Beware of callers trying to pry loose personal info

  • Vishing is the term for stealing information or money from consumers over the telephone. The term comes from mixing the words "voice" and "phishing." The latter is a scam intended to trick consumers into supplying personal information on the internet.
  • Usually the thief will use caller ID spoofing, which makes the telephone network display a number from a legitimate or well-known source, when in fact that is not where the call originated.
  • Vishing attacks usually have an automated recording setup to call a consumer telling them that their credit card(s) or ATM/Debit Card has been flagged for fraudulent activity.
  • The recording then asks the consumer to provide a card number, PIN code, Social Security number and/or password reset code to verify their account, or the recording provides a toll-free number directing the consumer to call and provide account details.

Michigan Schools and Government Credit Union representatives will never ask you for sensitive financial information — including full Social Security number, Visa card number, account numbers, personal identification number (PIN) or password reset code — over the phone.

This is one time it's good to have a suspicious mind

  • Be suspicious of all unknown callers. You should be just as wary of phone calls as you are of emails asking for personal information.
  • Do not trust caller ID. Just because your caller ID displays a phone number or name of a legitimate company, it does not guarantee the call is really coming from that number.
  • Call them back. If someone is selling you something or asking for information, tell them you will call them back. Verify the company is legitimate by calling them back using a telephone number from a bill, statement, or other trustworthy source, and not the number they provided during the call.
  • Register your number. Visit the National Do Not Call registry at www.donotcall.gov. If you are on the list and receive a call from a suspected telemarketer, this could be a tip that the offer is fake.
  • Use a secure and encrypted notebook app on your phone to store your passwords, financial account numbers, and other sensitive information. This means downloading a third-party app from your phone’s app store rather than using the non-password protected notebook app that comes standard on your phone.
  • Give account security your thumbs up by enabling fingerprint login or facial recognition in the MSGCU Mobile App. You can even use fingerprint or facial recognition on your mobile device to log you into Online Banking on your computer! Watch our tutorial on how to set it up.
  • If your phone has been lost or stolen and you know you can’t get it back, you should immediately take steps to protect your personal information. Start by alerting your phone carrier of the loss so they can disconnect your service. You should also try to remotely wipe your phone of its contents and lock it from intruders. Most smartphones have these features built-in nowadays; take a look at the list below. Finally, we strongly advise you to change your passwords for banking accounts, email services, social media and other accounts especially if you had used the ‘save password’ feature on your device.
  • It's a good idea to install or enable deactivation methods on your phone in case it’s lost or stolen. These methods allow you to lock and remove your data from the device remotely. Here’s a list of the most-used services:

    - Apple “Find My - Activation Lock
    - Verizon Android “Find My Device - Remotely Lock
    - Samsung “Find My Mobile
    - T-Mobile Android and iOS “Lookout Mobile Security
    - Windows 10 “Find My Device

  • It may not be well-known, but there are ways for your mobile device to become infected with viruses and malware. Malware is designed to gain control of your phone, so take control now and prevent it from happening to you. Only download apps from reputable sources like App Store, Google Play, and Galaxy Store. And think twice about “jailbreaking” or “rooting” your device, which strips essential built-in security features from the operating system.
  • You might have antivirus software installed on your computer, but have you protected your mobile phone and tablets? Don’t forget about these devices when you’re shopping around for antivirus software. Choose a solution that offers comprehensive device protection and comes with auto-renewal so you’ll never be left vulnerable to attacks.

The final step is to report all vishing calls to the Federal Trade Commission by visiting the agency's website at www.ftc.gov or calling 888.382.1222. The FTC will ask for the number and name that appeared on your caller ID, as well as the time of day and the information discussed or heard in a recorded message.

Don't get hooked in a ‘smishing’ expedition

  • ‘Smishing’ is short for SMS (short message service) phishing. It’s a mobile text scam designed to trick a consumer into downloading malicious software or providing personal information.
  • The text message may direct the recipient to a website URL or a phone number that connects to an automated voice response system where personal information is collected.
  • The message usually contains something that requires the consumer’s “immediate attention” such as reactivating a suspended credit card. It may direct them to a legitimate-looking website that will ask them to “confirm” their personal financial information, such as the credit card number.
  • A phone number may be given. If called, an automated voice response system will ask the consumer for the same information. Once obtained, the fraudsters will use this information to create new cards to make unauthorized purchases or withdrawals.
  • Here's one example of a smishing message: “Notice — this is an automated message from (a credit union or bank), your ATM card has been suspended. To reactivate immediately call 866-###-####.”
  • Often, the smishing message will show up on your phone as having come from “5000.” This usually indicates the message was sent via email and not from another cell phone.

Michigan Schools and Government Credit Union will never ask for sensitive financial information via text message. However, we may contact you by phone to inquire about suspicious credit card activity. We may ask you to confirm your address, birth date, and last four digits of your Social Security number to verify your identity. You will never be asked to provide your full Social Security number, Visa number, account number, or PIN.

 

Tell the government if you think you're being targeted

  • Be suspicious of all unknown text messages. You should be just as suspicious of text messages as you are of emails asking for personal information.
  • Register your number. Visit the National Do Not Call registry at www.donotcall.gov. If you are on the list and receive a text message from a suspected number, this could be a tip that the message is fake.
  • Report smishing text messages to the Federal Trade Commission at www.ftc.gov or call 888.382.1222. The FTC will want to know the number that appeared on your caller ID, as well as the time of day and the website address or telephone number listed.

When you contact Michigan Schools and Government Credit Union, use the published telephone numbers on your monthly statement or via secure email within Online Banking. Our phone number is 586.263.8800, or toll-free at 866.674.2848. And if you use MSGCU text banking, be sure to add 90703 to your MSGCU contact information as well.