Halloween picture of someone holding a pumpkin over their faceBeware Scams Targeting Credit Union Members!

Scammers never take a break. Recently in neighboring states, a ring of scammers have been impersonating representatives to con credit union members into sharing personal information and putting them at risk of losing thousands of dollars. Don’t let these scammers succeed! To keep you safe, we’ve compiled this guide that tells you all you need to know about these scams and how you can protect yourself from being a victim. 

How do these scams play out?

  1. In the most common form of the scam, criminals spoof a credit union's number to fool members into thinking a representative of the CU's fraud department is reaching out to them. The scammer will text or call the victim, asking them to confirm a recent transaction, or alerting them about recent suspicious activity on their account. Of course, none of this is true, and the scammer is only looking to obtain sensitive information from the victim.

Unfortunately, since the text message or phone call appears to be from the member's credit union, many unsuspecting members play right into the hands of the scammer. They’ll gladly provide the scammer with their personal information, including debit card numbers, CV2 codes, expiration dates, PINs and other web login credentials. Once the scammer has this information, they can go on to empty the victim’s accounts or to steal their identity.

  1. In another scenario, scammers pose as credit union representatives in order to obtain One Time Passcodes (OTP) from members. The scammer will reach out to the member under one of the pretexts described above, and offer to guide the member through fixing the “problem” with their account. While on the phone with the victim, the scammer will log onto an online banking site. When the OTP is sent to the member’s phone, the scammer will ask the member to share it with them so they validate the member’s identity. The member believes they are speaking with an authentic representative of their credit union and will readily share their OTP. Unfortunately, when this happens, the scammer will have complete access to the victim’s account. They may even change the current passwords and login information to lock the victim out.

  1. In yet another variation of this scam, fraudsters will impersonate a credit union's members and reach out to the credit union, asking them to change the contact information on their account. Sometimes, while pretending to be a member, they’ll share alleged travel plans so that the credit union will lower their safety monitoring of the member’s transactions.

These nefarious crimes, known as SMishing (SMS text phishing) and Vishing (Voice phishing) scams, are growing more popular and are often successful.

What do SMishing texts look like?

 An actual text message from GreenState may include the following:

  • CU abbreviated name
  • The last four digits or letters in an account number
  • The dollar amount in question (with dollar sign)
  • The name of the merchant involved in the transaction in question
  • Reply Options: YES, NO, STOP (to opt out)

A text message from GreenState will NEVER include the following:

  • Requests for Card Holder data, such as card numbers, PINs, CV2 Codes, Expiration Dates
  • Vague reference of “Merchant” Transaction
  • Hyperlinks to unknown websites

If you receive a text message that appears to be from GreenState but includes any of these details, do not respond.

How to recognize a Vishing call

A fraudulent phone call can be hard to spot, especially if a number is 'spoofed' and appears to display the correct name via Caller-ID. When on the phone with an alleged GreenState representative, watch for these red flags that will tell you you’re likely dealing with a scammer:

  • Caller asks for your One Time Passcode (also known as a Secure Access Code).  
  • Caller does not know the details of your last few transactions
  • Caller does not ask you to answer a privacy question
  • Caller asks you to share your account details or passwords

What should you do if you’re targeted?

If you suspect a scam, proceed with caution. Follow these steps to ensure your safety:

  • Do not respond to suspicious text messages.
  • Do not click on any links included in text messages from an unknown source.
  • If you suspect your account has been compromised, contact us on your own.
  • If a phone call seems suspicious, do not engage with the caller. Hang up and call us directly at (313) 339-1000 or (800) 397-3790.

 If you have any reason to suspect a scam, be sure to give us a call at (313) 339-1000 or (800) 397-3790.