Security Center

We want to alert you to an active phone call spoofing scam affecting Pathways members. Scammers are impersonating our fraud department and calling members using spoofed phone numbers that appear to come from Pathways.

📞 How the Scam Works:

🔐 The caller claims to be from Pathways’ fraud team and warns of suspicious activity on your account.
🧑‍💻 They ask for your online banking username and then request the verification code (2FA) sent to your phone.
💸 Once they gain access, they transfer money out of your account, often to an account fraudulently opened at Pathways under another name.

🛡️ Protect Yourself:

🚫 Know our policy: Pathways will never call you and ask for:

• Your full debit card number

• PIN or CVV

• Online banking login credentials

• 2FA codes

• Email passwords

• More than the last 4 digits of your card

📞 Verify suspicious contact: If something feels off, hang up and call us directly at 614-416-7588.

🔗 Avoid clicking links in unexpected emails or texts. Always go directly to our website or app.

Imagine this: You receive a text message from your bank alerting you to suspicious transactions on your account. You respond "No" to confirm they aren’t yours. Moments later, you get another text—this time asking you to speak with a fraud specialist to resolve the issue. Thinking it’s your bank, you press 1, and before you know it, fraudsters have taken control of your email, phone, and financial accounts.

Unfortunately, this isn’t a hypothetical situation—it happened to a member. In just a few hours, fraudsters attempted to wire $5,000 out of their account and successfully opened fraudulent credit cards in their name.

This article will break down exactly how this scam works and what you can do to protect yourself.

Step 1: Establishing Legitimacy

Fraudsters begin by gathering personal information such as your name, phone number, and card details—often from data breaches or the dark web. They then attempt small fraudulent transactions, which trigger legitimate fraud alerts from your financial institution.

Since you receive a text asking if these transactions are legitimate, you respond “No.” This is exactly what fraudsters want. They follow up immediately with another text, spoofing your bank’s phone number, stating:

“We need to speak with you regarding the recent fraudulent transactions on your account. Press 1 if you can talk now.”

Once you press 1, you’re connected with the scammer, who already knows details of the fraudulent transactions, making them seem trustworthy.

Step 2: Gaining Access to Your Device

Next, the fraudsters claim they can see unauthorized activity on other accounts linked to your digital wallet. To “help” you, they ask you to share your phone screen with them. Once you grant them access, they direct you to:
✅ Change your Apple ID or email password—giving them full control over your accounts.
✅ Enable call forwarding by dialing *72 + a new number—rerouting all your calls and texts to them.

At this point, the fraudsters can receive any text-based authentication codes meant for you, allowing them to reset passwords, take over online banking accounts, and bypass multi-factor authentication (MFA).

Step 3: Taking Over Financial Accounts

While keeping you on the phone, scammers begin making fraudulent transactions. Since they have access to your phone and email, they can:
🔹 Reset passwords to your online banking and email.
🔹 Answer security questions by asking you for the information directly.
🔹 Approve e-signature requests using stolen credentials.

They’ll keep you on hold, claiming they are “working with other banks” to stop the fraud, ensuring you don’t contact your real financial institution.

Step 4: Cashing Out

Once fraudsters have full control, they move quickly to:
💰 Wire money out of your accounts (if possible).
💳 Open fraudulent credit cards and loans using your personal details.
🛍 Charge up those accounts before you even realize what’s happened.

This process happens fast—sometimes in just a few hours.

How We Caught the Scam

Fortunately, in this case, our team noticed some red flags:
🚩 Long pauses during security questions—scammers were relaying answers from the real member in real-time.
🚩 Inconsistent device logins—our system detected access from multiple devices with different operating systems.
🚩 Failed phone verification—when we called the member’s registered phone number, it had been forwarded to the fraudsters.

Because of these red flags, we stopped the fraudulent wire transfer before it went through.

