Published August 1, 2016.
Updated May 4, 2021.
Phishy texts put your data in danger.
What harm could come from a text? Plenty.
Phishing texts — an official-sounding message that can release a software virus to your device or link you to a phoney website to capture your private information — is one of the fastest growing frauds around.
STCU members frequently report phishing texts that claim to be from STCU. These text messages try to trick or scare you into clicking on a link or to text back with confidential information that could compromise your accounts.
Because STCU is the largest credit union in the region, our members are a bigger target. Lazy, uncreative fraudsters send thousands of phoney "STCU" texts to random phone numbers, knowng that a certain percentage will reach real STCU members.
Don't take the bait! STCU never sends scary, ominous, threatening, and unexpected texts or emails that ask you to provide private information. And we almost always direct members directly to stcu.org, not some other website or address. If you're not sure about a text, please contact us.
Shown below is an example of a phishing text. The phone number was similar to one familiar to the recipient by just a few digits.
The threatening tone of the text is designed to get you to respond immediately, before you take time to evaluate what the message is about.
What to do if you get a phishing text.
Avoid your impulse to respond quickly to the text. Instead, stop and think before taking action.
Waiting a few minutes isn't going to jeopardize your accounts. But quickly responding to a phishing text out of habit could trigger a disaster. Ask yourself:
- Do I know the sender?
- Could I call them to verify the text?
- Was I expecting a message like this?
- Is this an appropriate way for a business to reach me about my personal account?
- If this was so urgent, why are they sending a threatening text?
- Is there a legitimate reason they would need me to respond quickly?
As you answer these questions, you’re likely to become less confident about the legitimacy of the text. For instance, most legitimate companies would never use a text message to let you know there’s something wrong with your account. And they would not threaten you on the first notice.
The best response is to delete the message. Or call the sending institution to confirm that it sent the text, and then delete the message. You also should notify other family members to watch for the phoney text on their phones or email.
A threatening text is used to get you to respond immediately, before you stop to evaluate what the message is about.
The danger of phishing texts.
An investigation of the link shown above found that the link in the message led to a website that asked the recipient to enter account information. The site was used to infect computers and mobile devices with malware that would shut down anti-virus programs and steal data, passwords, and email addresses. Merely clicking on the link unleashed this nightmare!
Computers and mobile devices often are equipped with security software. But security threats change quickly.
The best protection is to slow down. Determine whether the message is legitimate, and never click on a link or reply to a text until you've verified its source.