In recent months, members of State Employees’ Credit Union (SECU) have been increasingly targeted by sophisticated scammers using a variety of tactics to steal personal information and financial data. Both SECU Maryland and North Carolina State Employees’ Credit Union (NCSECU) have issued warnings about these fraudulent attempts that mimic official communications. Understanding how these scams work and learning to identify them is crucial for protecting your financial security.
The Growing Threat of SECU Impersonation Scams
Financial institution impersonation scams have become increasingly common, with fraudsters specifically targeting SECU members through multiple channels. These criminals use sophisticated techniques to create messages that appear authentic, often copying official logos, formatting, and language to deceive recipients.
The Federal Trade Commission reports that phone calls were the primary method scammers used to contact potential victims in 2019, but text message and email scams have seen a significant increase in recent years. These attacks intensify during tax season and holidays when people may be more distracted or expecting financial communications.
SECU credit unions across states have observed a pattern of fraudsters becoming more convincing in their impersonation attempts, with some scams so sophisticated that they can fool even cautious members. The credit unions have responded by increasing their educational outreach, providing examples of actual scams, and implementing additional security measures.
Overview of Common SECU Scams
Several types of scams specifically target SECU members:
1. Toll Payment Scams: Fraudsters send text messages claiming recipients owe unpaid toll money to the Maryland Transportation Authority (MDTA), threatening additional late fees if not paid immediately. These messages include fake payment links and may even feature MDTA/DriveEzMD logos.
2. Account Alert Scams: Members receive texts or calls claiming to be from SECU’s fraud department, warning of suspicious account activity and requesting verification of personal information or account credentials.
3. Card Verification Scams: Text messages claim to be SECU fraud alerts asking if the member made specific purchases, typically at retailers far from the member’s location. They request replies of YES or NO, establishing engagement for further fraud attempts.
4. Brushing Scams: Recipients receive unexpected packages containing small items like jewelry or electronics, along with QR codes supposedly to identify the sender. Scanning these codes compromises the phone’s security and sends personal information to scammers.
5. Tax-Time Scams: During tax season, fraudsters impersonate tax authorities or offer unsolicited tax preparation services for a portion of the refund, targeting SECU members through emails, texts, and phone calls.
These diverse approaches share a common goal: to obtain sensitive information that can be used for identity theft, account takeovers, or fraudulent transactions.
How These Scams Work
Criminals employ various psychological tactics and technical methods to execute these scams. Understanding their methodology can help members recognize and avoid falling victim to them.
Psychological Tactics
1. Creating Urgency: Scammers typically present a time-sensitive scenario that requires immediate action—such as imminent late fees, account freezes, or security breaches—to pressure victims into responding without taking time to verify.
2. Fear and Anxiety: Messages often trigger emotional responses by suggesting financial penalties, legal consequences, or threats to credit scores if immediate action isn’t taken.
3. Impersonation and Authority: By mimicking trusted institutions like SECU, scammers leverage the authority and trust these organizations have established with their members.
Technical Methods
1. Phone Number Spoofing: Scammers use technology to make calls or texts appear to come from legitimate SECU phone numbers, making verification through caller ID ineffective.
2. Realistic Phishing Sites: Fraudulent websites mimic SECU’s official sites, often with URLs that look similar to legitimate ones but contain slight variations. These sites collect entered credentials and information.
3. QR Code Exploitation: In brushing scams, QR codes link to malicious websites that may install malware, capture data, or trick users into providing information.
4. Data Collection Chain: Initial communications often ask for seemingly harmless confirmations (like “YES” to verify you didn’t make a purchase), establishing a communication channel for more invasive questions later.
A typical scenario unfolds like this: A member receives an urgent text appearing to be from SECU about unusual card activity. The message includes a link to “verify” the transaction. Clicking the link leads to a convincing but fake SECU website requesting login credentials, card numbers, and personal information. Once entered, this information goes directly to criminals who can immediately begin attempting account access or making fraudulent purchases.
Text Message Patterns and Examples
Text-based scams (known as “smishing”) targeting SECU members follow identifiable patterns. Recognizing these patterns can help you quickly identify potential scams. Below are examples of actual fraudulent messages reported by SECU members:
Example 1: Toll Payment Scam
Maryland toll services: We’ve noticed an outstanding balance of $11.69 on your record. To prevent a late fee of $50.00, please visit [fraudulent link] to settle your invoice.
Example 2: Card Fraud Alert Scam
SECU Fraud Alert: Did you use your VISA ending in 6516 at TARGET #6285 in SHREVEPORT, LA for $125.27 on 10/17? Reply YES or NO or STOP to opt out.
Msg & Data Rates may apply.
Example 3: Account Security Alert
SECU Security Alert: Your account access has been temporarily limited due to suspicious login activity. Verify your identity at [fraudulent link] to restore full access.
Common Text Patterns to Watch For:
- Messages claiming to be from “SECU Fraud Alert” or “SECU Security”
- References to specific card numbers (usually last 4 digits)
- Mentions of specific transaction amounts to appear legitimate
- Requests to reply YES or NO to confirm or deny transactions
- Urgent timeframes suggesting immediate action is required
- Links to websites with domains that aren’t official SECU websites
- Mentions of account restrictions or security holds requiring verification
These patterns are deliberately designed to create a sense of urgency and legitimacy, but they contain subtle red flags that can help you identify them as fraudulent.
Red Flags That Signal a Scam
Learning to spot the warning signs of scam attempts can significantly reduce your risk. Here are key indicators that a communication claiming to be from SECU is likely fraudulent:
Communication Method Red Flags
- Requests for Personal Information: SECU will never contact members to request sensitive information such as account numbers, passwords, card details, or PINs through unsolicited communications.
