Fraudsters are launching social engineering attacks to members by posing as the credit union to obtain online banking credentials. They are defeating out-of-band / 2-step authentication by scamming member into providing this passcode to them. Once they have the passcode, they login to the member’s account and use peer-to-peer (P2P) services, such as Zelle and Payzur, to transfer funds elsewhere.
Fraudsters also have spoofed the credit union phone number and called members asking them to verify information such as card number, PIN and CVV/CVC –which is all they need to counterfeit a card. In a few cases where members refused to provide the passcode, the fraudsters impersonated the members and social engineered the members’ mobile phone carrier to port the members’ mobile phone to a different carrier. This allows the fraudster to receive the passcode by using the “forgot password” feature.
Please Note: ACFCU will never ask you for such private, secure information over the phone, via email or text message. Should you suspect you are being targeted by fraud, or have fallen victim, please contact us as soon as possible. We'll work with you to investigate the matter, ensuring your accounts and funds are safe at the Credit Union.