Zelle® Safety Tips & Fraud Alert Center

Protect yourself and stay a step ahead of the scammers! 



If in Doubt, Call Us Out!

We want to remind members to never share any codes or personal information or feel pressured to act immediately if you receive a text message, email, or a call. HFCU will never ask you for your personal account information through a text message, email, or over the phone.

If in doubt, call us out! If you are unsure of a recent message or call that you may have received, end the call, do not click any links or respond to it, and feel free to call us directly at (281) 243-0500; toll-free at 1-(866) 687-4328 with any questions or concerns you may have.

Please scroll down to review the videos below to be aware and stay alert of different payment scams.

Helpful Links













































Scammers are sending realistic texts requesting you to send money using Zelle® as payment due to a “fraud alert”.
 
These texts are used to make the warning look legitimate, and people who respond to these texts are receiving calls from fake representatives.
 
The fake representatives will use social engineering techniques to trick and convince you into sending money to yourself through Zelle® as a payment method. In reality you will be sending the money directly to the scammer’s pockets, and they will be able to receive your money into their account.
 
 

We want to remind members to never share any codes or personal information, or feel pressured to act immediately if you receive this type of text message or call. HFCU will never ask you for your personal account information through a text message or over the phone.

If in doubt, call us out! If you are unsure of a recent message that you may have received, please do not click any links or respond to it, and feel free to call us directly at (281) 243-0500; toll-free at 1-(866) 687-4328 with any questions or concerns you may have.

Many basic necessities rely on utilities we take for granted. And that makes them perfect for a scammer to exploit.
 
Like many other scams, utility scams occur when a scammer pretends to be someone they’re not. In this case, the scammer poses as a representative from your power or water company and threatens to turn off your services unless you send payment right away or provide some important personal information.
 
 

Different Approaches, Same Intent

These scams can happen through email, over the phone, via text message, and in person. In some cases, the scammer may report you’ve overpaid for services and ask for a bank account, credit card, or utility account information to allegedly issue a refund. Your actual utility company would already have this information. What’s more likely is that the scammer is trying to get personal information to commit fraud.

Utility scams typically include an urgent notice threatening to cancel your service due to a missed payment, leaving you without heat, air conditioning, or water. Scammers use urgency to create panic and scare you into acting fast without thinking or confirming the authenticity of the situation.

People posing as utility workers may show up at your home for a fake inspection or equipment repair, investigate a supposed gas leak, or conduct a “free” audit for energy efficiency. They will try to charge you for the fake service, sell you unnecessary products, or collect personal information to use in identity theft activities.

Fast Payments Work in Scammers’ Favor

Since electronic payments are a fast way to send money and often can’t be reversed, the scammer may say that they need immediate payment via bank wire, gift card or digital payment apps, like Venmo or Zelle®, to keep your utilities running. These scams are often timed for maximum urgency, such as peak heating or air conditioning seasons, or right before a big holiday celebration like Thanksgiving.

How to Protect Yourself

Watch for these warning signs to detect a utility scam in progress:

  • An unscheduled or unsolicited call or visit from someone claiming to represent your power or water company. No matter how great the offer or frightening the situation sounds, decline any action until you can verify its authenticity.
  • Threats to cut off service unless an overdue bill or maintenance cost is paid immediately. Most utility companies send multiple notifications before canceling service.
  • Requests for personal account information or payment via bank wire, gift card or digital payment apps, like Venmo or Zelle®.

If you experience any of these situations, follow these steps:

  • Slow down and ask questions, like what their employee identification number is or confirm the date and amount of your most recent payment.
  • Do not respond to text or email messages threatening to turn off your utilities.
  • Call the utility company using the number on your bill or the company’s website before taking any action. Do not use a number provided by the representative.

We want to remind members to never share any codes or personal information, or feel pressured to act immediately if you receive a text message, email, or a call. HFCU will never ask you for your personal account information through a text message, email, or over the phone.

If in doubt, call us out! If you are unsure of a recent message or call that you may have received, please do not click any links or respond to it, and feel free to call us directly at (281) 243-0500; toll-free at 1-(866) 687-4328 with any questions or concerns you may have.

How to Outsmart Sophisticated Phishing Scams

You’ve probably heard of phishing. But do you really know what it is – and more importantly, how to protect yourself from falling victim to it? Phishing scams have become very sophisticated, but there are some simple things you can do to protect yourself and keep your personal information safe.

What is Phishing?

Let’s start with a basic description: Phishing is a type of scam where an attacker sends a fraudulent message to trick you into revealing sensitive information – often to access your accounts or commit identity theft.

Phishing attempts usually occur through email, over the phone, or via text message. They can be very well-designed to look or sound like legitimate messages from those you know and trust, such as your financial institution, and may contain a link that directs you to a fake website that looks legitimate.

Tip #1: Do not expect phishing emails to be filtered into your Junk mail. Because they are often individually crafted based on information gathered on your social media sites, they can avoid detection from advanced email filters.

