Phishing Guide

Phishing and Spoofed Websites

Almost daily members receive phishing e-mails or calls claiming to be from national financial service providers. Many credit unions have reported that their members are receiving e-mails and calls claiming to be from the member's credit union.

What is phishing?

Phishing is an attempt, via e-mail, text or phone, to steal personal identity data and financial account information for the purpose of committing fraud. The e-mail may ask the receiver to “update”, “validate” or “confirm” account information, including passwords or personal identification numbers (PINs). Some may threaten that an account will be closed or a card will be disabled. More recently, text messages claiming that the victim's card has been blocked or deactivated have been sent and they ask the victim to call a phone number. The e-mail addresses and phone numbers of the victims are not obtained from Heartland Credit Union itself but from external sources, or just randomly created.

Heartland Credit Union works diligently to close down each of the sources of these phishing e-mails and text messages as they are identified. Unfortunately, it may take several days to identify the source and shut down the originator, who may then quickly move to another internet site and continue to operate. Many scams are unable to be traced.

E-mails
Embedded within a phishing email is a link to a spoofed website. The spoofed website appears to be exactly like the credit union's legitimate website. Once the member is redirected to the spoofed website, the scam phishing e-mail asks the member to fill in required information to keep his/her credit/debit cards or online banking active. The spoofed website asks for name, account number, card numbers and other sensitive account information.

Because the spoofed websites have a very authentic appearance, members are giving up their credit and debit card information, including PINs. Within minutes of a member responding to a phishing e-mail, there are fraudulent transactions on the credit and debit card accounts.

Tips for avoiding Phishing scams:

  • Heartland Credit Union will never send an e-mail, text message or make calls requesting account number, PIN or debit/credit card information. Never respond to a request for this information. 
  • Never click on the link provided in an e-mail you believe is fraudulent.
  • Do not open an attachment to an unsolicited e-mail unless you have verified the source.
  • Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
  • If you believe the contact is legitimate, go to the company's website by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.

If you have any questions concerning phishing, please call the credit union at (217) 726-8877 or 1-800-397-9595.