Centro de Seguridad

Imagine this: You receive a text message from your bank alerting you to suspicious transactions on your account. You respond "No" to confirm they aren’t yours. Moments later, you get another text—this time asking you to speak with a fraud specialist to resolve the issue. Thinking it’s your bank, you press 1, and before you know it, fraudsters have taken control of your email, phone, and financial accounts.

Unfortunately, this isn’t a hypothetical situation—it happened to a member. In just a few hours, fraudsters attempted to wire $5,000 out of their account and successfully opened fraudulent credit cards in their name.

This article will break down exactly how this scam works and what you can do to protect yourself.

Step 1: Establishing Legitimacy

Fraudsters begin by gathering personal information such as your name, phone number, and card details—often from data breaches or the dark web. They then attempt small fraudulent transactions, which trigger legitimate fraud alerts from your financial institution.

Since you receive a text asking if these transactions are legitimate, you respond “No.” This is exactly what fraudsters want. They follow up immediately with another text, spoofing your bank’s phone number, stating:

“We need to speak with you regarding the recent fraudulent transactions on your account. Press 1 if you can talk now.”

Once you press 1, you’re connected with the scammer, who already knows details of the fraudulent transactions, making them seem trustworthy.

Step 2: Gaining Access to Your Device

Next, the fraudsters claim they can see unauthorized activity on other accounts linked to your digital wallet. To “help” you, they ask you to share your phone screen with them. Once you grant them access, they direct you to:
✅ Change your Apple ID or email password—giving them full control over your accounts.
✅ Enable call forwarding by dialing *72 + a new number—rerouting all your calls and texts to them.

At this point, the fraudsters can receive any text-based authentication codes meant for you, allowing them to reset passwords, take over online banking accounts, and bypass multi-factor authentication (MFA).

Step 3: Taking Over Financial Accounts

While keeping you on the phone, scammers begin making fraudulent transactions. Since they have access to your phone and email, they can:
🔹 Reset passwords to your online banking and email.
🔹 Answer security questions by asking you for the information directly.
🔹 Approve e-signature requests using stolen credentials.

They’ll keep you on hold, claiming they are “working with other banks” to stop the fraud, ensuring you don’t contact your real financial institution.

Step 4: Cashing Out

Once fraudsters have full control, they move quickly to:
💰 Wire money out of your accounts (if possible).
💳 Open fraudulent credit cards and loans using your personal details.
🛍 Charge up those accounts before you even realize what’s happened.

This process happens fast—sometimes in just a few hours.

How We Caught the Scam

Fortunately, in this case, our team noticed some red flags:
🚩 Long pauses during security questions—scammers were relaying answers from the real member in real-time.
🚩 Inconsistent device logins—our system detected access from multiple devices with different operating systems.
🚩 Failed phone verification—when we called the member’s registered phone number, it had been forwarded to the fraudsters.

Because of these red flags, we stopped the fraudulent wire transfer before it went through.

How to Protect Yourself from Account Takeover Scams

✅ Never share your phone screen or grant remote access to someone claiming to be from your bank.
✅ Be cautious of unexpected texts or calls—scammers can spoof numbers to make them appear legitimate.
✅ Check the phone number—official fraud alerts should come from the same number your bank typically uses.
✅ Never forward your calls—if you’re asked to dial *72 or another forwarding code, don’t do it.
✅ Enable two-factor authentication (2FA) on all important accounts—but use an authentication app instead of SMS codes, which can be intercepted.
✅ If in doubt, call your bank directly using the number on your statement or website—never use a number provided in a suspicious text.

What to Do If You Suspect You’re a Victim

If you think you’ve been targeted by a scam like this, take action immediately:
🔹 Contact your bank or credit union to report the fraud.
🔹 Change passwords for your email, banking, and Apple ID.
🔹 Disable call forwarding by dialing *73 (or your carrier’s specific code).
🔹 Monitor your accounts and credit report for unauthorized activity.

Scams like these are becoming more sophisticated, but by staying informed, you can protect yourself from financial fraud. Always be cautious when dealing with unexpected messages, and remember: If something feels off, trust your instincts and verify directly with your financial institution.

The Federal Bureau of Investigation (FBI) has issued a warning about a recent surge in text message scams, known as "smishing," targeting individuals with fraudulent claims of unpaid tolls. These deceptive messages are designed to steal personal and financial information.

