Good afternoon:
On the afternoon of Tuesday, February 7, MMCCU staff became aware of a smishing attack that circulated throughout the area via text message (screenshot #1) asking recipients if they recognized a purchase done outside the area for a large amount. If the recipient responded “NO”, a second message was sent indicating the recipient would receive a follow up shortly to confirm (screenshot #2).
Immediately following the second text message, individuals would receive a call from what appeared to be a local number (715 area code-screenshot #3). The fraudsters on this call were requesting personal information ranging from social security numbers, account numbers, debit card numbers, birthdays, and more. In addition, online banking credentials were requested from the individual.
Upon successfully obtaining user names and passwords, the fraudsters would trigger the sending of the multi-factor authentication security code to the member. Request for this code would be made, and if the code was given to the fraudster, unauthorized access would be made into the member’s online banking. If the member had a checking and funds in their accounts, fraudulent P2P (person-2-person) transfers were initiated and completed. Attempts to change personal information, like cell phone numbers and email addresses, were also submitted to facilitate future access into the online banking system without the need to contact the member.
Please know that the credit union takes these types of attacks seriously and am doing everything we can to notify members of this incident. We know protecting your sensitive data is very important and will be working through new procedures to ensure members contacting the credit union are properly identified before information is provided. If you receive any of these text messages, please ignore them immediately. Do not provide this information to anyone who calls you, even if it is a representative of the credit union.
If you have spoken with someone and provided this information, call and speak with our staff immediately. We want to protect your information as much as possible. If you are ever unsure of a message received on our behalf, please confirm with us before responding. The challenge in the future arises because our debit and credit card vendors do verify suspicious transactions with cardholders via text message, so it can be hard to know which message is legit and which is fake. If you are unsure, let us help you.
If you have any questions, please give the credit union a call at (715) 387-8686. Our staff has been briefed on the situation and will walk through any questions you may have. Again, the security of your information and money is our #1 priority. This information was shared on Facebook yesterday afternoon, and we encourage you to share those posts and/or this email with your friends, family members, and colleagues, so they are aware of the scam to avoid more individuals becoming victims.
Thank you.
David Murphy, President
Marshfield Medical Center Credit Union