You receive a text message that appears to come from Royal Credit Union asking you to log in to confirm your account activity. Do you tap the link to get to the login page and enter your online banking username and password?
After reading this article, we hope you don’t open the link! This type of text message phishing scam is very common – here’s how it works:
- Scammers send an urgent-sounding text message to thousands of mobile phone numbers across an area code or geographic area.
- The text messages are designed to sound like an official message from a specific financial institution. The message includes a hyperlink that will open in your mobile phone’s browser.
- If you open the link, you’ll be prompted to enter the username and password for your financial institution on a fake login page.
- Once you provide your login information, the experience varies, but the result is the same – the scammer records your username and password and will attempt to use it to access your account at your financial institution.
- If the scammer is successful, they can send money from your account to another external account. Some types of transfers can empty your accounts in a matter of minutes, with few options to reverse or dispute the transaction since it will appear that you authorized the transfer.
Identifying Phishing Texts
Here are some of the red flags that might help tip you off that a text is a phishing attempt:
- If you don’t have an account at the financial institution mentioned in the text: You can likely ignore the message. Scammers send messages to every phone number in a specific area, hoping that at least some of them reach people with accounts at a specific financial institution.
- For example: If you get a message that appears to come from Royal Credit Union but you’re not a Royal Member – don’t open the link and simply ignore the message.
- If there are obvious spelling or grammar errors, strange spacing, or an unusual sender name: Your real financial institution is unlikely to make these types of mistakes in their official communications.
- For example: If you notice that your credit union has the number zero replacing the letter O in it’s name, it’s probably not coming from your real credit union. Don’t open the link and ignore the message.
- If the link doesn’t look like your financial institution’s regular website address: Scammers can set up a unique website address in a matter of minutes. They frequently use website addresses that mimic your financial institution’s real website to trick victims, but if you look closely there can be obvious errors.
- For example: If the link is going to scpp-banking.yourcreditun10n.com instead of yourcreditunion.org, it’s probably not going to your credit union's website.
If You’re Not Sure If It’s A Phishing Text
If you’re ever unsure if a text message is coming from your real financial institution, you can always contact your bank or credit union using their official phone number. You can also go to your financial institution’s real website and log in to your accounts to check for suspicious activity or new messages.
You can also consider using your financial institution’s official mobile app to connect to your accounts. Mobile apps provide a direct connection to your information without relying on entering the correct website address.
What Should You Do With Phishing Texts?
If you avoid clicking the link in a phishing text, there is no risk to you. Your information remains secure and cannot be accessed by scammers or the person sending the text. Don’t open the link and don’t respond to the text.
Unfortunately, scammers move quickly and can easily set up new mass messages and websites. Government regulators and website hosting services act quickly to remove impostor websites, but scammers have no trouble setting up a new site and sending another text. For this reason, the best option is often to ignore phishing texts. If your mobile phone has the option to report a junk message, you could use this feature to report a message, but there is no need to contact the financial institution mentioned in the message.
Keep Yourself & Others Safe
Text phishing schemes will continue as long as scammers are able to profit from them. By educating yourself about these scams, you can learn to recognize phishing texts and keep your information safe. It’s also a good idea to share information about these types of scams with friends and family. Alerting those around you – especially young adults and older adults who may be less familiar with technology – to the potential for phishing messages and reminding them not to open suspicious links can help keep others safe too.
There are also some preventive measures that you can take to protect yourself:
- Review your account statements often. By staying on top of your account activity, you’ll be able to spot any suspicious transactions sooner.
- Enroll in real-time alerts. These alerts can send you a text message or app notification about deposits, withdrawals, or balance changes. At Royal, real-time alerts can be customized to trigger for the dollar amount of your choice, or set to $0.01 so you can be notified of any account activity within seconds of it occurring.
- Ensure you have multi-factor authentication set up. Multi-factor authentication is a login verification option that requires you to enter a text message code or authenticator app code in addition to your username and password. It creates an extra layer of security – even if a scammer obtains your username and password, they won’t be able to receive your multi-factor authentication code or access your accounts. Multi-factor authentication is automatically required when logging in to your Royal Credit Union accounts from a new device. Never share your multi-factor authentication code with anyone!
For more information about security, phishing, and staying safe, check out these other resources: