Screen Shot 2022-01-20 at 1.14.26 PM

Fraud prevention is always our top priority. We want our members to be vigilant and report anything they feel is suspicious. Space City CU will NEVER contact you and ask for your home/mobile banking login information OR ask for your account number, password, social security number, or PIN.

 

How to Report a Fraudulent Message:

If you received a suspicious fraud message (text, e-mail, phone call, or mail) claiming to be from Space City Credit Union, please do not respond and use the form on this page to report the suspicious message you received. By reporting the suspicious messages, we will be able to investigate and inform the rest of our membership.

How to Report Debit or Credit Card Fraud:

If you need to report a debit or credit card transaction fraud on your Space City CU Debit card or VISA Credit Card, please refer to one of the phone numbers below.

Space City CU Debit Card - Please contact us directly at 713-222-1244 or email us at memberservices@spacecitycu.com.

VISA Credit Card - Please call 800-325-3678.

Fraud Prevention Tools
While it's impossible to prevent fraud, there are ways to minimize your risk with these tools.

Custom Account Alerts
Stay in touch with your accounts 24/7 with alerts. Account alerts are free electronic messages regarding recent activity on our account that are delivered to you via email.

 

Use BALANCE’s resources
As a nonprofit dedicated to your financial health, check out our Identity Theft Toolkit to protect yourself against fraud.

Please take note of these recent scams below.

Two-Factor Authentication Scams
As fraud controls get smarter, fraudsters are shifting their attack patterns to bypass controls. Fraudsters have been using automated phone calls to try to steal consumers two-factor authentication codes and hack into banking, merchant, and third-party payment accounts. These include Apple, Amazon, PayPal, and bank accounts.

An example of these calls state: "In order to secure your account, please enter the code we have sent your mobile device now.” Financial institutions and valid merchants will ask cardholders to enter this code on their website or app, not via text or automated phone call. A communication like this indicates the fraudster has tried to access an account and has run into a two-factor challenge from the merchant or institution. This call is an attempt to secure the code sent to a phone number or email on file at the merchant or institution. Usually something like the enter code that had has popped up on your phone. Once entered the automated message will say: "Thank you, your account has been secured and this request has been blocked.” Sometimes the call will say don’t worry about any payments or fees, we will refund it and then state, “you may now hang up.” 

Scams like these require a hacker to already know several details about a cardholder, such as email address, phone number, and passwords. Personal data like this is often found on the dark web, collected from previous breaches and hacks, sold by POS merchants to marketers, or given out by cardholders themselves. 

 

Phishing/Smishing Attacks 
Phishing and smishing (phishing by SMS texts) are attempts to trick cardholders into providing sensitive confidential information in order to perpetrate fraud. Its variants, and frequency, continue to be on the rise. Phishing schemes such as “spear-phishing,” which is more targeted and difficult to identify, are becoming even more sophisticated than in the past. Instead of using only suspicious links in poorly designed emails, phishing emails are mimicking websites and appearing to be legitimate and credible. The use of web address shortening tools, such as TinyURL, make detection of suspicious links more difficult, even by savvy online users.

It is important to safeguard your financial data and your online banking credentials against criminals trying to harvest them. It is also a good idea to avoid clicking on links that appear in random emails and instant messages. Some phishing emails will start with “Dear Customer,” so you should be on the alert when you come across these emails. When in doubt, go directly to the source rather than clicking on a potentially dangerous link.

In general, never give out full card numbers, passwords (either to bank or merchant accounts), full social security numbers, or other sensitive information over the phone.

 

Securing Digital Devices
Avoid storing confidential card information in unencrypted format on digital devices unless it is stored using a Digital Wallet or secure password management application. Security concerns include: 

  • Unencrypted card information on digital devices is susceptible to malware attacks. 
  • Sensitive information, such as PIN, Social Security number, or answers to security questions can also be stolen by way of malware and remote access applications downloaded to a digital device. 
  • Choose reputable and secure applications to store passwords and other sensitive data on digital devices. Avoid installing applications from alternative online “stores” that are not reviewed for security prior to being published. 

 

Back to top