- Unsolicited Links or Attachments: Legitimate SECU communications rarely include links that ask for immediate login or personal information.
- Pressure Tactics: Any message creating extreme urgency or threatening negative consequences for delayed action is suspicious.
- Unusual Contact Channels: If you typically receive SECU communications through one channel (like postal mail) but suddenly get texts or emails instead, this could signal a scam.
Content and Style Red Flags
- Grammar and Spelling Errors: While sophisticated scammers have improved, many fraudulent messages still contain subtle language errors.
- Generic Greetings: Messages beginning with “Dear Customer” rather than your name may indicate mass-distributed scam attempts.
- Mismatched Sending Information: Emails claiming to be from SECU but sent from unusual or personal email addresses are suspicious.
- Unusual Payment Methods: Requests for payment via gift cards, cryptocurrency, wire transfers, or other methods outside normal banking channels are almost always fraudulent.
Technical Red Flags
- Suspicious URLs: Links that don’t lead to official SECU domains (secumd.org for Maryland or ncsecu.org for North Carolina) or contain additional characters, numbers, or slight misspellings.
- Text from Regular Phone Numbers: Legitimate businesses typically send text messages from 6-digit short codes, not full 10-digit phone numbers.
- Abnormally Long Phone Numbers: International or unusually formatted numbers in caller ID.
- Requests to Download Apps or Software: Legitimate financial institutions rarely ask you to download software or apps via text or email links.
If you encounter any of these red flags, it’s best to ignore the communication and contact SECU directly through official channels to verify its legitimacy.
How to Protect Yourself from Fake SECU Texts
Taking proactive steps can significantly reduce your risk of falling victim to SECU impersonation scams. Here are specific strategies to protect your financial information:
Verify Communications Independently
- Contact SECU Directly: If you receive a suspicious message, ignore it and call SECU at their official number (800-879-7328 for SECU Maryland or 888-732-8562 for NCSECU).
- Use Official Apps and Websites: Access your accounts only through the official SECU mobile app or by typing the official website URL directly into your browser.
- Don’t Use Provided Contact Information: Never call numbers or click links provided in suspicious messages—they may connect you directly with scammers.
Strengthen Your Digital Security
- Enable Multi-Factor Authentication: Activate this additional security layer on your SECU online accounts where available.
- Set Up Account Alerts: Configure legitimate notifications through your SECU online banking to be alerted of actual account activity.
- Regularly Update Devices: Keep your phone, computer, and apps updated with the latest security patches.
- Use Strong, Unique Passwords: Create complex passwords for financial accounts and never reuse them across multiple sites.
Practice Safe Communication Habits
- Never Share Sensitive Information: Remember that SECU will never contact you asking for your full account number, PIN, password, or verification codes.
- Scrutinize All Messages: Develop a healthy skepticism toward unexpected financial communications, especially those creating urgency.
- Ignore and Delete Suspicious Messages: Don’t reply to suspicious texts, even to say “STOP,” as this confirms your number is active.
- Be Wary of QR Codes: Never scan QR codes from unexpected packages or communications without verifying their source.
If You Think You’ve Been Scammed
- Contact SECU Immediately: Report the incident to your credit union’s fraud department right away.
- Change Your Passwords: Update credentials for any potentially compromised accounts.
- Monitor Your Accounts: Check your statements and transaction history carefully for unauthorized activity.
- File Reports: Consider reporting the scam to the FTC at reportfraud.ftc.gov and to the FBI’s Internet Crime Complaint Center (IC3).
By following these protective measures, you can significantly reduce your vulnerability to increasingly sophisticated SECU impersonation scams.
Frequently Asked Questions
1. Is a text message from SECU about suspicious activity legitimate?
SECU may send text alerts about potential fraud if you’ve enrolled in their alert service. However, these legitimate messages will never ask you to provide personal information, passwords, or PINs via text. If you’re unsure, ignore the text and call SECU directly using the number on your card or statement.
2. How can I tell if a phone call claiming to be from SECU is real?
Legitimate SECU representatives will never call and ask for your full account number, card number, PIN, online banking password, or one-time verification codes. If you receive such a call, hang up and call SECU back at their official number to verify if they were trying to reach you.
3. I clicked a link in what I now think was a scam text. What should I do?
If you clicked a link but didn’t enter any information, monitor your accounts closely for unauthorized activity. If you entered login credentials or personal information, contact SECU immediately, change your passwords, and consider placing a fraud alert on your credit reports.
4. Will SECU ever send me a text about owing money or needing to make a payment?
No. SECU will never send text messages requesting payments, especially not with links to make immediate payments. All legitimate payment notifications would come through official channels like statements or secure online banking messages.
5. I received an unexpected package with a QR code to scan. Is this safe?
No. This is likely a “brushing scam” where scanning the QR code could compromise your device security. Never scan QR codes from unexpected packages. You can keep or discard the item, but contact the shipping company directly if you want more information.
Conclusion
As digital banking continues to evolve, so do the tactics of fraudsters targeting financial institution customers. SECU members across states face increasingly sophisticated scam attempts designed to steal personal and financial information. By understanding how these scams work, recognizing their common patterns, and implementing protective measures, members can significantly reduce their risk of becoming victims.
Remember that legitimate financial institutions like SECU will never request sensitive information through unsolicited communications. When in doubt, always verify by contacting SECU directly through official channels.
Staying informed about current scam tactics and maintaining healthy skepticism toward unexpected communications are your best defenses against these evolving threats. By remaining vigilant and following the security practices outlined in this article, you can help protect yourself from the financial and personal consequences of these targeted scams.