How to Protect Yourself from Account Takeover Scams

✅ Never share your phone screen or grant remote access to someone claiming to be from your bank.
✅ Be cautious of unexpected texts or calls—scammers can spoof numbers to make them appear legitimate.
✅ Check the phone number—official fraud alerts should come from the same number your bank typically uses.
✅ Never forward your calls—if you’re asked to dial *72 or another forwarding code, don’t do it.
✅ Enable two-factor authentication (2FA) on all important accounts—but use an authentication app instead of SMS codes, which can be intercepted.
✅ If in doubt, call your bank directly using the number on your statement or website—never use a number provided in a suspicious text.

What to Do If You Suspect You’re a Victim

If you think you’ve been targeted by a scam like this, take action immediately:
🔹 Contact your bank or credit union to report the fraud.
🔹 Change passwords for your email, banking, and Apple ID.
🔹 Disable call forwarding by dialing *73 (or your carrier’s specific code).
🔹 Monitor your accounts and credit report for unauthorized activity.

Scams like these are becoming more sophisticated, but by staying informed, you can protect yourself from financial fraud. Always be cautious when dealing with unexpected messages, and remember: If something feels off, trust your instincts and verify directly with your financial institution.

The Federal Bureau of Investigation (FBI) has issued a warning about a recent surge in text message scams, known as "smishing," targeting individuals with fraudulent claims of unpaid tolls. These deceptive messages are designed to steal personal and financial information.

How the Scam Works:

• Unsolicited Text Messages: Victims receive unexpected texts claiming they owe money for unpaid tolls.
• Threats of Penalties: The messages often threaten additional fines or legal action if the supposed debt isn't paid promptly.
• Phishing Links: Recipients are directed to click on a link to settle the alleged debt, leading to fraudulent websites that mimic legitimate toll agencies.

Protective Measures:

• Do Not Click Links: Avoid clicking on any links in unsolicited text messages.
• Verify Claims: If you receive such a message, contact your state's tolling agency directly using official contact information to confirm any outstanding balances.
• Report Suspicious Messages: Use your phone's "report junk" feature
• Delete the Message: After reporting, delete the suspicious text to prevent accidental interaction.

Stay Vigilant:

Always be cautious with unsolicited communications requesting personal or financial information. Legitimate agencies typically communicate through official channels and will not ask for sensitive information via text messages.

For more information on recognizing and avoiding text scams, visit the Federal Trade Commission's guidance on text message scams: consumer.ftc.gov

Pig Butchering Scams
The US Secret Service is reporting a type of cryptocurrency scam where scammers gain victims' trust and manipulate them into investing in fake cryptocurrency projects known as "Pig Butchering"

Common Tactics:

Cryptocurrency Investment Scams: Fake "insider" opportunities advertised via fraudulent websites and testimonials.

Fake Identities & Stories: Scammers impersonate others or create fictitious personas to build trust.

Unsolicited Assistance: Offers of help to access accounts or set up applications, often leading to financial exploitation.

Requests for Personal Information: Scammers ask for personal or banking details under false pretenses.

Tips for Avoiding Scams:

Shield Yourself: Ignore unsolicited messages or offers from unknown numbers.

Guard Your Information: Be cautious about sharing personal details online.

Slow Down: Verify unsolicited advice, investment opportunities, or new relationships with trusted people.

Use Caution: Never share personal or financial details with strangers. Cease contact if pressured for such information.

Note on Victims:
Some scammers may be trafficking victims coerced into facilitating scams.

You can learn more about these types of scams by downloading the US Secret Service alert information flyer by clicking here. 

We want to make you aware of a recent phone call spoofing scam targeting our members. Scammers are impersonating our staff and fraud department, attempting to obtain sensitive information and gain access to accounts.

How the Scam Works:

The fraudsters use spoofed phone numbers to make their calls appear legitimate. They claim to be from Pathways and may warn of suspicious activity on your account. Their goal is to convince you to share sensitive information, such as account numbers, Card numbers, PINs, or CVV codes, Two-Factor Authentication (2FA) codes.

In some cases, they pressure members to transfer funds or make immediate changes to their accounts. 

Steps to Protect Yourself:

Verify Suspicious Messages:
Pathways will never call or email to request your full debit card number, PIN, CVV, or 2FA codes. If you’re unsure, contact us directly at 614-416-7588.

