At Suffolk Federal, we continuously work to protect your personal information. However, it is still always incredibly important that you—our valued members—are aware of scams and learn how to recognize the warning signs. And remember, Suffolk Federal will never ask for personally identifying information through an unsolicited email, text message or phone call including:
- Account information
- Social Security number
- Mother’s maiden name
- Online Banking access code
- Account access code
- ATM card PIN
- Credit card number, expiration date or PIN
The questions may seem reasonable to answer, but this is considered “phishing.” Should you receive any solicitation, please contact Suffolk Federal or simply delete.
Recent Scam: P2P Fraud
The credit union has recently learned that fraudsters are launching social engineering attacks to members by posing as the credit union to obtain online banking credentials. They are defeating login authentication by tricking members into providing personal passcodes. Once passcodes are in the hands of the fraudsters, they are able login to member accounts and even utilize use peer-to-peer (P2P) services, such as Zelle and Payzur, to transfer funds elsewhere.
This is how the scam works:
Fraudsters can send members an account alert via text message—appearing to come from the credit union—warning them of suspicious debit card activity.
- Fraudsters call the members who respond to the text, spoofing the credit union’s phone number and claiming they are in the credit union’s fraud department reaching out to verify suspicious transactions.
- To verify the member’s identity, the fraudster explains a passcode will be sent via text message and the member must provide the passcode over the phone.
- The fraudsters then attempt a transaction that triggers a 2-step authentication passcode, such as using the “forgot password” feature or initiating a P2P transaction. The passcode is sent via text or email to the member who, in turn, provides the information to the fraudster.
- The fraudsters immediately use the passcode to login to the member’s accounts and use the P2P feature to transfer funds.
Fraudsters also have spoofed the credit union phone number and called members asking them to verify information such as card number, PIN and CVV/CVC–the components that they need to produce a counterfeit card.