Imagine this. It’s a lovely spring Saturday. You’re enjoying time in the sun when you get a text from your bank asking you to confirm a recent wire transfer or suspicious or unauthorized activity. You then receive a phone call from what appears to be your bank. The individual on the phone, who you assume is from your bank, texts you a code and then asks you to share it with them to verify it’s you. They say all looks good. They thank you for your time. And you go back to your lazy, sunny afternoon.
There’s only one problem. There was no wire transfer or suspicious activity. The person who called you does not work for your bank. The code you verified enabled the imposter to access and transfer money from your bank accounts. What you’ve experienced is called a “smishing” scam. Smishing attacks use fake text messages to trick people into downloading malware, sharing sensitive information, or sending money to cybercriminals. Smishing combines “SMS” – or “short message service,” and “phishing,” which is an attack on the internet, email or website.
According to the Federal Trade Commission (FTC), imposter scams topped $1.1 billion for the year so far.*
Imposters are not only impersonating banks, they’re impersonating businesses, like Amazon, and government agencies, such as the IRS or U.S. Postal Service, in pursuit of access to your personal information, including credit card and banking account numbers.
So, what should you do if you receive a text or call such as the one described above?
- Start by doing nothing. Do NOT click on links or respond to unexpected messages. If you believe it may be an authentic message, contact the bank, business, or agency using a phone number on an account statement, credit card, or a website you know is real. Do NOT use the phone number provided in the text or email.
- Take a breath. Receiving a notice about suspicious activity can get your heart racing. Scammers know this and often pressure you to act quickly to prevent further risk to your accounts. Don’t panic. Begin investigating the issue by contacting your financial institution using the methods we described above.
- Take action. If you suspect someone is trying to scam you, report the incident to the FTC. Your report is shared with more than 2,800 law enforcers. You can also file a complaint or report with the FBI. Report the fraud attempt to your credit union or bank. And if you feel you’ve been scammed, notify your financial institution immediately.
Final thoughts.
Imposter scams and smishing continue to grow. And with the advent of AI technologies, everyone must be more vigilant than ever. To learn more about the latest scams and tips to help protect yourself, visit our Current Scams page.
Remember, we will never text or call you asking for your private information, such as your social security number, account or credit card number, username, password, one-time passcode, etc., over the phone unless you initiated the call directly to us.
If you receive a text or call from someone claiming to be a Credit Union employee asking for your account information (such as your online banking username, password, one-time passcode, credit card number, account number, etc.), do not give it to them. Even if the caller has an identifying piece of information about you or the call appears to be from our 800 number. This call is NOT legitimate. Scammers can spoof phone numbers to make it appear that the call is from a trusted source. The Credit Union will not call you and ask for this information. Hang up and contact us directly at 800.877.2345.
*“FTC Announces impersonation rule goes into effect today,” FTC.gov. 1 April 2024. Accessed 25 April 2024.