How to Detect Phishing Scams
There are ways to avoid phishing scams if you know what to look and listen for. Be on the lookout for these identifying factors:

  • Inconsistencies in email addresses. Phishing emails will typically come from an unfamiliar, unusual email address. The easiest way to detect this is to hover your cursor over the email address to reveal the true “from” address. This will usually reveal the email as a fraud and can be done without actually clicking into the email itself. For example, if an email allegedly originates from your financial institution, but the domain name reads something else, it’s likely a phishing email. Delete it immediately.
  • Unfamiliar greeting or salutation. Sometimes the informality or other irregularity of a salutation can and should provoke suspicion. Be on the lookout for this type of irregularity in emails and text messages, and perhaps even phone calls. For example, if your financial institution greets you with a nickname you don’t use with your accounts, it’s an indication of phishing.
  • Bad grammar, spelling mistakes or unusual language. Legitimate emails and text messages will not have these mistakes. However, they are often found in phishing scams.
  • Demand for urgent action. This is key! Emails, text messages and phone calls threatening some type of negative consequence, loss of money, or missed opportunity are key factors in phishing scams. The urgency prompts you to act without thinking and is what ultimately gets intelligent consumers to fall for these well-designed phishing scams. The scams have flaws, but the panic they create can cause consumers to take swift action before errors can be spotted.
  • Requests for passwords. Do not respond to a text alert, email, or phone call asking for a password, PIN, or any other security information. Never give this information to anyone, even if you think it’s your bank or credit union. They will never ask you for this information. Ever.

Tip #2: Be wary of long text numbers. If you receive a text message from an unidentified number longer than 10 digits, the odds are high it’s a scam.

More Dos and Don’ts to Protect Yourself

  • Don’t click on links in an unsolicited email or text message.
  • Don’t use the phone number a potential scammer provided in an email or text message. Look up the company’s phone number on your own and call to verify the authenticity of the message or request.
  • Don’t give out personal information such as passwords, credit card numbers, bank account numbers, dates of birth, or Social Security numbers.
  • Don’t respond to suspected phishing emails, text messages or phone calls, even if you think it would be fun to tease or trick them. It’s best to avoid responding in any way.
  • Do be suspicious of anyone pressing you to act immediately.

Tip #3: Phone numbers and caller identities can be faked to look like the caller ID is from a business you know and trust, like your financial institution. Never trust that the caller ID is accurate. It is best to look up the company’s phone number on your own and call them.

We want to remind members to never share any codes or personal information, or feel pressured to act immediately if you receive a text message, email, or a call. HFCU will never ask you for your personal account information through a text message, email, or over the phone.

If in doubt, call us out! If you are unsure of a recent message or call that you may have received, please do not click any links or respond to it, and feel free to call us directly at (281) 243-0500; toll-free at 1-(866) 687-4328 with any questions or concerns you may have.

As scams become more prevalent, they are also more sophisticated, making them harder to detect. Scammers employ what is known as “social engineering” to manipulate people into revealing sensitive information.

It’s all about the psychology of persuasion. These scammers take advantage of human nature, aiming to lower your defenses so you’ll act on impulse rather than reason.

Let’s look at some examples of how social engineering uses the powers of persuasion to steal personal information and money:

Pretexting

Building a solid pretext or a fabricated scenario is an important aspect of social engineering. Hackers often research their victims in advance to get a sense of the victim’s personal and professional life to help establish the right pretext with which to approach a victim. This information can easily be found by a simple internet search or reviewing social
media activities.

Pretexting is typically the first step in a broader scheme to steal from you. The scammer then pretends to be someone you trust, possibly a representative from your financial institution or a government worker offering loan forgiveness. It often starts with a friendly “hello” and a convincing story that leads the victim to hand over sensitive information that can be used to steal money or commit identify theft.

Baiting

Baiting uses the false promise of an enticing item, such as a monetary reward or free movie download, to trick the unsuspecting consumer into opening a file or providing sensitive information, like their login credentials. Instead of the attached file being the movie or other reward, it is actually infected with malware that will encrypt or take control of the individual’s data, allowing the attacker access to personal information.

Phishing

Phishing is one of the most common types of social engineering attacks, typically in the form of emails or text messages that look like they are from a reputable source, like your financial institution, informing you of an urgent matter that needs your immediate attention. The message may include a link to a fake website that looks legitimate and suggests that you must provide personal information in order to remedy the urgent issue. This can result in the
scammers gaining access to your accounts or learning important details about your identity.

How to Combat this Psychological Manipulation
Knowledge is key. Now that you know what to look for, follow these tips to help protect yourself.

  1. Delete requests for personal information or passwords. No one should contact you for your personal information. Not even your financial institution.
  2. Disregard offers for help or requests of help from those you don’t know. Especially if unsolicited.
  3. Avoid tempting offers. Though it may be difficult to pass on what appears to be a great offer, don’t just dive in. If it seems too good to be true, it probably is. If you’re really interested, take a step back and do some research. Confirm that the company is legitimate by researching reviews. If they are reputable, call the company allegedly offering the deal to ensure the offer came from them and not a scammer pretending to be them.
  4. Verify contacts. Scammers usually imitate legitimate companies by mimicking their names in emails or using caller ID spoofing. You can check their authenticity by looking at the domain name of an email address or hanging up on an unsolicited caller, verifying the legitimate phone number, and calling back.

We want to remind members to never share any codes or personal information or feel pressured to act immediately if you receive a text message, email, or a call. HFCU will never ask you for your personal account information through a text message, email, or over the phone.

If in doubt, call us out! If you are unsure of a recent message or call that you may have received, please do not click any links or respond to it, and feel free to call us directly at (281) 243-0500; toll-free at 1-(866) 687-4328 with any questions or concerns you may have.