Fraud, Scams & ID Theft Prevention

Avoid being a victim of a scam. Take precautions to keep yourself safe from fraudulent activities.

 

 

 

Beware of the Most Recent Text Message Scam - Payment Verification

If you receive a text claiming to be from TRUE Community Credit Union requesting verification of a recent charge, do not click any links. It's a scam. Instead, log in to Digital Banking thru the app or at TRUECCU.com to confirm the charge. If there is a fraudulent charge, please contact us so we can help secure your account. If not, report the number with your carrier and delete the text.

 

TRUE Community Credit Union will never contact you to ask for sensitive information.

If you receive an unexpected phone call or text from someone claiming to be a representative of TRUE Community Credit Union, don't click any links and don't provide any personal or account information, such as passwords, multifactor authentication (MFA) codes, or account numbers. Never give out Digital Banking passwords or MFA codes to anyone, ever.

Hang up, block the number, delete the text, and report the suspicious call to us through your Digital Banking Message Center. 

If you feel your account could be compromised, please call us immediately at 517.784.7101 or 800.554.7101.

Remember, never log in to your account from a text message. Instead, visit TRUECCU.com or use the TRUECCU mobile app to log in directly.

 

Stay Connected Tip

Only you are familiar with the typical activity on your account. Even if you use your account infrequently, establish a routine of logging in to all your accounts at least once a week to review transaction activity and promptly report any suspicious activity.

Make sure to register for Digital Banking, so you can monitor your account anytime, anywhere. Plus, Digital Banking allows you to promptly turn off your cards in the event of suspected fraudulent activity.

 

Important Reminder

TRUE Community Credit Union will never send you links via text requesting sensitive information, including usernames, passwords, PIN numbers, account numbers, or social security numbers. We prioritize the security of your accounts and take all necessary measures to safeguard your information.

If you suspect that you have fallen victim to fraud, please reach out to a member representative as soon as possible.

 

 

{beginAccordion}

Our Practices

We are always looking for new ways to stop fraud faster and with our enhanced fraud prevention tools we can do just that. We've always monitored your account for fraud, but now we can quickly text you if we see something suspicious. If you receive a fraud alert message, simply respond whether the transaction was yours or not. And don't worry — if you miss our text we'll also try to call you. Please contact our Risk Management Department with any fraud issues.

For your protection and for increased account security we may ask additional questions to properly verify your identity. Unfortunately, if someone was able to obtain information about you and attempt to steal your identity, they would most likely have your name, date of birth, and social security number. Therefore, we may verify additional information with you. Please be assured these questions are asked because your account security is of the utmost importance to TRUE Community Credit Union.

 

Protect Your Personal Information Online

Here are six ways to protect yourself and your loved ones from having your sensitive information compromised.

  1. Don't use your debit card to shop online. Most experts recommend shopping online with a credit card vs. a debit card because credit cards offer more fraud protection and use online security features, like encryption, to keep your information safe. Shop on sites you know are legitimate, and be sure purchases you make with your credit card are ones you can pay back right away to avoid interest on unpaid balances.
  2. Don't shop online using public Wi-Fi. Public Wi-Fi is not secure, making it easier for cyber criminals to capture sensitive information that you transmit, like card numbers or passwords. Don't provide sensitive information or log into your financial accounts unless you know the Wi-Fi is secure, such as your password-protected home Wi-Fi.
  3. Avoid phishing and smishing attempts. Phishing calls/emails and smishing text scams are a popular method for scammers to gain access to your sensitive information. Scammers often pose as financial institutions in order to scare people into believing they have fraud on their accounts and they use that fear to manipulate potential victims into divulging sensitive information like usernames, passwords, card and account numbers, and security codes. Don't answer calls from unknown numbers and don't click links within emails or texts asking you to provide sensitive information. Instead, contact your financial institution directly using the number on the back of your card or the TRUECCU website, or log into your Digital Banking to verify your account information is accurate. 
  4. Only use payment apps with people you know and trust. Payment apps such as Zelle, Venmo, Paypal, or Cash App are often used for scams because they aren't regulated as heavily as debit and credit cards. That means you can be left holding the bag if you send money to fraudsters or they get control of your account. It's best to only use these apps with people you know and trust, and do your due diligence before sending anyone payments of any kind.
  5. Monitor your accounts often. Only you are familiar with the typical activity on your account. Even if you use your account infrequently, establish a habit of logging into Digital Banking at least once a week to review transaction activity and promptly report any suspicious activity.
  6. Choose safe passwords and don't use the same one all the time. With the use of AI and other technology, cracking passwords has become easier than ever. The safest passwords are over 10 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. Use uncommon phrases to help create passwords instead of using one-word passwords (example: "True4!" is less secure than "TRUECCUis4me!"). You can also use a password booklet or secure digital password manager to keep track of your passwords. Remember to keep password booklets in a secure location.

