Phishing & Smishing
Phishing is an attempt to obtain your personal and confidential information by fraudsters posing as a legitimate company through electronic communication.
An example of phishing is an e-mail or text which appears to be from a legitimate company and contains instructions that you must verify specific information in order to avoid interruption to your service.
Many financial institutions and retailers are targets of phishing scams. If you are ever asked to verify confidential information in the above manner, please contact us and/or your other financial institutions directly and do not respond to suspicious e-mails or texts.
WSECU will not ask for confirmation of confidential information via e-mail or text.
Smishing is an attempt to fraudulently obtain consumers' personal information. The "smishers" pose as financial institutions and send requests via text messaging for personal and account information. Typically the message indicates your financial institution name or might state "your credit union." The message may or may not include the first four to six numbers of a card issued by your financial institution. These first six numbers are a Business ID and are the same for all cardholders for a card type issued by their financial institution, such as a debit card.
There is almost always a threat or negative cardholder impact included in the fraudulent text message, such as "your card has been blocked," "your card has been deactivated" or "your card has been suspended." You are then supplied with a number to call to "reinstate" your card. If you respond and call the number, which is never associated with your financial institution, you will be prompted to input some or all of the following: your account number or your full card number, expiration date, PIN or online banking password and/or the CVV2 (three-digit code) on the back of the card. Once you provide this information, the fraudsters have all the information needed to make a counterfeit card and access your account.
Smishing e-mails are generated to thousands of mobile phone users at one time by using a phone number generation tool. The goal is to cast the net wide in hopes of tricking consumers into providing information.
How to protect yourself from becoming a victim:
- Never provide personal or card information in response to an unsolicited request.
- Review the contact number and validate this as a legitimate number to your financial institution by using alternate resources.
- Contact your financial institution to verify. If it is after hours, go to their social media site or website to see if any information has been posted about a scam.
If there is a problem with your card or account, here are the ways we will attempt to contact you:
- We may send you an alert via Online Banking or a text message. We will ask you to contact us in the message, but we will not ask you to provide us with your full card number, PIN, expiration date, CVV2, Online Banking username or password. When you contact us, we will ask you for your account number or the last four of your card number to ensure accuracy in assisting you with the concern.
- We may try to contact you by phone. We will ask you to return our call and leave brief information about the nature of the call. We will leave our number - 800.562.0999 - with our extension or we may leave a local direct line. These numbers will show on Caller ID as registered to WSECU. If you are not sure, use the 800 number and ask to be transferred to the WSECU employee who left the message. When you call back, we will ask you for your account number to verify your identity before we discuss any problems with your account or your card. We may ask you for the last four digits of your card number to continue with resolution. We will not ask you for your full card number, PIN, expiration date, Online Banking username or password.