Mutual Security Credit Union (MSCU) is proud to announce that it has been selected by the National...
Imposter Scams!
Credit union members must stay alert to scammers' latest attempts to access personal financial data. Some of our members have recently received emails, text messages, and phone calls from cyber thieves posing as MSCU employees. Fraudsters spoof MSCU’s email addresses and phone numbers and use pieces of personally identifiable information to gain member trust before stealing account funds.
Here’s what you need to know about credit union impersonation scams.
Successful MSCU impersonation scams occur when members are convinced, they’re communicating with an actual credit union representative via email (Phishing), SMS text message (Smishing), or live voice call (Vishing). But in reality, they’re sharing confidential information with a scammer.
Fraudsters use spoofing techniques to make it appear as though the communication is from the institution so they can:
- Steal your debit card information
- Bypass security protections and access your account online; and
- Solicit funds for fake payments
A scammer will do everything they can to appear like an actual MSCU employee attempting to assist you with your account.
Typical Phishing and Smishing Scenario:
Posing as the MSCU fraud department employee, the scammer sends a spoofed email or text message to a member, alerting them to suspicious debit card activity. Instructions urge the member to reply to the original message with account details, such as, card numbers, CV2 codes, PINs, or other online account credentials. Phishing and Smishing give the scammer valuable data they can use to make unauthorized charges or access the member’s account.
Typical Vishing Scenario:
As an MSCU representative, the scammer contacts the member using a spoofed phone number. The caller claims they must discuss an important matter, but they must first confirm the member’s identity. The scammer is already on the MSCU’s online banking website and informs the member they must provide the PIN sent to the member’s phone or answer security questions. Since the caller says they’re from MSCU and the number appears to confirm it, the member doesn’t hesitate to provide the requested information.
Vishing allows the scammer to use the information provided by the member to complete the login. They lock the member out of their account by changing the online banking password. The fraudster transfers funds from the member’s account to their temporary account before vanishing. The caller might even encourage the member to transfer funds to an external account, claiming the payment will be applied to a specific MSCU loan.
How to Protect Yourself from MSCU Impersonation Scams:
- Never share private information via SMS text message. Legitimate attempts to validate credit or debit card activity only require a simple text response (YES or NO).
- Do not click on hyperlinked phone numbers sent via SMS text or links inside emails.
Pause before providing personal data via voice calls you did not initiate, even if the caller ID reads “Mutual Security Credit Union.” Hang up and contact us using a phone number or form provided on our website www.mscu.net. You can also visit a local branch for assistance.