skip to Main Content
Learn how Dupaco communicates to help avoid phishing fraud scams

Is this email legit? Here’s how to tell

Updated Aug. 5, 2021, at 2:45 p.m. CT

Several Dupaco members received an email claiming that access to their “Online Banking Service has been suspended.”

Here’s the catch: The email did NOT come from Dupaco.

It’s an attempt by fraudsters to trick you into gathering your personal information, or download malware on your computer, by pretending to be a reputable financial institution.

The subject line in this most recent email scam says: Your Profile Has Been Placed Temporarily On Hold.

Phishing emails often look like real emails. But they’re designed to steal your identity. They ask you for personal information or request that you take action by following a link. The links often look genuine, but usually redirect you to a fraudulent website, which also might look real.

What does a phishing email look like?

Phishing emails can take a number of forms. These fraudulent emails might:

  • Appear to come from your financial institution or a company or website you regularly do business with.
  • Ask you to make a phone call. Phone phishing scams direct you to call a “customer support” phone number. A person or an audio response unit waits to take your account number, personal identification number, password or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don’t respond.
  • Include official looking logos and other identifying information taken directly from legitimate websites.
  • Include convincing details about your personal information that scammers found on your social networking pages.
  • Share links to spoofed websites that ask you to enter personal information.
Is that email legit? Watch for these red flags!

What to look for in an email

In an age of data breaches and scams, it’s critical to keep an eye out for fraud. Here’s what to look for:

Look closely at the sender’s email address

The latest email says it’s from Dupaco Community Credit Union. But email addresses can be easily spoofed.

If you receive an email from a person or business you know, but it seems suspicious, contact them directly. Don’t simply hit reply. Instead, call the person or business with a known phone number.

Check the URL before you click a link

Phishing scams often urge you to click a link that contains all or part of a real company’s name. The link can be within an email, on a website or even in an instant message. They’re usually masked, meaning that the link you see does not take you to that address. Instead, the link takes you somewhere different, usually a fraudulent website.

You can usually see this by resting (but not clicking) your mouse pointer on the link. It will reveal the real web address, which often looks nothing like the company’s web address. This is a red flag.

Here’s what the most recent fraudulent email targeting Dupaco members looks like:

Email scam example: subject lineEmail scam example

The web link in the email takes you to a website that spoofs Dupaco’s website and online banking:

The email asks for personal information

If the email asks for any personal information, don’t respond or answer any questions. Delete the email.

Something just doesn’t look, sound or feel right

If you notice multiple spelling or grammar errors—or the email just doesn’t sound like the “sender” would normally sound—there’s a good chance the email is a scam. Oftentimes, phishing emails address you using: Dear Client or Dear Valued Customer.

If you have any doubts about an email, don’t open it. Instead, look up the financial institution or company’s contact information online, and call them directly.

Did you receive a phising email? Here’s what to do next

Regardless of whether the email’s legitimate or a scam, monitor your financial accounts and credit report to protect yourself from fraud.

Here are some steps you can take:

Change your passwords

If you open a suspicious email and click on any links or attachments, you should change your passwords immediately from a different computer or mobile device. You might have downloaded something malicious from the email.

Use two-step verification

This free tool helps prevent fraudsters from accessing your account in Shine—even if they manage to get your password.

In addition to your username and password, two-step verification requires a second form of authentication, or proof that it’s you who’s trying to log in. You’ll receive a unique security code—sent via text or email—that you enter each time you sign in.

Never share this unique security code with anyone.

Check for malware

It’s a good idea to keep your computer’s antivirus software up-to-date by running a scan after you receive a suspicious email. Or, have the computer serviced by a professional.

Monitor your accounts regularly

Get free real-time notifications for ATM transactions, Shine sign-ins and more.

To get started, sign in to Shine and select eNotifiers. Under Activity Alerts, enable All Transactions to receive email or text messages for all transactions to your accounts.

If there’s been fraudulent activity, you’ll be the first to know.

Monitor your credit report

Through Dupaco’s Bright Track, you can access your full credit report and your credit score as often as you’d like. Access to Bright Track is a free benefit of Dupaco membership.

Regularly monitor your credit report to keep an eye out for any fraudulent activity.

Insure your good name

Dupaco’s Family ID Restoration, provided by your credit union, covers you and your family if you should become the victim of identity theft. It costs just $1.95 per month.

To enroll in this service, contact Dupaco at or call 800-373-7600, ext. 0.

Learn more about how to protect your identity from fraudsters >

If you’re a victim of fraud

If you become a victim of fraud or see suspicious activity on your account, Dupaco is here to help. Call us at 800-373-7600 immediately.

Click for Online Chat