Skip to Main Content

We are aware that scammers are contacting members and pretending to be Service CU employees. Please do not provide personal information over the phone or email in any contact that was not initiated by you. Learn more.

Brand Impersonation: A rising scam

The number of brand impersonation scams has risen significantly in recent months. Utilizing copies of legitimate business logos, images and messaging styles, expertly constructed fake emails (phishing), text messages (smishing), and websites are used to fool recipients into clicking on fraudulent links and entering login credentials or other sensitive information. Scammers then use the provided information to access accounts and transfer funds.

We are aware of a large-scale brand impersonation campaign currently underway, targeting multiple credit unions and banks. These institutions are predominantly impersonated via smishing text messages claiming to be from a member’s financial institution and can take on many forms, including reporting a fraudulent charge or asking for a password reset. Scammers may also call members pretending to be a financial institution in order to obtain online banking information.

TEXT SCAMS: DO NOT REPLY OR CLICK ON LINKS

Replying to messages notifies the fraudster that the recipient is not only a real person, but is actively using their phone. With this information, fraudsters will reach out with a call, posing as a representative from the impersonated institution, and attempt to gather sensitive personal and account information over the phone. The text may also look like it’s coming from a Service Credit Union email address, despite being a text message (see example below).

Clicking provided links bring recipients to fraudulent websites, encouraging the entry of login credentials and other sensitive information, which the fraudsters use to access financial accounts.

Examples of scam text and a fraudulent website:

Mobile phone showing text fraud example
1. Smishing text with malicious link
Fake Website Login
2. Fake Website Login
Request-for-addition-sensitive-information-fake-form
3. Request for additional sensitive information
Spoofed two-factor authorization confirmation
4. Spoofed two-factor authorization confirmation

Service Credit Union has not been involved in any data breach, and your information remains secure with us. The fraudsters will only gain access to an account if sensitive information is provided in response to fraudulent communications. The easiest way to avoid account compromise is to delete the messages without replying or otherwise engaging. If you have any concerns about charges mentioned in a message, please log into your online banking account to confirm the transaction or contact the credit union. If you require further clarification, our team is available by phone 24/7 at 800-936-7730 in the US, or 00800-4728-2000 internationally.