Several Dupaco Community Credit Union members have recently received an email alerting them that their Dupaco account will be deactivated on a specific date unless they click on a link to cancel the request.
Here's the catch: The email did not come from Dupaco.
It's an attempt by fraudsters to trick people into gathering their personal information, or download malware on your computer, by pretending to be a reputable financial institution.
Phishing emails often look like real emails, but are designed to steal your identity. They ask you for personal information or request that you take action by following a link. The links that are used often look genuine, but usually redirect you to a fraudulent website.
Phishing email messages take a number of forms:
- They might appear to come from your financial institution, or a company or website you regularly do business with.
- They might ask you to make a phone call. Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don't respond.
- They might include official-looking logos and other identifying information taken directly from legitimate websites, and they might include convincing details about your personal information that scammers found on your social networking pages.
- They might include links to spoofed websites where you are asked to enter personal information.
In an age of data breaches and scams, it’s critical to keep an eye out for fraud.
What to look for
Take a close look at the sender's email address
Below the email example says it's from Dupaco Community Credit Union but the email address is not a Dupaco email.
If you receive an email from someone you know but it seems suspicious, contact that source directly via phone or with a new email, rather than hitting reply.
Check the URL before you click any links
In phishing, links that you are urged to click on within email messages, on websites, or even in instant messages may contain all or part of a real company’s name and are usually masked, meaning that the link you see does not take you to that address but somewhere different, usually a fraudulent website.
The following graphic shows how resting (but not clicking) the mouse pointer on the link reveals the real web address. As shown in the box with the gray background, the link looks nothing like the company's web address, which is a suspicious sign.
The message asks for personal information
If the email asks for any personal information, do not respond or answer any questions. Delete the email.
Something just doesn't look, sound, or feel right
If you notice multiple spelling or grammar errors—or the email just doesn't sound like the "sender" would normally sound—there's a good chance the email is a scam. Oftentimes, phishing emails will address you using: Dear Client or Dear Valued Customer.
As a general rule of thumb, if you have any doubts about an email, do not open it. Instead, look up the financial institution or company's contact information online, and call them directly.
Regardless if the email was legitimate or a scam, take action to monitor your financial accounts and credit report to keep an eye out for fraud.
Related: Don't be fooled by someone pretending to be Dupaco. See how Dupaco communicates >
What to do next
Change your passwords
If you open a suspicious email and click on any links or attachments, you should change your passwords immediately from a different computer or mobile device—something malicious may have been downloaded from the email.
Check for malware
It's a good idea to keep your computer's antivirus software up-to-date by running a scan following the suspicious email or have the computer serviced by a professional.
Download Dupaco's Trusteer Rapport software
Even if you have antivirus software, it’s probably not designed to protect you against attempts to steal your financial information. partnered with IBM® Security to offer you free protection with Trusteer Rapport. Trusteer Rapport is specifically designed to protect your computer against potential risks of financial malware.
Monitor your accounts regularly
Through Shine Online Banking, monitor your transactions every day, and set up free eNotifiers to alert you by text and/or email of activity on your accounts. If there indeed has been fraudulent activity, you’ll be the first to know.
Monitor your credit report
Through Bright Track inside Shine Online Banking, you can access your full credit report and your credit score as often as you wish. Access to Bright Track has been and will remain a free benefit of Dupaco membership. Regularly monitor your credit report to keep an eye out for any fraudulent activity. Dupaco advises reviewing your credit report every month.
Insure your good name
Dupaco’s Family ID Restoration, provided by your credit union, covers you and your family if you should become the victim of identity theft at just $1.95 per month. To enroll in this service, contact Dupaco at firstname.lastname@example.org or call 800-373-7600, ext. 0.
Related: Learn more about fraud protection and prevention.
If you’ve become a victim of fraud
Should you become a victim to fraud or see suspicious activity on your account, Dupaco is here to help. Call Dupaco at 800-373-7600 immediately if you suspect you are a victim of fraud.