What NOT to Tell Your Financial Institution

4 min read
January 30, 2023

What NOT to Tell Your Financial Institution B_HubSpot

We’d all like to think we can spot a scam from a mile away. The numbers, however, tell a different story. In 2021 alone, consumers reported losing more than $5.8 billion to fraud.1 Many of these losses were the result of imposter scams — that is, scammers pretending to be someone you know and trust. These bad actors may even try to convince you that they’re from your financial institution. They might say there’s an issue with your account and you need to deposit money as soon as possible, or that they need to help you log in to your online bank account.

Take a look at the four tips below to know what information you should never give out to someone, even if they claim to be from your credit union or bank.

1. Never Disclose Your Login Credentials

It seems like common sense that you should keep your usernames and passwords private. But scammers know that if they pretend to be someone you trust, you’re more likely to let your guard down. Remember: Your login credentials are for you only. If you receive a text, phone call, email, or a message on social media from someone asking for your login credentials, do not disclose them — even if the person reaching out to you claims to be a family member, your financial institution, a love interest, or even a government agency like the IRS.

Not only can fraudsters trick you into revealing your username and password, they can also make you feel at ease doing it. To accomplish this, they send you a "secure link" to a site where you can enter your credentials privately. The webpage may look legitimate, complete with your financial institution's logo. But it's really a false page connecting straight back to the fraudster. Once they have your login information, the fraudster has free reign over your online bank account.

2. Never Reveal Your Access Codes

If you’ve ever forgotten your username or password to an app, a website, or your online bank account, there’s a good chance you’ve had experience with access codes. Here’s a quick review in case you’ve forgotten or aren’t familiar with access codes.

Access codes or “security codes” are temporary codes — typically between four and six digits long — that you can request to be texted, emailed, or phoned to you, usually in the event that you’ve forgotten your username or password. These codes are only valid for several minutes. Once you’ve received the code, you’ll provide it in place of your usual login credentials. As long as you enter it in correctly, you’ll be given temporary access so that you can set up a new username or password.

In order for an access code to be an effective security measure, it has to be sent to an email address or phone number that ideally only you have access to. But there’s a surprisingly easy way for scammers to get around this hurdle: by simply asking you to give them the access code. Beware of anyone who contacts you claiming they need to help you log in to one of your accounts, and never give them your access codes.

3. Got a Bad Feeling? Hang Up.

Through a process called “spoofing,” scammers can make it look like incoming calls are coming from a person or place you recognize, such as your financial institution. Of course, this doesn’t mean you should always assume the worst when you get a call from your bank or credit union. But if the person on the other end of the line starts asking you to divulge information like your login credentials, access codes, or card numbers, play it safe. Hang up the phone, look up the number for your financial institution, and call them separately to see if they've really been trying to contact you.

4. Be Wary of Clicking on Links

Think twice before clicking on any links you’ve been sent in an email, as they could cause you to inadvertently download malicious software or “malware.” This method of attack (known as “phishing”) gives scammers access to the personal information on your phone or computer. This can include files, passwords to your accounts, or even your personal photos to help them create a social media profile under your name. This same kind of attack is known as “smishing” when the malicious link is sent by text message rather than email. If you’re unsure whether or not it’s safe to click a link or a button in an email or text message, don’t click on it.

Takeaway

When it comes to preventing fraud and scams, you are the last line of defense. While usernames, passwords, access codes, and security questions help to keep your accounts secure, they won’t be effective if you voluntarily give out your private information. Following the guidelines above can help you stay safe from scams. Reach out to your credit union or bank if you'd like to verify the authenticity of an email, text message, phone call, or other correspondence you've received from them. Our team at Cyprus Credit Union can be reached by calling 801-260-7600 (dial option 4) or by chatting with us on CyprusCU.com.


1Federal Trade Commission | February 22, 2022