If you receive an unexpected or unknown message (text, phone call, or email) regarding potentially fraudulent activity on your DCU account, please do not respond to the alert or provide information to anyone calling about the unknown activity mentioned in that message. Instead, please call DCU’s Information Center directly at 800-328-8797.
DCU has received reports of fraudsters spoofing our 800-phone number and posing as a representative from DCU’s Fraud team or as another representative of DCU. These criminals are calling or messaging DCU members and non-members claiming that the individual has unauthorized activity on their account.
The fraudster will then prompt the sending of a one-time passcode or security code via a text message for the individual to verify their account and other security information such as password and/or PIN. This information would never be requested by a DCU representative on an unsolicited basis, and it should NEVER be shared.
DCU and other financial institutions have received reports that fraudulent calls, texts, and emails are being sent out in an attempt by fraudsters to lure individuals into giving out their personal and/or account related information.
With these scams, members and non-members may receive a call, text, or email which may look like they are coming from DCU, stating that their account has been restricted, or certain account information needs to be verified – including, but not limited to their Digital Banking username, password and/or PIN (Personal Identification Number). Please note that DCU will never ask for your Digital Banking username, password and/or your PIN.
We have not been hacked, nor has there been a cyberattack that would expose member information. Our Fraud Prevention and Information Security teams monitor for these types of threats and work closely with local, regional, and national authorities to assist in tracking down these fraudsters and helping us shut them down.
We believe that the best defense against these scams is educated members. It doesn’t take much to open yourself up to potential fraud and loss.
When it comes to identifying email scams or fraudulent websites, here are a few things to look for...
Generic greetings: To Whom It May Concern, Dear Sir/Madam.
Typos: Incorrect grammar, misspelled words.
How to spot a fake email: Some indicators of a fake email may include email addresses not matching the sender's website, requests to click a link to update information or take action on a negative account status (i.e. your account has been suspended/restricted). Keep in mind that particularly clever criminals can make some, if not all of these indicators look legitimate including making it look like a legitimate DCU email address sent the email.
How to spot a fake text: Some indicators of a fake text include those sent with a sense of urgency — often asking you to respond with certain personal information, call a specific number, or click on a link provided in the text.
Website links: The safest approach for dealing with email links is to not click the link at all. Logging directly into Digital Banking via dcu.org is the best way to access your account and any messages pertaining to your account.
If you are ever in doubt about a call, text, or email you receive, are contacted by someone claiming to work on behalf of DCU, or find a website that claims to be DCU with a URL address other than www.dcu.org, we strongly encourage you not to reveal any personal, financial, and/or account related information, not to click on any of the links, or download attachments, and to contact us immediately by calling 800.328.8797.
Please note that DCU will never solicit confidential information via an outgoing call, text, email, social media message, or voicemail, and we will never ask that this information be entered through a generic web link. If you receive an unsolicited communication from DCU that you have not requested and/or applied for (i.e. your Bill Payment has been sent, you've been approved for a loan, you’ve requested a call-back from DCU, or have opted-in for fraud alerts), DO NOT click on anything in the message, and NEVER reply or enter anything via a link or field in the message.
Above all else, we ask that you never share your Digital Banking username, password, PIN, or other personal information through any one of these methods.