WORTHINGTON - A new scam made the rounds Monday morning across the region in the form of a text message allegedly sent from Fulda Area Credit Union.
Officials from area law enforcement and representatives of the financial institution quickly responded to the situation to inform the public and help victims of the scam.
Phishing text scamming (also known as SMSishing) occurs when you receive an SMS message that is supposedly sent from a reputable source, such as a bank, asking for personal information. The Federal Trade Commission (FTC) advises recipients of these types of messages to not reply, click on links or call phone numbers provided in the message. The FTC cautions these links can take you to spoof sites that closely resemble the actual website of the financial institution.
Laura Honken, vice president of operations for Fulda Area Credit Union (FACU), said the scam does not appear to be a breach of data from the bank itself.
Both customers and non-customers alike received the text message, indicating the numbers were obtained from means other than stealing identities from FACU.
“It seems to be a classic phishing attempt where they just target a group of phone numbers trying to get information,” Honken said. “It just seems they’ve probably purchased a block of phone numbers and started out with that.”
FACU has been working with area law enforcement agencies to get the word out about the scam and to protect individuals who received the text.
“We did report it to Verizon fraud department,” Honken said. “... The common link at first seemed to be a Verizon customer, but after that, we’ve heard that there have been other carriers as well, so it just seems to be telephone numbers that were purchased.”
Although Monday was a holiday and FACU was closed, employees began monitoring the institution’s Facebook page to answer customer questions. Others manned the phones at the Fulda and Worthington locations. Area law enforcement agencies, including the Worthington and Windom police departments, also used Facebook to get the word out about the scam.
“It is our priority to make sure that if anybody did click on that, we are getting them protected as soon as possible,” Honken shared.
Honken said anyone who did give out their information should contact both FACU and local law enforcement as soon as possible. The bank has a number of ways to protect victims, including closing and transferring bank accounts and reissuing debit cards.
Verizon cautions users who may have clicked on a link in a text message scam to run antivirus or antimalware software immediately. Verizon’s website also says that suspicious text messages should be forwarded onto Verizon corporate security at 7726 and then deleted. The messages are logged and tracked by the company to identify suspected spammers.
Honken said anyone who receives these types of messages should be aware they are not legitimate, regardless of the source.
“The credit union would never contact our members in this manner and ask them to verify information - we would never do that,” she said. “If anybody ever gets a message like this again or if they ever receive a phone call asking to provide this information, they should know it’s not coming from the credit union. Their best option is to delete and contact the credit union at a number they trust and know.”
Tips and tricks
The FTC offers the following steps you can take to avoid a phishing attack via text or by email:
- Use trusted security software and set it to update automatically.
- Don’t email personal or financial information. Email is not a secure method of transmitting personal information.
- Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins with https (the “s” stands for secure.) Unfortunately, no indicator is foolproof: some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer’s security.