At Nusenda Credit Union, your security is our top priority. Scammers continue to evolve their tactics, including using email, phone calls, or fraudulent text messages (“smishing”) to trick individuals into sharing sensitive personal and financial information. This guide is designed to help you recognize, avoid, and report smishing scams to protect yourself and your accounts.
Remember: don’t share your PIN, mobile or internet banking password, or one-time access codes with anyone. Nusenda will not contact you and ask for this information.
WHAT IS “SMISHING?”
Smishing (SMS phishing) is a type of scam where fraudsters send fake text messages designed to trick you into providing sensitive information, such as:
- Account credentials such as passwords
- Social Security numbers
- Credit or debit card details
These messages often appear to come from trusted sources, such as your financial institution or a government agency, and may urge you to take immediate action.
COMMON SMISHING TACTICS
Scammers use various tactics to deceive their targets. Watch out for these common strategies:
- Urgent alerts or warnings: messages claiming your account is locked, suspended, or compromised to create panic and prompt immediate action
- Fake prize offers: promises of rewards, lottery winnings, or gift cards that require you to provide personal information to claim
- Impersonation of trusted entities: fraudsters pretending to represent Nusenda Credit Union, government agencies, or major retailers
- Suspicious links: texts with hyperlinks leading to fake websites designed to steal your login credentials or financial information
- Requests for verification: messages asking you to “verify” account details, passwords, or other sensitive information
These messages often appear to come from trusted sources, such as your financial institution or a government agency, and may urge you to take immediate action.
HOW TO SPOT A SMISHING SCAM
Be cautious if you receive a text message that:
- Asks for personal or financial information: legitimate organizations will never request sensitive information via text
- Creates a sense of urgency: messages claiming you must act immediately to avoid penalties or account issues are often scams
- Contains suspicious links: avoid clicking on unknown links, as they may lead to fraudulent websites
SEVEN PARTS OF AN EMAIL THAT SHOULD BE REVIEWED FOR RED FLAGS TO AVOID SMISHING SCAMS
- The subject line is irrelevant or doesn’t match message content: fraudsters guess what might apply to you and sometimes assume incorrectly; they may also use unexpected elements like emojis or foreign characters
- You were included in an email and don’t know the other people it was sent to: scammers often use a non-personalized approach and apply broad targeting to increase their chances of finding potential victims
- Email comes from an unknown address: check the sender’s domain by looking at the sender’s email address; a message from a large corporation will come from their official domain
- There are misspellings in the sender’s address or hyperlink (or both): this is common; if the email is riddled with spelling errors, it is most likely not legitimate
- The email contains an unexpected attachment
- If there is an attachment, it seems “off”: smishers may include a form or other item they want you to download; the content is something you did not request or a receipt for something you did not purchase; trust your gut
- You are asked to click on a link: links are a hallmark of fraudulent messages; never click on or interact with a suspicious link
HOW TO PROTECT YOURSELF
Scammers use various tactics to deceive their targets. Watch out for these common strategies:
- Verify everything: contact your financial institution directly to verify any account-related messages; don’t trust caller ID alone
- Pause before acting: assess “urgent” requests rationally; fraudsters often manipulate emotions
- Beware of spoofing: verify suspicious communications directly with the institution
- Be cautious of unknown links and calls: avoid clicking links or attachments from unknown senders and don’t sign into accounts from suspicious messages
- Check URLs: ensure emails from financial institutions have the correct URL, like Nusenda.org
- Don’t respond if unsure: replying confirms your contact info is valid
- Protect your information: never share account numbers, passwords, or security answers
- Avoid remote access: don’t allow remote access programs like Anydesk.com due to security risks
- Don’t call numbers in suspicious messages: scammers use these to steal information
- Guard one-time passcodes (OTPs): keep one-time passcodes secure
- Create strong passwords: create a strong password with at least eight characters, including a combination of mixed-case letters, numbers, and special characters. And change your password frequently
- Monitor account activity: use mobile or internet banking to check for suspicious activity and set up alerts
- Be cautious with P2P platforms: use services like Apple Pay, Venmo, and PayPal only with trusted contacts
- Limit social media info: be mindful of what you share online
FREEZE YOUR CREDIT
A credit freeze is a strong preventive measure to stop identity thieves from opening accounts in your name. To place a freeze:
• Equifax: Call 800-349-9960 or visit online
• Experian: Call 888-397-3742 or visit online
• TransUnion: Call 888-909-8872 or visit online
WHAT TO DO IF YOU RECEIVE A SUSPICIOUS TEXT
- Do not respond: avoid replying or clicking on any links
- Verify the message: call us at 505-889-7755 if it mentions Nusenda and asks to verify a charge
- Report the scam: email us a screenshot to [email protected]
ADDITIONAL WAYS TO REPORT FRAUD
Report to the Federal Trade Commission (FTC)
- Forward the message to 7726 (SPAM)
- File a report with the FTC
Report fraud scams to your State Attorney General’s Office
1. Copy the text message body (do not click any links)
2. Email it to [email protected], including:
- A screen shot of the text message showing the sender’s phone number and date sent
- Details of any financial losses or if personal information was shared
3. Forward the text to 7726 to report the scam phone number
FILTER UNWANTED MESSAGES
There are many ways to filter unwanted text messages or stop them before they reach you:
ON YOUR PHONE | Your phone may have an option to filter and block spam or messages from unknown senders. Here’s how to filter and block messages on an iPhone and how to block a phone number on an Android phone |
THROUGH YOUR WIRELESS PROVIDER
| Your wireless provider might have a tool or service that lets you block calls and text messages. Check out ctia.org, a website from the wireless industry, to learn about options from different providers |
WITH A CALL-BLOCKING APP | Some call-blocking apps also let you block unwanted text messages. Go to ctia.org for a list of call-blocking apps for Android, BlackBerry, Apple, and Windows phones, or search for an app online. Check out the features, user ratings, and expert reviews. |
EXTRA RESOURCES
Here are a few articles that provide additional tips on protecting yourself:
By staying vigilant and following these tips, you can significantly reduce your risk of falling victim to smishing scams.