How the Scam Works:

• Unsolicited Text Messages: Victims receive unexpected texts claiming they owe money for unpaid tolls.
• Threats of Penalties: The messages often threaten additional fines or legal action if the supposed debt isn't paid promptly.
• Phishing Links: Recipients are directed to click on a link to settle the alleged debt, leading to fraudulent websites that mimic legitimate toll agencies.

Protective Measures:

• Do Not Click Links: Avoid clicking on any links in unsolicited text messages.
• Verify Claims: If you receive such a message, contact your state's tolling agency directly using official contact information to confirm any outstanding balances.
• Report Suspicious Messages: Use your phone's "report junk" feature
• Delete the Message: After reporting, delete the suspicious text to prevent accidental interaction.

Stay Vigilant:

Always be cautious with unsolicited communications requesting personal or financial information. Legitimate agencies typically communicate through official channels and will not ask for sensitive information via text messages.

For more information on recognizing and avoiding text scams, visit the Federal Trade Commission's guidance on text message scams: consumer.ftc.gov

Pig Butchering Scams
The US Secret Service is reporting a type of cryptocurrency scam where scammers gain victims' trust and manipulate them into investing in fake cryptocurrency projects known as "Pig Butchering"

Common Tactics:

Cryptocurrency Investment Scams: Fake "insider" opportunities advertised via fraudulent websites and testimonials.

Fake Identities & Stories: Scammers impersonate others or create fictitious personas to build trust.

Unsolicited Assistance: Offers of help to access accounts or set up applications, often leading to financial exploitation.

Requests for Personal Information: Scammers ask for personal or banking details under false pretenses.

Tips for Avoiding Scams:

Shield Yourself: Ignore unsolicited messages or offers from unknown numbers.

Guard Your Information: Be cautious about sharing personal details online.

Slow Down: Verify unsolicited advice, investment opportunities, or new relationships with trusted people.

Use Caution: Never share personal or financial details with strangers. Cease contact if pressured for such information.

Note on Victims:
Some scammers may be trafficking victims coerced into facilitating scams.

You can learn more about these types of scans by downloading the US Secret Service alert information flyer by clicking here. 

The United States Secret Service continues to observe a rise in form of scam known as "pig butchering," which is a scam that involves scammers gaining the trust of their potential victims and manipulating them into transferring funds to invest in fake cryptocurrency projects.

Common Tactics:

Cryptocurrency Investment Scams: Fake "insider" opportunities advertised via fraudulent websites and testimonials.

Fake Identities & Stories: Scammers impersonate others or create fictitious personas to build trust.

Unsolicited Assistance: Offers of help to access accounts or set up applications, often leading to financial exploitation.

Requests for Personal Information: Scammers ask for personal or banking details under false pretenses.

Tips for Avoiding Scams:

Shield Yourself: Ignore unsolicited messages or offers from unknown numbers.

Guard Your Information: Be cautious about sharing personal details online.

Slow Down: Verify unsolicited advice, investment opportunities, or new relationships with trusted people.

Use Caution: Never share personal or financial details with strangers. Cease contact if pressured for such information.

You can learn more about this scam by downloading this informational flyer from the Secret Service by clicking here or visit the U.S. Secret Service by clicking here.

We want to make you aware of a recent phone call spoofing scam targeting our members. Scammers are impersonating our staff and fraud department, attempting to obtain sensitive information and gain access to accounts. How the Scam Works:The fraudsters use spoofed phone numbers to make their calls appear legitimate. They claim to be from Pathways and may warn of suspicious activity on your account. Their goal is to convince you to share sensitive information, such as:

• Account numbers
• Card numbers, PINs, or CVV codes
• Two-Factor Authentication (2FA) codes

In some cases, they pressure members to transfer funds or make immediate changes to their accounts. Steps to Protect Yourself:

1. Verify Suspicious Messages:
   Pathways will never call or email to request your full debit card number, PIN, CVV, or 2FA codes. If you’re unsure, contact us directly at 614-416-7588.
2. Avoid Clicking Links:
   Do not click on links in unsolicited texts or emails. Always navigate to our website or app directly for account access.
3. Know Our Practices: Pathways will never call you and ask for account numbers, PIN numbers, 2-factor authentication codes, online banking login information, email passwords, or more than the last four digits of your card number. We will only ask you to verify your personal information when YOU call us directly.
4. Report Suspicious Activity:
   If you receive a call, text, or email that seems suspicious, hang up or ignore the message. Contact us directly to confirm its authenticity.

