Unfortunately, it’s all too common today for scam artists to use fake texts and phone calls in an effort to steal your personal and financial information. Here’s how to spot the fakes and protect yourself.
What is Smishing?
Smishing, or SMS phishing, is a form of phishing that uses text messaging as a way to get personal information. Scammers know text messaging is a common practice among financial institutions and will use this as a tool to steal from you. There are two main types of smishing:
- A text message is sent that seems like it's from a trusted source, like your credit union. In the text, they warn of potential issues with your account or debit/credit cards and ask that personal information be sent back to resolve the problem. Once that information is transmitted, it's used to make fraudulent purchases.
- A text message is sent that, again, seems like it's from your financial institution. There's an attachment in the text and, once opened, downloads a virus or malware onto your phone so scammers can access everything on your phone.
Typically, a legitimate text from a financial institution will include specific information, such as:
- The financial institution’s name
- Last 4 digits of your credit card
- The specific dollar amount in question (with a dollar sign)
- The name of the merchant involved
A legitimate text will not include:
- Requests for your credit card information, such as card numbers, your PIN, the card’s verification code or the card’s expiration date
- Vague references to the transaction or merchant
- Hyperlinks to unknown websites
If you receive a text message claiming to be the Credit Union with these schemes, don't respond. The Credit Union will never ask you to provide personal financial information via text message.
What is Vishing?
Vishing is another process scammers may use to try and steal from you. With vishing, scammers call credit union members on the phone and ask them to log onto their financial institution’s website using a one-time passcode. The scammer will walk you through how to obtain the passcode and then, under the guise of “validating” you as an actual credit union member, ask what the passcode is. Once they have the code, they’ll immediately log onto your account, change your password and withdraw funds.
The lesson here: never give out personal information, passwords, or one-time passcodes over the phone.
How to Safeguard Yourself
Whenever you receive a call or text from someone who says they represent Orange County’s Credit Union, be alert. Don't respond to any unsolicited requests asking for sensitive information, such as card or account numbers, Social Security number, date of birth, or email address. If you suspect you've received a scam call or text, report it to your financial institution. They can tell you if the text or call was legitimate or not.
To learn more about these types of scams, tips on how to protect yourself, and what the Credit Union does to protect you, visit our security center.