Mid-Atlantic Federal Credit Union would like to share some basic fraud intelligence about intermittent scams that are currently operating in the state of Maryland and potentially other areas of the U.S.
Criminals in possession of card details and other forms of personally identifiable information (PII) are spoofing credit union phone numbers in an effort to fool credit union members into thinking that text messages are actually from the fraud department of a particular credit union. Fraudsters are sending text messages under the guise of trying to validate recent card activity and are including hyperlinks within some text messages.
Fraudsters are also using text messaging to deceive credit union members into providing card related data and log in credentials.
In another scenario, fraudsters are posing as credit union employees in order to obtain One Time Passcodes (OTP) from members. While on the phone with a member, the fraudster logs into a credit union online banking site. When the OTP is sent to the member’s phone, the fraudster asks the member to provide the OTP as a means to validate the member. When the information is shared with the person the member believes is a credit union employee, the fraudster uses the OTP to finalize access to online banking, which is typically followed by changing the online banking password and transferring funds from member accounts.
Suggested Best Practices for Members
- Be cautious when responding to SMS text messages as well as voice calls, even if they appear to come from the credit union.
- Call us at 301.944.1800 to question any SMS text messages or voice calls purportedly from the credit union.
- Never provide personal information in response to SMS text messages and phone calls purportedly from the credit union.
- Do not click on links included in text messages from unknown sources. Legitimate requests to validate card activity will request a simple response of YES or NO. They will not include hyperlinks to other websites or ask for any personal info.