What to Do If You’ve Shared Information:If you believe you’ve provided sensitive details to a scammer:

• Contact us immediately at 614-416-7588 so we can secure your account.
• Monitor your account for unauthorized transactions and report any activity you don’t recognize.

For additional tips and resources on staying safe, visit our Security Center. Thank you for being vigilant and helping us protect your accounts. Together, we can combat fraud and keep your finances secure.

We're reaching out to inform you about a fraud trend that we recently discovered. Our utmost concern is the safety and security of your deposits, and we're dedicated to providing you with the knowledge you need to protect yourself when these situations arise.

Some of our members are experiencing fraudulent phone calls from an individual who claims to be representing the Pathways Financial Credit Union fraud department. The fraudster is using deceptive methods to spoof the phone number, creating the illusion that the phone call originates from Pathways.

During the phone call, the fraudster asked members to provide the last 8 digits of their card number and their expiration date.

Please be aware that this type of phone call is fraudulent and not affiliated with Pathways in any way. Pathways Financial Credit Union will never call you and ask for PIN numbers, 2-factor authentication codes, online banking login information, email passwords, or more than the last four digits of your card number. We will only ask you to verify your personal information when YOU call us directly.

If you suspect that you have received a suspicious phone call, we urge you to take immediate action. Ask for the caller's name, hang up, and immediately reach out to our member service department at 614-416-7588. Our team will be more than happy to verify the information for you and provide necessary guidance. Your security is our top priority, and we're here to assist you every step of the way.

Thank you for helping us keep your accounts safe!

As the holiday season unfolds, we want to ensure that you have the tools to protect yourself and your finances from potential scams. Our latest newsletter is a comprehensive guide to the most recent scams targeting individuals during this festive period, along with valuable insights on how to prevent falling victim to them.

Your security is our top priority, and knowledge is your best defense. Arm yourself with the information needed to navigate the season safely: Click Here to read up on what's out there this holiday season. 

Pathways has observed a worrying surge in sophisticated fraud attempts targeting our members. These scams, often cloaked in the guise of legitimate communications, pose a significant threat to the financial health and personal security of individuals. To combat this troubling rise, we have created a guide page devoted to monitoring and sharing these active scams with you, so you are aware and prepared to protect yourself should you encounter them.

Understanding Digital Fraud: An Overview

• Brief: A comprehensive introduction to the various forms of digital fraud, including phishing, identity theft, and malware attacks.
• Source: Federal Trade Commission (FTC) - Understanding Digital Fraud
  

Recognizing Phishing Attempts:

• Brief: Tips and tricks on how to spot phishing emails, texts, and calls that may lead to fraud.
• Source: Cybersecurity & Infrastructure Security Agency (CISA) - Phishing Infographic

Scams comunes – Comisión Federal de Comercio

Mientras que los ciberdelincuentes siguen diseñando nuevos métodos para obtener acceso a datos y fondos personales, hay algunos “grapas” que siempre deben estar en la mirada. Mantente al día sobre la última información sobre las estafas comunes de la Comisión Federal de Comercio.

Más información del Gobierno

Lista de estafas y situaciones comunes de fraude compiladas por la Oficina Federal de Investigaciones.

Best Practices for Online Banking Security:

• Brief: Guidelines for maintaining strong passwords, enabling two-factor authentication, and monitoring account activity.
• Source: American Bankers Association (ABA) - Safe Online Banking Tips
  
  

Fraud Prevention Checklists:

• Brief: A downloadable checklist for everyday use to prevent falling victim to common fraud schemes.
• Source: National Credit Union Administration (NCUA) - Fraud Prevention Center

Identity Theft: What It Is and How It Happens

• Brief: An in-depth look into the nature of identity theft, common tactics used by thieves, and the impact it can have on victims.
• Source: Federal Trade Commission (FTC) - About Identity Theft

Preventing Identity Theft: Best Practices

• Brief: Strategies for safeguarding personal information online and offline to prevent identity theft.
• Source: FTC - Protecting Your Identity

Fraud Alerts and Credit Freezes

• Brief: Explanations on how to place fraud alerts or freeze credit to prevent further damage.
• Source: FTC - Credit Freeze FAQs

Identity Theft Recovery Plans:

• Brief: Step-by-step advice on what to do if you’re a victim of identity theft.
• Source: Federal Trade Commission (FTC) - Identity Theft Recovery Steps