Phishing, Vishing and Smishing Scam Prevention Tips
December 30, 2022
Fraud & Security
We want 2023 to be a year for our members to chase their dreams, not their stolen identities. We’ve provided a list of the latest, and a few tried-and-true, forms of scams to help equip you to recognize scam attempts when they happen.
Phishing uses social engineering to steal user data, including login credentials and credit card numbers via email. It occurs when a scammer, masquerading as a trusted entity, tricks a victim into opening an email, instant message, or text message.
Vishing, or “voice phishing” is a form of phone fraud that uses social engineering to gain access to private personal and/or financial information for the purpose of financial reward. Recently, credit union members and bank customers across the nation have received phone calls from a fake "Security Officer of a Bank/Credit Union" asking them to confirm suspicious transactions on their accounts. Once they confirm the transactions are not valid, the imposter proceeds to “verify” the member/customer by asking them to provide their login ID and Secure Access Code after doing a “forgot password”, and debit card/pin information. The scammer then completes a money transfer from that person’s account to their own.
Smishing, or “text/SMS phishing” uses elements of social engineering to gain personal information via a text or SMS message. Studies have shown that people are more likely to disclose personal information over text than over email because they’re not aware of the security concerns. If you receive a text from a number you do not recognize, do not feel obligated to open it. If you do open the message and you are asked to click a link or provide personal information, do not take the action(s) requested and do not reply to the message. Simply delete the message and/or block the sender from sending further messages.
Here are a few ways you can safeguard yourselves against scammers’ attempts to gain access to your personal information:
- Never give anyone your financial information – including credit/debit card information or bank account number - over the phone or via text message.* If the call or text is legitimate, they will already have your information and will simply ask you to verify your identity.
- Register your phone number with the National Do Not Call Registry. You may register online or by calling 1-888-382-1222.
- Sign up for fraud alerts on your GICU credit and/or debit cards.
- Do not give in to pressure from someone seeking your financial information; take action instead.
*Please note: When calling GICU, members will be asked to verify their identity by providing their Member ID number, address, birth date and the last 4 digits of their social. When we call members, we will never ask for their checking account number, full social security number, credit/debit card numbers, login ID or Secure Access Codes. If you have given any financial account information to anyone over the phone, we recommend changing your user name and password in online banking immediately.
For more information, please visit: https://www.usa.gov/common-scams-frauds