 

Holiday Scams

Fraudsters often use the busyness of the holiday season to take advantage of consumers hoping that shoppers will ignore the warning signs of a scam. Below are few of the most common scams that consumers can fall victim to.

Scam #1: Too Good to Be True Discounts

Fraudsters will list “hot” items on platforms like Facebook Marketplace at a significant discount that require payment through apps such as Zelle, Venmo, Paypal or Cash App. Once you send the money to the fraudster - it's gone.

TIP: Only use these payment methods with people you know and trust. Check the site for signs of a scam and research the company through the Better Business Bureau, or a simple Google search for reviews.

 

Scam #2: Travel and Airfare Scams

Many people will shop for cheap airline tickets over the holiday season, leading fraudsters to target travelers with schemes ranging from bogus flight-booking websites to fraudulent flight cancellation emails and sudden price increases.

Warning signs of an airline scam:

  • A website or marketplace seller is offering airline tickets at a significant discount. Fake travel agencies advertise huge deals to try and get you to suspend your suspicions. 
  • You’re contacted and asked to pay extra for a flight or are told your trip has been canceled and you need to pay more to rebook it.

TIP: Purchase airline tickets directly from the airline (or through reputable third-party sellers that offer customer service). If you receive any messages about your trip, contact the airline directly to make sure the message is legitimate.

 

Scam #3: Online Gift Exchanges

Fraudsters use the traditional Secret Santa game to trick you into sending money and gifts to them (as well as giving up your personal information). 

In these scams, you’re asked to provide your name and address, along with the contact information of a few friends. Then, you’re asked to send money or small gifts to a stranger on the list. In return, you’ll receive multiple gifts from other people who participate. 

But the whole thing is a scam and any money, information, or gifts you send go straight to the scammers. 

Warning signs of a fake online store:

  • You’re offered multiple gifts in return for sending money or presents to a stranger.
  • You’re asked for personal information in order to enter the exchange. Scammers can use this to steal your identity or target you with more scams.

TIP: Secret Santa exchanges can be a lot of fun, but make sure that you are joining a group with people that you know and trust.

 

Scam #4: Holiday Gift Card Scams

Warning signs of a holiday gift card scam:

  • Never pay for goods, services, fees, fines, or taxes with gift cards. Fraudsters will impersonate your bank or credit union, government agencies, or other authoritative people and demand payment in gift cards. 
  • If you buy gift cards in a store, make sure that they haven’t been tampered with.
    • Package is in tack, not torn and the pin is still hidden.
    • The barcode has a sticker that has been placed over it.

TIP: Get a receipt so that you can verify the purchase if your card is lost or stolen and only purchase gift cards from reputable retailers. If you’re buying online, check the store’s URL to see if it’s secure and whenever possible purchase gift cards from the actual retailer or company. 

 

Scam #5: Fake Charities Scams

  • Scammers take advantage of your generosity during the holiday season and create fake charities, GoFundMe campaigns, and other charitable activities. Charity scams can often be incredibly hard to spot — until you’ve lost money or given up sensitive information. 
  • Scammers often create “lookalike” charities that use variations of trusted names to fool you. 
  • Scammers will often try to pressure you into donating by using hard-sell tactics that can be threatening.

TIP: Always check the URL and charity name before donating. You can also check the legitimacy of the charity by using Wise Giving Alliance, Charity Navigator, and for any GoFundMe campaigns look for the group organizer prior to donating.

 

Phishing, Smishing, Spoofing, and Vishing

Phishing

Scammers send fake emails claiming to be from reputable companies in order to manipulate and exploit human trust. Emails often include real logos and legitimate addresses to seem more authentic and urge potential victims to click links to gain access to personal information or to infect devices with malware. Scammers often use pressure tactics so victims act quickly before the ruse is discovered.

TRUE will never send unsolicited emails asking members to provide, update, or verify personal or account information, such as passwords, social security numbers, PINs, credit or debit card numbers, or other sensitive information.

Example: Phishing email with a spoofed email address

 

Smishing

Text message scams, or smishing, is when fraudsters send deceptive messages designed to trick people into downloading malware or sharing sensitive information by posing as your financial institution or other organization you know and trust.

TRUE will never send you links via text requesting sensitive information, including usernames, passwords, PIN numbers, account numbers, or social security numbers.

