Phishing Email / Text Message Scam:
DCU and other financial institutions have received reports that fraudulent emails and texts are being sent out in an attempt by fraudsters to lure individuals into giving out their personal and/or account related information.
With these scams, members and non-members may receive an email or text, which may even look like they are being sent from DCU, stating that their account has been restricted, or certain account information needs to be verified. We have not been hacked, nor has there been a cyberattack that would expose member information. Our Fraud Prevention and Security team monitors for these types of threats and work closely with local, regional, and national authorities to assist in tracking these fraudsters down and helping us shut them down.
We believe that the best defense against these scams is educated members. All it takes is one click to open yourself up to potential fraud and loss.
When it comes to identifying email scams or fraudulent websites, here are a few things to look for...
- Generic greetings: To Whom It May Concern, Dear Sir/Madam.
- Typos: Incorrect grammar, misspelled words.
- How to spot a fake email: Some indicators of a fake email include email addresses not matching the sender's website (i.e. email should come from a @dcu.org email address, not another address), requests to click a link to update information or take action on a negative account status (i.e. your account has been suspended/restricted). Keep in mind that particularly clever criminals can make some, if not all of these indicators look legitimate including making it look like a legitimate DCU email address sent the email.
- How to spot a fake text: Some indicators of a fake text include those sent with a sense of urgency — often asking you to respond with certain personal information, call a specific number, or click on a link provided in the text.
- Website links: The safest approach for dealing with email links is to not click the link at all. Logging directly into Online Banking via dcu.org is the best way to access your account and any messages pertaining to your account.
If you are ever in doubt about an email or text you receive, are contacted by someone claiming to work on behalf of DCU, or find a website that claims to be affiliated with DCU with a URL address other than www.dcu.org, we strongly encourage you not to reveal any personal, financial, and/or account related information, not to click on any of the links, or download attachments, and to contact us immediately by calling 800.328.8797.
Please note that DCU will never solicit confidential information via an email, text, social media messaging, or voicemail, and we will never ask that this information be entered through a generic web link. If you receive an unsolicited communication from DCU that you have not requested and/or applied for (i.e. your Bill Payment has been sent or you've been approved for a loan), DO NOT click on anything in the message, and NEVER enter anything via a link or field in the message.
Above all else, we ask that you never share your Online Banking username or password through one of these methods.