To Call or Not To Call: Identity Thieves Prey On Credit Union Members Account Data and Money in Ongoing Spam Campaign

Another week, another scam alert. This time, identity thieves are preying on Credit Union members using more unconventional methods. Instead of cold calling targets or sending a fake link to harvest confidential information, these scammers are asking you to call them.

Bitdefender Antispam Lab reports a flood of phishing emails that claim your Credit Union card was locked or flagged. In the past couple of days our researchers have noticed tens of thousands of fraudulent emails urging recipients to call phony telephone numbers to remove the issue and reactive their Credit Union cards. You can find a list of email variations in the list below:

  • Credit Union Support Service: Your card has been reported. To reactivate call to 194******22.
  • CU Support Service: Your card has been reported. To reactivate call to 1-248-***-***1.
  • You have received a C.U. alert. CaLL now free : 1-40*-***-**44.
  • CUNA Support Service: Your card has been reported. To reactivate call to 17******260.
  • FCU Support Service: Your card has been reported. To reactivate call to 1248******1.
  • You have received a F.C.U. alert. CaLL now free : 140******44.
  • N.C.U.A. Support Service: Your card has been reported. To reactivate call to 1-760-***-**38.
  • NCUA Support Service: Your card has been reported. To reactivate call to 173******74.
  • Your C.U. Card been suspended. CaLL now free : 17******260 and follow instructions.
  • Your C.U. card has been flagged. Call 194******22 to remove this issue.
  • Your C.U. card has been frozen for the moment. Please contact 1-248-***-***1 for details
  • Your NCUA card was blocked. Please contact 140******44 for unlock

What can happen if you call the number?

Users who call the number are likely end up talking to an identity thief who will ask for their online banking passwords and usernames. The criminal might even attempt to log into your account while talking to you. If you have additional security measures enabled that requires entering a verification code received via text or email, the scammer will also ask for it by making up an excuse. With this information, he can raid your bank account and steal your identity.

How to stay safe

The good news is that many individuals who receive these messages won’t necessarily have an account at the mentioned financial institution. If you have any concerns, contact your bank by calling the support number found on the official website or the back of your card. Don’t attempt to call the number even if you know it’s a scam. The scammers will know that your contact information is “good” and they will most likely target you with additional scams.

While most banks and financial institutions will have email and text-based alerting systems to notify customers, there are some things your financial institution will never do:

  • it will not send unsolicited emails or texts asking you to call an unknown number to resolve a security issue
  • It will never ask you to give personal and sensitive information such as full Social Security numbers, passwords, PINs, verification codes, CVVs or any similar data via the phone, email or text

As a rule of thumb, you should never give out personal information to any service provider or individual who contacts you unexpectedly. The only time a bank customer should be providing his data is either in-person at your local branch or via the official website when applying online for a loan or credit card.

Whenever you receive a suspicious email, text or call, there’s always steps you can take to safeguard your data. Verify directly with your service provider and save a copy of the information related to the fraud attempt to share with your bank and law enforcement. By reporting malicious activity, you can help protect other members, your family and friends from similar attacks.

Go the extra mile to protect your data

Staying on top of the latest scams, phishing and malicious attacks can be hard work. While digital hygiene can go a long way to protect your information, it only take a seconds’ worth of carelessness to become data breach victim or get scammed. Your spare time is precious and we know that you’d enjoy spending it with your family and friends instead of worrying about the next attack on your device or online accounts.

Bitdefender’s Total Security solution can help you breath easy with the ultimate anti-malware technologies that predict, prevent detect and remediate the latest cyber-threats heading your way. The multi-layered protection safeguards your e-threats across Windows, macOS, iOS and Android devices, analyzing and identifying suspicious activities, blocking exploits and malware-related URLs. It comes complete with anti-phishing and anti-fraud filters that sniff out and block websites masquerading as trustworthy, and warn you whenever you visit a scam website.

By adding Bitdefender’s Digital Identity Protection service to your set of security tools, you can learn how to control your only privacy and personal data with digital footprint monitoring, ongoing breach monitoring for five e-mail addresses, instant data breach alerts and dedicated feature to help you detect social media impersonators.

Note: This article is based on technical information courtesy of Bitdefender Labs