 

Email Spoofing

Part of a phishing attack where a scammer sets up an email address that looks similar to a legitimate company or organization you know and trust in order to get passwords, account numbers, card numbers, or to get victims to send them money. The fraudsters try to convince potential victims that they are interacting with a trusted and legitimate source and will disguise the attack within an email address, text message, or a website URL that often involves changing one letter, number, or symbol within the email so that at a quick glance is looks correct.

Caller ID spoofing

A caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or government agency that you may already know and trust. If you answer, they use scam scripts to try to steal your money or valuable personal information, which can be used in fraudulent activity.

 

Vishing

Often used hand-in-hand with spoofing, vishing uses voice manipulation, such as robo calls, to manipulate potential victims into verifying personal information that scammers can use for fraudulent activities. 

 

How to protect yourself from phishing, smishing, spoofing, and vishing:

  • Never log into your accounts from a link - always go directly to TRUECCU.com or use the Digital Banking app
  • Never provide personal information to unknown callers or unexpected emails or texts
  • Don't answer calls from unknown numbers.
    • If you do answer, hang up immediately without pressing any buttons or answering any questions
  • Don't click links in emails or text messages, and don't open suspicious attachments
  • Look for misspellings, grammatical errors, or incorrect email addresses or website URLs
  • Use caution if requesters are using high pressure tactics, like an unusual sense of urgency or issuing threats
  • Turn on your email spam filters and update antivirus software on all devices
  • Report suspicious activity to the credit union

 

Phishing Websites

On a Phishing website, you are tricked into providing information, including login credentials and other sensitive information, to cyber criminals. Identifying a phishing website can be challenging, as attackers often create fake websites that look identical to legitimate ones. 

Four ways to help identify phishing websites:

1. Check the URL: A phishing website's URL is easy to see. Phishing websites often have various URLs. Phishing websites may utilize misspelled URLs like "www.googlee.com" instead of "www.google.com".

2. Look for the padlock: SSL/TLS encryption protects most trustworthy websites. The address bar shows a padlock. Phishing websites may not have a padlock symbol.

3. Check for spelling and grammatical mistakes: Phishing websites may include errors.

4. Avoid urgent requests: Phishing websites employ urgency to induce consumers to respond immediately. Phishing websites may request rapid action.

Always be cautious. Avoid submitting personal information and call the firm to check a website's legitimacy if you're doubtful.

 

Skimmers

Skimming is a method scammers use to capture a card’s magnetic strip data and PIN as it is being used at point-of-purchase machines, such as gas pumps and ATMs. Scammers are then able to use the information to make fake cards, purchase goods, or sell the information.

 

To curb this common scam, you can:

  1. Examine machine facades. Before using any machine, look for evidence of tampering such as sticky residue. Pull on the card reader and if it seems loose, crooked, or damaged, if the graphics aren’t aligned, or if part of the machine is a different color, don’t insert or swipe your card.

  2. Use mobile wallet or pay inside. An alternative to swiping your card is paying by mobile wallet, including Apple Pay, Samsung Pay, or Google Pay. This form of payment is secure because your credit card information is tokenized and rendered useless if fraudsters were to get a hold of it. If your local gas station hasn't yet updated their pumps to accept mobile wallet or you aren't sure if the machine is safe to use, go pay inside.

  3. Check your account regularly. Rather than wait for your monthly statement, check your account regularly using Digital Banking. If you notice irregular activity or a purchase you didn’t make, report it to the credit union immediately.

  4. Sign up for alerts. While fraud is not 100% preventable, catching potential fraud immediately will save you a lot of time and hassle. Members can set a variety of alerts within Digital Banking, such as text or email alerts whenever there is a debit card purchase or external transfer.
  1. Be wary of non-bank ATMs. 60% of skimming occurs at privately-owned ATMs. These are typically cash-dispensing machines and are often located in convenience stores, bars, restaurants, grocery stores, or check cashing establishments. 
  1. Trust your instincts. If you’re unsure or uncomfortable, use a different machine or payment method.

QR Codes

Best practices when scanning QR codes:

  • Be aware of your surroundings. If you scan a QR code in public, pay attention to who else is nearby. Scanning a QR code could lead to you downloading malware or opening up your device to hackers.
  • Use antivirus software and firewall protection on your phone. Antivirus software can help protect your phone against viruses and other forms of malware that can come from scanning QR codes.
  • Don’t scan a QR code that looks like it’s been printed on a piece of paper or cardboard or one that has been written out by hand. If you are unsure whether the QR code is real or fake, don’t scan it. Also, be careful when scanning codes found on vehicles, especially if they have been defaced in some way.
  • Before scanning any QR code, make sure you know where it came from and who created it. Ask someone about its origin to determine if it is safe to scan.
  • Always scan from a secure connection, but if you are scanning from an insecure connection (such as public Wi-Fi), do not enter any personal information into the app or web page that pops up after scanning the code! This includes usernames and passwords. If a website asks for personal information (like credit card numbers) before offering any content or services in exchange, this is likely a phishing scam and should not be entered into your device!
  • TRUE Community Credit Union QR codes are used for surveys and giveaways. We will NEVER ask for your personal account information.

