination of "voice" and phishing. Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer. The victim is often unaware that voice over Internet Protocol (VoIP) allows for caller ID spoofing thus providing anonymity for the criminal caller. Rather than provide any information, the consumer should contact their financial institution or credit card company directly to verify the validity of the message using contact information they already have in their possession (i.e. do not use contact information provided in the suspicious message).

For more information:

• Visit NCUA's Fraud Alert on vishing

• View the FBI's article on cyber crime

• View the FBI's press release on vishing attacks targeting debit card customers

For more details and guidance on what to do if you suspect fraud, visit NCUA's Fraud Alert Center.