Avoid Clicking Links:
Do not click on links in unsolicited texts or emails. Always navigate to our website or app directly for account access.

Know Our Practices: Pathways will never call you and ask for account numbers, PIN numbers, 2-factor authentication codes, online banking login information, email passwords, or more than the last four digits of your card number. We will only ask you to verify your personal information when YOU call us directly.

Report Suspicious Activity:
If you receive a call, text, or email that seems suspicious, hang up or ignore the message. Contact us directly to confirm its authenticity.

What to Do If You’ve Shared Information:

If you believe you’ve provided sensitive details to a scammer, contact us immediately at 614-416-7588 so we can secure your account.

Monitor your account for unauthorized transactions and report any activity you don’t recognize.

Thank you for being vigilant and helping us protect your accounts. Together, we can combat fraud and keep your finances secure.

Pathways has observed a worrying surge in sophisticated fraud attempts targeting our members. These scams, often cloaked in the guise of legitimate communications, pose a significant threat to the financial health and personal security of individuals. To combat this troubling rise, we have created a guide page devoted to monitoring and sharing these active scams with you, so you are aware and prepared to protect yourself should you encounter them.

Understanding Digital Fraud: An Overview

• A comprehensive introduction to the various forms of digital fraud, including phishing, identity theft, and malware attacks.
• Source: Federal Trade Commission (FTC) - Understanding Digital Fraud
  
  

Stay Safe Online - National Cyber Security Alliance

• Offers simple, straightforward advice on how to protect yourself online, with resources tailored for older adults.
• Link: Stay Safe Online

Recognizing Phishing Attempts:

• Tips and tricks on how to spot phishing emails, texts, and calls that may lead to fraud.
• Source: Cybersecurity & Infrastructure Security Agency (CISA) - Phishing Infographic
  
  

Digital Literacy Project

• This initiative provides tutorials and articles aimed at helping users of all ages increase their understanding of digital safety and privacy.
• Link: Digital Literacy Project

Latest Scam Alerts and Reports:

• Updates on recent scams as reported by consumers and financial institutions.
• Source: Consumer Financial Protection Bureau (CFPB) - Fraud & Scams
  
  

AARP Fraud Watch Network

• Aimed particularly at older adults, AARP's Fraud Watch Network sends out regular alerts about scams and frauds that are targeting seniors, including the latest tricks scammers are using.
• Link: AARP Fraud Watch Network
  
  

Better Business Bureau (BBB) - Scam Tracker

• The BBB Scam Tracker is a crowd-sourced tool that allows consumers to report scams and see what scams are happening in their area or across the country.
• Link: BBB Scam Tracker
  
  

National Cybersecurity and Communications Integration Center (NCCIC)

• Part of CISA, the NCCIC publishes bulletins and alerts on cybersecurity issues, including ongoing scam campaigns.
• Link: CISA Current Activity Alerts

Best Practices for Online Banking Security:

• Guidelines for maintaining strong passwords, enabling two-factor authentication, and monitoring account activity.
• Source: American Bankers Association (ABA) - Safe Online Banking Tips
  
  

Fraud Prevention Center:

• Make sure your financial information is protected.
• Source: National Credit Union Administration (NCUA) - Fraud Prevention Center

Identity Theft: What It Is and How It Happens

• An in-depth look into the nature of identity theft, common tactics used by thieves, and the impact it can have on victims.
• Source: Federal Trade Commission (FTC) - About Identity Theft

Preventing Identity Theft: Best Practices

• Strategies for safeguarding personal information online and offline to prevent identity theft.
• Source: Federal Trade Commission (FTC) - Protecting Your Identity

Fraud Alerts and Credit Freezes

• Explanations on how to place fraud alerts or freeze credit to prevent further damage.
• Source: Federal Trade Commission (FTC) - Credit Freeze FAQs

Identity Theft Recovery Plans:

• Step-by-step advice on what to do if you’re a victim of identity theft.
• Source: Federal Trade Commission (FTC) - Identity Theft Recovery Steps