At Nusenda Credit Union, your security is our top priority. Scammers continue to evolve their tactics, including using email, phone calls, or fraudulent text messages (“smishing”) to trick individuals into sharing sensitive personal and financial information. This guide is designed to help you recognize, avoid, and report smishing scams to protect yourself and your accounts.

Remember: don’t share your PIN, mobile or internet banking password, or one-time access codes with anyone. Nusenda will not contact you and ask for this information.

WHAT IS “SMISHING?”

Smishing (SMS phishing) is a type of scam where fraudsters send fake text messages designed to trick you into providing sensitive information, such as:

• Account credentials such as passwords
• Social Security numbers
• Credit or debit card details

These messages often appear to come from trusted sources, such as your financial institution or a government agency, and may urge you to take immediate action.

COMMON SMISHING TACTICS

Scammers use various tactics to deceive their targets. Watch out for these common strategies:

1. Urgent alerts or warnings: messages claiming your account is locked, suspended, or compromised to create panic and prompt immediate action
2. Fake prize offers: promises of rewards, lottery winnings, or gift cards that require you to provide personal information to claim
3. Impersonation of trusted entities: fraudsters pretending to represent Nusenda Credit Union, government agencies, or major retailers
4. Suspicious links: texts with hyperlinks leading to fake websites designed to steal your login credentials or financial information
5. Requests for verification: messages asking you to “verify” account details, passwords, or other sensitive information

These messages often appear to come from trusted sources, such as your financial institution or a government agency, and may urge you to take immediate action.

HOW TO SPOT A SMISHING SCAM

Be cautious if you receive a text message that:

• Asks for personal or financial information: legitimate organizations will never request sensitive information via text
• Creates a sense of urgency: messages claiming you must act immediately to avoid penalties or account issues are often scams
• Contains suspicious links: avoid clicking on unknown links, as they may lead to fraudulent websites

SEVEN PARTS OF AN EMAIL THAT SHOULD BE REVIEWED FOR RED FLAGS TO AVOID SMISHING SCAMS

1. The subject line is irrelevant or doesn’t match message content: fraudsters guess what might apply to you and sometimes assume incorrectly; they may also use unexpected elements like emojis or foreign characters
2. You were included in an email and don’t know the other people it was sent to: scammers often use a non-personalized approach and apply broad targeting to increase their chances of finding potential victims
3. Email comes from an unknown address: check the sender’s domain by looking at the sender’s email address; a message from a large corporation will come from their official domain
4. There are misspellings in the sender’s address or hyperlink (or both): this is common; if the email is riddled with spelling errors, it is most likely not legitimate
5. The email contains an unexpected attachment
6. If there is an attachment, it seems “off”: smishers may include a form or other item they want you to download; the content is something you did not request or a receipt for something you did not purchase; trust your gut
7. You are asked to click on a link: links are a hallmark of fraudulent messages; never click on or interact with a suspicious link

HOW TO PROTECT YOURSELF

Scammers use various tactics to deceive their targets. Watch out for these common strategies:

1. Verify everything: contact your financial institution directly to verify any account-related messages; don’t trust caller ID alone
2. Pause before acting: assess “urgent” requests rationally; fraudsters often manipulate emotions
3. Beware of spoofing: verify suspicious communications directly with the institution
4. Be cautious of unknown links and calls: avoid clicking links or attachments from unknown senders and don’t sign into accounts from suspicious messages
5. Check URLs: ensure emails from financial institutions have the correct URL, like Nusenda.org
6. Don’t respond if unsure: replying confirms your contact info is valid
7. Protect your information: never share account numbers, passwords, or security answers
8. Avoid remote access: don’t allow remote access programs like Anydesk.com due to security risks
9. Don’t call numbers in suspicious messages: scammers use these to steal information
10. Guard one-time passcodes (OTPs): keep one-time passcodes secure
11. Create strong passwords: create a strong password with at least eight characters, including a combination of mixed-case letters, numbers, and special characters. And change your password frequently
12. Monitor account activity: use mobile or internet banking to check for suspicious activity and set up alerts
13. Be cautious with P2P platforms: use services like Apple Pay, Venmo, and PayPal only with trusted contacts
14. Limit social media info: be mindful of what you share online

FREEZE YOUR CREDIT

A credit freeze is a strong preventive measure to stop identity thieves from opening accounts in your name. To place a freeze:

• Equifax: Call 800-349-9960 or visit online

• Experian: Call 888-397-3742 or visit online

• TransUnion: Call 888-909-8872 or visit online

WHAT TO DO IF YOU RECEIVE A SUSPICIOUS TEXT

1. Do not respond: avoid replying or clicking on any links
2. Verify the message: call us at 505-889-7755 if it mentions Nusenda and asks to verify a charge
3. Report the scam: email us a screenshot to [email protected]

ADDITIONAL WAYS TO REPORT FRAUD

Report to the Federal Trade Commission (FTC)

•  Forward the message to 7726 (SPAM)
•  File a report with the FTC

Report fraud scams to your State Attorney General’s Office

• New Mexico Attorney General’s Office: file a complaint
• Texas Attorney General’s Office: USPS-related phishing

1. Copy the text message body (do not click any links)

2. Email it to [email protected], including:

• A screen shot of the text message showing the sender’s phone number and date sent
• Details of any financial losses or if personal information was shared

3. Forward the text to 7726 to report the scam phone number

FILTER UNWANTED MESSAGES

There are many ways to filter unwanted text messages or stop them before they reach you:

EXTRA RESOURCES

Here are a few articles that provide additional tips on protecting yourself:

• CTIA - Protecting Yourself from Spam Text Messages
• How to forward a text to 7726 on iPhone: Suspicious Text iPhone
• How to forward a text to 7726 on Android: Suspicious Text Android
• Federal Trade Commission consumer advice: How to Recognize and Report Spam Text Messages | Consumer Advice
• Smishing: Package Tracking Text Scams-Smishing: Package Tracking Text Scams – United States Postal Inspection Service
• Mail fraud – United States Postal Inspection Service

By staying vigilant and following these tips, you can significantly reduce your risk of falling victim to smishing scams.