Lottery Scams

If you can answer YES to any of these questions, you may be a victim of a scam:

Did you receive a check from the lottery even though you did not play the lottery?

Did you receive a check from a foreign lottery even though you've never played that lottery?

Did you know it's against the law for a U.S. citizen to play a foreign lottery?

Tax Season Scams

When you're filing your taxes this year, consider these helpful tips.

Be careful responding to emails you receive from "tax companies" requesting that you click on the link they have provided to enter your personal information.

Also beware of phone calls, text messages and/or suspicious mail you receive requesting your personal information in order to do your taxes.

Always make sure when you're filing your taxes, you are always conducting your business with a legitimate organization that you trust.

Read more about common scams the IRS sees.

Cryptocurrency Scams

Cryptocurrency scams can take on different forms. Here are some of the common ways: 

  • A victim finds a product or service to purchase on social media, pays for it in cryptocurrency as required by the seller, and then realizes the product or service is fake and never delivered. 

  • A victim is approached by a scammer posing as an investment broker who convinces the victim to make a cryptocurrency investment and promises them significant returns. After the victim makes the payment, they have no trace of an investment and the scammer disappears. 

  • A victim is involved in a romance scam, and the scammer requests funds for a plane ticket, an emergency or variety of other reasons to be made via a cryptocurrency transaction. 

While all of these scams look a little different, the purpose behind scammers requesting cryptocurrency is the same: the funds are transferred virtually and instantly, the transactions are difficult to trace and financial institutions have difficulty ever recovering the funds. It’s also important to know that cryptocurrency is not FDIC insured, which means they are not federally protected against theft. 

How to avoid falling victim to cryptocurrency scams 

Unlike credit cards and other financial institution-backed payment systems, cryptocurrencies do not come with strong fraud protection benefits. Additionally, because of the challenges of tracing cryptocurrency transactions due to their anonymity, many financial institutions have difficulty recovering the funds for customers who have fallen victim. This all means that prevention is key. 

Here are a few tips for preventing cryptocurrency scams: 

  • Before you buy an item on social media, search for the company and product name plus the words “scam” or “complaint” online to see if the Federal Trade Commission (FTC) or news companies have reported them as scams. 
  • Don’t send money to people you do not know. Even when you believe you’re talking to someone you know, if they ask for funds out of the blue, confirm it really is your friend or relative contacting you. It may be a scammer posing as someone you know. 
  • If it seems too good to be true, it probably is. If someone promises significant returns if you quickly make an investment, proceed with caution. 

Imposter Scams

An imposter scam occurs when a fraudster pretends to be someone you trust, like your financial institution. They may use phone calls, text messages, or emails to convince you to send them money or share personal information. This sensitive information can be usernames and passwords, card and account numbers, security codes, and more. These scams can take various forms, but the goal is always to deceive you into providing sensitive details or financial assistance.

Common Scams

If you can answer "yes" to any of the following questions, you could be involved in a fraud or are about to be scammed. Contact us immediately at (517) 784-7101 to be directed to our Risk Management Department.

Did you respond to an email requesting you to confirm, update, or provide your account information?

Did you receive a check from an item you sold on the internet?

Is the amount of he check more than the item's selling price?

Did you receive the check via an overnight delivery service?

Is the check connected to communicating with someone by email?

Is the check drawn on a business or individual account that is different from the person buying your item or product?

Have you been informed that you were the winner of a lottery that you did not enter?

Have you been instructed to either wire, send, or ship money as soon as possible to a large U.S. city or to another country (such as Canada, England, or Nigeria)?

Have you been asked to pay money to receive a deposit from another country (such as Canada, England, or Nigeria)?

Are you receiving pay or a commission for facilitating money transfers through your account?

There's a new type of Internet piracy called "phishing." It's pronounced "fishing," and that's exactly what these thieves are doing: "fishing" for your personal financial information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.

In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver's licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.

Additional Resources

Fraud.org

Help fight con artists by reporting suspicious activity that can help millions of other consumers avoid scams.

The Attorney General

Michigan's Attorney General has resources to learn about consumer protection, as well as how to fight it and report it.

Federal Trade Commission

The federal government's division is dedicated to protecting America's consumers.

{endAccordion}

Become a Financial Pro

It's your money — own it.

Free Courses