Is this email legit? Here’s how to tell
Updated Aug. 5, 2021, at 2:45 p.m. CT
Several Dupaco members received an email claiming that access to their “Online Banking Service has been suspended.”
Here’s the catch: The email did NOT come from Dupaco.
It’s an attempt by fraudsters to trick you into gathering your personal information, or download malware on your computer, by pretending to be a reputable financial institution.
The subject line in this most recent email scam says: Your Profile Has Been Placed Temporarily On Hold.
Phishing emails often look like real emails. But they’re designed to steal your identity. They ask you for personal information or request that you take action by following a link. The links often look genuine, but usually redirect you to a fraudulent website, which also might look real.
What does a phishing email look like?
Phishing emails can take a number of forms. These fraudulent emails might:
What to look for in an email
In an age of data breaches and scams, it’s critical to keep an eye out for fraud. Here’s what to look for:
Look closely at the sender’s email address
The latest email says it’s from Dupaco Community Credit Union. But email addresses can be easily spoofed.
If you receive an email from a person or business you know, but it seems suspicious, contact them directly. Don’t simply hit reply. Instead, call the person or business with a known phone number.
Check the URL before you click a link
Phishing scams often urge you to click a link that contains all or part of a real company’s name. The link can be within an email, on a website or even in an instant message. They’re usually masked, meaning that the link you see does not take you to that address. Instead, the link takes you somewhere different, usually a fraudulent website.
You can usually see this by resting (but not clicking) your mouse pointer on the link. It will reveal the real web address, which often looks nothing like the company’s web address. This is a red flag.
Here’s what the most recent fraudulent email targeting Dupaco members looks like:
The web link in the email takes you to a website that spoofs Dupaco’s website and online banking:
The email asks for personal information
If the email asks for any personal information, don’t respond or answer any questions. Delete the email.
Something just doesn’t look, sound or feel right
If you notice multiple spelling or grammar errors—or the email just doesn’t sound like the “sender” would normally sound—there’s a good chance the email is a scam. Oftentimes, phishing emails address you using: Dear Client or Dear Valued Customer.
If you have any doubts about an email, don’t open it. Instead, look up the financial institution or company’s contact information online, and call them directly.
Did you receive a phising email? Here’s what to do next
Regardless of whether the email’s legitimate or a scam, monitor your financial accounts and credit report to protect yourself from fraud.
Here are some steps you can take:
Change your passwords
If you open a suspicious email and click on any links or attachments, you should change your passwords immediately from a different computer or mobile device. You might have downloaded something malicious from the email.
Use two-step verification
This free tool helps prevent fraudsters from accessing your account in Shine—even if they manage to get your password.
In addition to your username and password, two-step verification requires a second form of authentication, or proof that it’s you who’s trying to log in. You’ll receive a unique security code—sent via text or email—that you enter each time you sign in.
Never share this unique security code with anyone.
Learn how to set up the feature in Shine >
Check for malware
It’s a good idea to keep your computer’s antivirus software up-to-date by running a scan after you receive a suspicious email. Or, have the computer serviced by a professional.
Monitor your accounts regularly
Get free real-time notifications for ATM transactions, Shine sign-ins and more.
To get started, sign in to Shine and select eNotifiers. Under Activity Alerts, enable All Transactions to receive email or text messages for all transactions to your accounts.
If there’s been fraudulent activity, you’ll be the first to know.
Monitor your credit report
Through Dupaco’s Bright Track, you can access your full credit report and your credit score as often as you’d like. Access to Bright Track is a free benefit of Dupaco membership.
Regularly monitor your credit report to keep an eye out for any fraudulent activity.
Insure your good name
Dupaco’s Family ID Restoration, provided by your credit union, covers you and your family if you should become the victim of identity theft. It costs just $1.95 per month.
To enroll in this service, contact Dupaco at firstname.lastname@example.org or call 800-373-7600, ext. 0.
Learn more about how to protect your identity from fraudsters >
If you’re a victim of fraud
If you become a victim of fraud or see suspicious activity on your account, Dupaco is here to help. Call us at 800-373-7600 immediately.