Call: 800.522.6009
Concerned member looking at their phone
Tips

How to Spot Fraudulent Messages and Phishing Texts

In today's fast-paced world, receiving a text message about a potential fraud alert from your bank or credit union is jarring. Unfortunately, scammers are exploiting this anxiety by disguising themselves as trusted financial institutions. As mobile banking and digital communication become the norm, so too has the problem of "phishing" expanded beyond email to your text inbox.

The shift to mobile has turned text message phishing—or smishing—into a massive threat. Scammers impersonating banks and credit unions are now the most frequently reported type of text message scam. The problem's scale is alarming: consumers reported losses of $330 million to text message scams in 2022 alone, more than double the losses from the previous year.1 This constant stream of fraudulent communication, often creating a false sense of urgency about unauthorized transactions, makes it essential for members to know how to distinguish a genuine fraud alert from a high-stakes scam.

Common Fraud Methods Targeting Your Phone

Scammers employ various tactics to trick you into giving up sensitive information. These methods often rely on creating a sense of urgency or fear to make you act without thinking:

  • Smishing (SMS Phishing): This is the most prevalent method, where a fraudster sends a text message posing as your credit union, often claiming there is an unauthorized transaction on your account. The message typically includes a malicious link to "verify" the transaction or a phone number to call immediately.
  • Email Phishing: Traditional email fraud involves hackers distributing deceptive emails designed to look like they originate from reputable organizations. Their goal is to manipulate you into providing private data or interacting with harmful attachments and links.
  • Vishing (Voice Phishing): This scam starts with a call or a text asking you to call a specific number. When you call, you interact with an automated system or a live person who impersonates a bank representative. They use social engineering tactics to extract personal details, passwords, or even one-time verification codes.
  • Quishing (QR Code Phishing): A newer but rapidly growing threat involves malicious QR codes. Scammers place these codes in public places or send them via email or text, encouraging you to scan them for a "prize," "discount," or to "log in" to a service. Scanning the code directs you to a fraudulent website that steals your login credentials or downloads malware onto your device.

Identify Red Flags in Scam Messages

Credit Unions and banks communicate with members with professionalism and security in mind. Any message that deviates from standard, secure procedures should raise an immediate red flag:

  • Sense of Urgency or Threats: If a message pressures you to act quickly without allowing time to consult an attorney or review the details, it is likely a scam attempt.
  • Requests for Sensitive Information: Exercise extreme caution if you are asked to provide bank account details, social security numbers, or passwords, particularly from organizations that should already possess this data.
  • Suspicious or Generic Sender Numbers: Fraudulent texts often come from non-standard phone numbers (e.g., a 10-digit mobile number) instead of a short code used by the credit union.
  • Poor Grammar, Spelling, or Unprofessional Tone: While mistakes can happen, a barrage of typos or confusing syntax is a classic sign of a mass-produced phishing attempt.
  • Links to Unfamiliar Websites: Carefully examine the URL. If the address looks slightly off (e.g., "VantageCU-Security.com" instead of the official domain), do not click it.

How to Avoid Falling for Scams

Protecting yourself requires vigilance and following a few simple rules:

  • Never Click Links in Suspicious Messages: If you receive a text message claiming to be from your credit union or bank and it contains a link, do not click it. Even if you think it might be real, clicking the link can instantly download malware or lead you to a data-harvesting site.
  • Contact Your Financial Institution Directly: The safest course of action is to ignore the text and call your credit union or bank with the official phone number listed on your card, your statement, or on the official website. Do not call the number provided in the suspicious text or email.
  • Check Your Account Activity: If a message claims a suspicious transaction has occurred, log into your account through the official mobile app or website, not through any link provided in the text. This allows you to verify the transaction history safely.
  • Confirm the Sender’s Identity: If you receive a call, check the number against the institution’s official number. If they do not match, politely hang up and call the institution back on the official number. This prevents you from being manipulated by a scammer who may be feeding you false information.

Recognizing Legitimate Communications

A legitimate fraud alert from your credit union will follow strict, secure protocols. While the exact wording may vary, here are examples of how a scammer might try to twist it:

  • "ALERT! Your account has been compromised. Click here immediately to secure your funds: [Link to fake site]"
  • "Due to new security policy, all members must re-verify account details. Reply with your full username and password."
  • "URGENT: We need to confirm your SSN and PIN or your account will be deleted by 5pm today."

Reporting Phishing Scams

Staying safe from smishing, quishing, and other fraudulent attacks is an ongoing effort. The most powerful tool in your defense is skepticism. Never take a text message or email about your finances at face value. Always verify the information using official channels—call the number on the back of your card, or log in through your known, secure app. By being aware of the red flags and following secure practices, you can protect your account and your finances from even the most sophisticated scams.

To take action against these scams, you can forward suspicious messages to 7726 (SPAM), report the junk message directly within your phone's native messaging app, or officially report the fraud to the Federal Trade Commission at ReportFraud.ftc.gov.2

 

Sources:

1 New FTC Data Analysis Shows Bank Impersonation is Most-Reported Text Message Scam. Federal Trade Commission, June 8, 2023. https://www.ftc.gov/news-events/news/press-releases/2023/06/new-ftc-data-analysis-shows-bank-impersonation-most-reported-text-message-scam

2 How to Recognize and Report Spam Text Messages. Federal Trade Commission, July, 2022. https://www.ftc.gov/news-events/news/press-releases/2023/06/new-ftc-data-analysis-shows-bank-impersonation-most-reported-text-message-scam

GUIDANCE FROM VANTAGE

Related

View All
Member looking at digital banking app on phone

How to Secure Your Checking Account from Scammers

Improve checking account security with expert tips to prevent fraud, protect your money, and keep your banking information safe online.
READ MORE
First-time homebuyers moving into house

First-Time Homebuyer Guide to the Mortgage Process

A first-time homebuyer guide focused on the mortgage process. Learn more about pre-approval, loan types, rates, and closing costs to buy with confidence.
READ MORE
Kids feeding goats

Vantage Credit Union Partners with Grant’s Farm

Vantage Credit Union partners with Grant’s Farm to bring St. Louis families exclusive perks, events, and experiences, from ticket giveaways to in-park savings.
READ MORE
Business woman filing taxes

Tax Tips for Small Business Owners

Every independent business owner needs a smart tax strategy. Here are some tips to help you set your business up for success.
READ MORE