Spotting and Stopping “Phishing Texts” to Protect Credit Union Members
For credit union executives and managers, equipping your frontline staff with the knowledge and skills to combat fraud is paramount. Your employees are the first line of defense in protecting member assets and the integrity of your institution. While we often think of fraud happening in emails or online, a rapidly growing threat is lurking in members’ pockets and purses: the “phishing text,” also known as smishing. These deceptive messages, often masquerading as official communications from trusted entities like the DMV, E-ZPass, or package delivery services, are designed to trick members into revealing sensitive information. Understanding these scams is crucial for every credit union employee to protect themselves and empower members to stay safe. Let’s get beyond the click of smishing they want from you and what is at stake.
The mechanics of these text scams are surprisingly simple yet incredibly effective. A member receives a text message that looks legitimate, perhaps claiming they have an unpaid toll, a package delivery issue, or a problem with their driver’s license. Some text messages may claim to be from your “boss” using the names they have gotten from LinkedIn or other sources, and they may claim they are in a meeting but want you to respond to the text with your phone number or something. The message often creates a sense of urgency or alarm, prompting the recipient to click on a malicious link. This link directs them to a fake website that looks exactly like the real thing, designed to capture login credentials, credit card numbers, or other personal data. Once that information is entered, the fraudsters have the keys to a member’s financial life, potentially leading to account takeovers, identity theft, or direct financial loss.
Why are these text scams so dangerous? Firstly, they leverage trust. People often assume texts are more personal and less likely to be scams than emails. Secondly, they prey on common anxieties or daily routines – who hasn’t been expecting a package or worried about a traffic ticket? The urgency and the familiar logos or names lull victims into a false sense of security. Moreover, many individuals aren’t yet as vigilant about text message links as they might be about email links, making them more susceptible to these attacks.
As credit union employees, your team’s role in combating these scams involves vigilance and education. For themselves, remind employees that legitimate organizations rarely ask for personal or financial information via text message, especially through an unsolicited link. Emphasize the importance of always verifying the sender by contacting the organization directly using a trusted phone number (not one provided in the suspicious text). Stress that they should never click on links in unsolicited texts and should delete suspicious texts immediately. The iPhone now has a feature to delete and report such text messages. Be sure to take advantage of this.
Beyond internal awareness, your employees are vital educators for your members. Encourage your team to use every interaction as an opportunity to share this critical information. Advise members to be suspicious of any text demanding immediate action, claiming an issue with an account they don’t have, or asking for personal data. Instruct them to always go directly to a company’s official website or app to check for updates, rather than clicking a link in a text. Reinforce that the credit union will never ask for sensitive information or login credentials via text message. By empowering your team with knowledge and proactively educating your members, your credit union can significantly reduce the impact of these pervasive and dangerous phishing text scams.
