BSCU has become aware of members receiving fraudulent text messages and phone calls from individuals claiming to be from the Credit Union’s Fraud Department. BSCU will never call or text asking for your CARD #, PIN # or online banking username and password. Your financial safety is our priority.

Many financial organizations have reported an increasing amount of phishing events due to COVID-19. Now more than ever, your information is being sought after by fraudsters.

What is phishing? Phishing events are when a fraudster attempts to steal a person’s data, mainly login credentials and card information. Once they obtain this information, they will use it to process fraudulent card transactions or ATM withdrawals.

Examples of recent Phishing Attacks:

• Information is obtained from social media to make the attack even more believable.
• Cardholders receive a phone call or email from the fraudster asking them to log in to their account or for their card number.
• While on the phone, the fraudster may ask for your card information and then perform a transaction they know will generate a fraud alert. Once completed, they will ask for the case number over the phone so that the card can be permanently blocked, but instead, the fraudster will validate the activity as valid a transaction so they can continue to use the card.

BrightStar will never contact a cardholder and ask for the following:

• Account Number/Card Number
• CVV
• PIN
• Passwords
• Social Security Number
• Online Banking Credentials

If you think a fraudster is trying to take advantage of you, delete the email or end the call and dial BrightStar’s number directly to confirm that it is a legitimate representative.

Criminals are disguising themselves as WHO to steal money or sensitive information. If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.

Watch out for a surge in emails from cybercriminals pitching COVID-19 health information and fake cures.

The Coronavirus (COVID-19) has been a windfall for fraudsters as they exploit the global thirst for knowledge on the virus. Fraudsters have launched Coronavirusthemed phishing attacks to deliver malware – typically credential-stealing banking Trojans. The phishing emails purport to be from the Centers for Disease Control (CDC) and the World Health Organization (WHO). Fraudsters have also created fake websites to exploit Johns Hopkins University’s interactive Coronavirus dashboard to spread malware. Credit unions should warn employees and members.

Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to receive money or other benefits.