Phishing Email / Website Scam:
DCU and other financial institutions have received reports that fraudulent emails are being sent out in an attempt by internet fraudsters to lure individuals into giving out their personal and/or account related information.
With these phishing scams, members and non-members may receive an email, which may even look like they are being sent from DCU, stating that account has been restricted, or certain account information needs to be verified. We have not been hacked, nor has there been a cyberattack that would expose member information. We continually monitor for these types of threats and have a series of resources in place to protect our members and the credit union.
Our Fraud Prevention and Security teams work closely with local, regional, and national authorities to assist in tracking these fraudsters down and helping us shut down fraudulent websites. We believe that the best defense against these scams is educated members.
All it takes is one click to open yourself up to potential fraud and loss.
When it comes to identifying email scams or fraudulent websites, here are a few things to look for…
- Generic greetings: To Whom It May Concern, Dear Sir/Madam.
- Typos: Incorrect grammar, misspelled words.
- Outdated information, example: If the website or email contains information about a summer promotion, and it’s the dead of winter – that should raise a red flag.
- How to spot a fake email: Some indicators of a fake email include email addresses not matching the sender’s website (i.e. email should come from a @dcu.org email address, not another address), requests to click a link to update information or take action on a negative account status, and content that doesn’t make sense (i.e. notifying that you sent a PayPal payment when you don’t have a PayPal account). Keep in mind that particularly clever criminals can make some, if not all of these indicators look legitimate including making it look like a legitimate DCU email address sent the email.
- Website links: The safest approach for dealing with email links is to not click the link at all. Logging directly into Online Banking via dcu.org is the best way to access your account and any messages pertaining to your account.
If you are ever in doubt about an email you receive, contacted by someone claiming to work on behalf of DCU, or find a website that claims to be affiliated with DCU with a URL address other than www.dcu.org, we strongly encourage you to not reveal any personal, financial, and/or account related information, click on any of the links, download attachments, and that you contact us at immediately by calling 800.328.8797 or by emailing firstname.lastname@example.org.
If you receive an unsolicited communication from DCU or anyone that references something that you have not requested, applied for, or entered (e.g. your Bill Payment has been sent, your package is on its way, you’ve been approved for a loan, you’ve won a lottery), DO NOT click on anything in the message and NEVER enter anything via a link or field in the message. Look up the company’s contact information on a statement or online (do not take it from the communication in question), and reach out to them directly if you suspect a scam. It takes just seconds for a fraudster to take information entered through a fraudulent communication – and either use it or sell it.
Please note that DCU will never solicit confidential information via an email, text, social media messaging, or voicemail, and will never ask that this information be entered through a generic web link.