Skip to main content
STCU Log in >
Illustration of a fishing rod with a text on a mobile phone caught on the hook.
Illustration of a fishing rod with a text on a mobile phone caught on the hook.
Illustration of a fishing rod with a text on a mobile phone caught on the hook.

Don’t take the bait:How to spot a phishing scam

Updated March 2026

Protect your personal information.

Your information is valuable. We want to make sure it doesn’t fall into the wrong hands.

First things first: What is phishing?

It's when someone pretends to be a trusted organization through text, email, phone calls, and social media and tried to trick you into sharing passwords, account numbers, or other private details.

We regularly hear from members and nonmembers who receive phishing texts claiming to be from STCU. These messages try to pressure you into clicking a link or replying with personal information. They usually create urgency saying your account is locked, there’s fraud activity, or need to act immediately. 

Take a breath.

Scammers rely on panic. We don’t.

Text fraud screenshot
Phishing text example

We will never send threatening or unexpected messages asking for your password, one-time login codes, or full Social Security number. We will also never send you a login code and then ask you to share it with us.

If something feels off, trust that instinct. When in doubt, reach out. We’re always happy to verify.

Did you receive something that looks “phishy”?

First, don't click. It may seem obvious, but not clicking on something suspicious is the best way to stay safe.We know scammers can be creative so here’s what to do: 

  • If you didn’t click anything, report it and delete.
  • If you did, click a link or share information, contact us  or visit a branch ASAP.

The sooner we know, the sooner we can help.

Not sure if something is real?

Here are a few things to ask yourself if you think something feels off:

  • Was I expecting this message?
  • Do I know the sender?
  • Is it pressuring me to act immidiately?
  • Why would they need this informaton right now?
  • Does the link look slightly misspelled or unusual?
  • Is this how a financial institution would normally contact me?

If it feels urgent, scary, or too convenient, pause. Real businesses allow you time to verify.

Strengthen your protection.

Spotting scams is important—but you can also make it much harder for scammers to succeed.

  • Turn on Multi-Factor Authentication (MFA) for your accounts.
  • Set up account notifications.
  • Use strong, unique passwords (a password manager can help).
  • Keep your devices and apps updated.
  • Avoid using public Wi-Fi for banking.
  • Ask your mobile carrier about adding a SIM lock or port-out PIN.

Social media is another common entry point for scams. Be cautious of quizzes or posts asking for details like your first car, childhood street, or favorite teacher, those often mirror common security questions. And never discuss account issues or share personal details through social platforms.

Unfortunately, fraud doesn’t always show up right away. Someone might click a link today and only notice suspicious activity weeks or months later.

That’s why your best protection is slowing down, verifying before you respond, and staying just a little skeptical.



related
Illustration of devices

Fraud and scams

Fraud and scam support >

Illustration of a scam letter in an envelope

Avoid scams.

Tell those scammers to scram >

© 1934 — STCU | Here for good.

Hey there!

You’re about to leave STCU.org. Linked sites may have a different privacy and security policy than ours. Products and services offered by the linked site are not endorsed nor vouched for by STCU.

Do you wish to continue?

Yes, please No thanks, go back