Fraud Crisis Scenario Playbook
Crisis Scenario
Fraudsters are gaining access to credit union member accounts through spoofing scams.
Background
There has been an alarming rise in spoofing scams resulting in fraudulent activity. Using a spoofed phone number, fraudsters are calling credit union members stating to be from their credit union’s fraud department. Claiming they need to verify the member’s identity, they obtain the information needed to access member accounts.
Key Talking Points
- [CREDIT UNION] was recently made aware of several incidents in which members became the victims of fraud after receiving calls from scammers pretending to be our fraud department. We have contacted the authorities and are working with the [insert who – FBI, local authorities, etc.] to determine the exact dynamics of these situations.
- It is important to note that the fraudulent activity resulted from spoofed calls. [CREDIT UNION’S] systems remain safe and secure. This was not an attack on our security systems.
- We understand the frustration and fear caused by identity spoofing. Our priority is to assist affected members promptly and effectively to minimize the impact of fraudulent charges on member finances.
- [CREDIT UNION] takes the security of our members’ personal and financial information seriously. We employ state-of-the-art security measures, including multi-factor authentication, encryption, and real-time transaction monitoring, to protect against fraudulent activity.
- [CREDIT UNION] will never ask for your social security number or account number over the phone, by email or text. If you doubt the validity of any phone interaction, or are asked to provide sensitive personal information, we encourage you to hang up and call us directly at (XXX) XXX-XXXX.
Draft Q&A
What should I do if I think I’ve received a spoofed phone call?
The best thing to do is to hang up and contact [CREDIT UNION] directly at (XXX) XXX-XXXX. We will secure your account and identify any potential fraud.
How does [CREDIT UNION] protect me against fraud?
We employ a range of security measures, including multi-factor authentication, encryption, real-time transaction monitoring, and regular security audits, to safeguard our members’ personal and financial information from identity spoofing and fraud. We also offer a series of resources regarding personal fraud protection to help our members identify and avoid being scammed.
We recommend you download and link to the [CREDIT UNION] app on your smartphone and check your account information there and/or at [CREDIT UNION WEBSITE] daily to identify any fraudulent access or account activity quickly. You can also opt-in for text messaging that will alert you immediately when a charge or withdrawal has occurred against your account.
What steps should I take to protect myself from these scams in the future?
First and foremost, if you receive a suspicious contact from someone asking for sensitive information, hang up and contact us directly at (XXX) XXX-XXXX. Second, regularly monitor your accounts and report anything suspicious immediately. Finally, stay vigilant by taking proactive measures to safeguard your information including using strong and unique passwords. Never share personal information online or with an unconfirmed caller.
Sample Member Communication (Email)
Dear INSERT NAME/MEMBER,
We were recently made aware of several incidents in which [CREDIT UNION] members became the victims of fraud after receiving spoofed calls from scammers pretending to be our fraud department. By impersonating the credit union, they are attempting to obtain sensitive personal information such as account details and passwords.
We urge you to exercise caution and remain vigilant when receiving unexpected calls or messages, especially if they claim to be from [CREDIT UNION]. If you receive any suspicious communication, reach out to our customer service team immediately at (XXX) XXX-XXXX. Remember, we will never request sensitive information over the phone, by email or text.
Please be assured, your security is our utmost priority and we are committed to supporting our members through any issues caused by these unfortunate events. If you believe you have been targeted by this scam or have inadvertently provided personal information to a fraudulent caller, please contact us immediately. We are here to assist you and will provide the necessary support to help safeguard your finances.
Thank you for your attention to this matter, and please do not hesitate to reach out if you have any questions or require further assistance.
Sincerely,
EXECUTIVE NAME
EXECUTIVE TITLE
CREDIT UNION
On The Go Articles
BSA Officer Training: A Not-to-Be Missed In-Person OR Virtual Event
GoWest’s Bank Secrecy Act/Anti-Money Laundering Rules Update, on Sept. 12 from 9 a.m.-4 p.m. MT (8 a.m.-3 p.m. PT), is designed to provide BSA officers, credit union compliance officers, and CEOs/managers with important information, updates, and best practices related to the Bank Secrecy Act and other anti-money laundering rules and regulations.
Credit Union Fraud Symposium – Free Virtual Event in August
League InfoSight, in collaboration with its League/Association Partners, is excited to announce a two-day virtual Fraud Symposium on Aug. 14-15 to provide member credit unions with valuable insight on fraud trends that touch every aspect of your operations.
GoWest’s Upcoming Virtual Compliance Legal, CDFI, and HR Events
Upcoming Compliance Legal Update and HR Seminars offer members relevant, useful information to keep their credit unions up-to-date on industry trends and regulations.