Security Center

We want to make you aware of a recent phone call spoofing scam targeting our members. Scammers are impersonating our staff and fraud department, attempting to obtain sensitive information and gain access to accounts.

How the Scam Works:

The fraudsters use spoofed phone numbers to make their calls appear legitimate. They claim to be from Pathways and may warn of suspicious activity on your account. Their goal is to convince you to share sensitive information, such as account numbers, Card numbers, PINs, or CVV codes, Two-Factor Authentication (2FA) codes.

In some cases, they pressure members to transfer funds or make immediate changes to their accounts. 

Steps to Protect Yourself:

Verify Suspicious Messages:
Pathways will never call or email to request your full debit card number, PIN, CVV, or 2FA codes. If you’re unsure, contact us directly at 614-416-7588.

Avoid Clicking Links:
Do not click on links in unsolicited texts or emails. Always navigate to our website or app directly for account access.

Know Our Practices: Pathways will never call you and ask for account numbers, PIN numbers, 2-factor authentication codes, online banking login information, email passwords, or more than the last four digits of your card number. We will only ask you to verify your personal information when YOU call us directly.

Report Suspicious Activity:
If you receive a call, text, or email that seems suspicious, hang up or ignore the message. Contact us directly to confirm its authenticity.

What to Do If You’ve Shared Information:

If you believe you’ve provided sensitive details to a scammer, contact us immediately at 614-416-7588 so we can secure your account.

Monitor your account for unauthorized transactions and report any activity you don’t recognize.

Thank you for being vigilant and helping us protect your accounts. Together, we can combat fraud and keep your finances secure.

By Jonjie Sena

January 7, 2025

Today, we carry devices with us wherever we go, making us highly vulnerable to imposter scams, call spoofing, and data breaches. With the rise of artificial intelligence, threat actors can now commit fraud by mimicking a person’s voice over the phone. This troubling trend is affecting both consumers and businesses, with financial institutions being especially at risk.

In an increasingly common imposter scam known as the “grandparent scam,” the threat actor calls someone, posing as a family member. They claim to be in some kind of trouble, such as a car accident or an arrest, and request money to help get them out of the predicament. The criminal is able to mimic the voice of the person they’re impersonating by closing it with AI. Today’s technology is so advanced that only a short audio clip is needed.

According to 2024 Federal Trade Commission data, consumers reported that imposter scams were the leading method of fraud in 2023, with the highest losses per person coming from phone scams. Scammers have stolen over $10 million from U.S. consumers this year, reaching an all-time high, according to the FTC.

A separate report on cyberattack trends found that financial services is the most impersonated industry by criminals. Case in point, a Hong Kong finance worker was duped out of more than $25 million after falling prey to a deepfake video call scam earlier this year, in which the attendees looked and sounded just like his coworkers.

Call Spoofing: An Essential Tool for Threat Actors

Call spoofing is the deliberate falsification of a caller’s phone number and caller ID information. Criminals commonly use this tactic so that calls to their victims seem real. A common banking phone scam involves calling a bank customer and pretending to be a bank employee—ironically, in the fraud department. The incoming number the customer sees looks like a legitimate number from their bank.

The caller then tells the customer there has been fraudulent activity on their account and asks for their personal banking details. Through social engineering schemes, threat actors convince targets that their accounts have been hacked, which leads to the customer providing sensitive account information or, in some cases, wiring the caller money via apps such as Zelle and Venmo.

Data Breaches Are Fueling Financial Fraud

More than 1,500 data breaches affected over one billion people in the first half of 2024, including those impacted by multiple incidents. This represents a 14% increase in the number of breaches reported in 2023, which was a record-setting year. Financial service-related data breaches increased by 67% year-over-year, making financial services the most compromised industry in H1 2024, according to the Identity Theft Resource Center. This rise in data breaches creates a higher risk of financial fraud and call spoofing—a vicious cycle that leaves consumers and businesses vulnerable.

Armed with the victim’s name, address and other personal details obtained from data breaches, the dark web and phishing attacks, criminals can make an even more convincing case over the phone. Fraudsters use their persuasive stories during these vishing attacks, coupled with the highly personal nature of voice calls, to create a false sense of trust. They often seal the deal by sending the target a fake text link, known as “smishing.” These text and phone scams are so common, that one in three Americans has received one.

Just this month, more than a third (35%) of Americans said they were notified that details about their identities or online accounts had been stolen in a data breach—up from 28% last year according to the TransUnion 2024 Q4 Consumer Pulse Report.

One might assume that the larger the bank, the greater the temptation for fraudsters, but smaller banks and credit unions are seeing the most fraud. According to a recent report, 79% of credit unions and community banks saw more than $500,000 in direct fraud losses in 2023—higher than any other segment surveyed. Smaller banks and credit unions lack the fraud prevention resources, data and technologies used by larger banks, and they provide more personalized, phone-heavy customer service, leaving them more susceptible to fraud.

Technology Can Help Combat Call Spoofing

Though customers are increasingly aware of call spoofing and other phone-related scams, they enjoy the personal touch that only the phone can bring. Nonetheless, they’re demanding that more be done to protect them against phone fraud and unwanted calls. Customers want to feel safe to answer the phone when they receive a wanted call from their financial institution, school or physician’s office.

Industry-developed protocols such STIR/SHAKEN call authentication, which digitally validates a caller’s identity, have helped to combat call spoofing. However, STIR/SHAKEN is not always sufficient to ensure that mobile operators can differentiate between legitimate and spoofed calls. Due to the limitations of legacy networks and inconsistent implementations, they often lack the information they require to distinguish legitimate calls from robocalls calls, causing legitimate calls to be mistagged as spam. That makes it impossible for consumers to know when to answer the phone.

Other measures are available to help financial institutions reduce call spoofing, such as technology that allows them to digitally “sign” their own calls. This option stops spoofed calls from reaching the customer by providing mobile operators with the intelligence they need to block spoofed calls with confidence through complete end-to-end call authentication.

Because this method ensures mobile operators receive the authentication information they need, it greatly reduces the number of legitimate calls that are mistagged as fraudulent. That means fewer customers would block calls from those numbers—including calls from the business.

Empowering enterprises to take the reins on call authentication this way is a sound business strategy; after all, no one has a larger stake in protecting their customers and their business than the financial institutions themselves.

We wanted to make you aware of a recent counterfeit check scam [LINK TO NEWS ARTICLE] that has affected some of our members. It has come to our attention that individuals may be receiving fraudulent communications from a company called The Group, LLC, offering a work-from-home opportunity.

Here's how it works: Fraudsters are sending out offer letters detailing positions, salaries, benefits, confidentiality agreements, and including counterfeit checks allegedly issued by Pathways Financial Credit Union. We want to emphasize that these activities are in no way affiliated with Pathways Financial Credit Union and that these checks are fraudulent.

If you suspect that you have received communication like this or a counterfeit check, we urge you to take immediate action.

Please gather all relevant documentation and contact our Member Service Department at 614-416-7588.

Our dedicated team is committed to assisting you through this process. We will verify the information for you and provide the necessary guidance to navigate this situation effectively. Your security is our top priority, and we are here to support you every step of the way.

Please remember to remain vigilant and report any suspicious activity right away.

Thank you for helping us keep your deposits safe and sound.

Pathways has observed a worrying surge in sophisticated fraud attempts targeting our members. These scams, often cloaked in the guise of legitimate communications, pose a significant threat to the financial health and personal security of individuals. To combat this troubling rise, we have created a guide page devoted to monitoring and sharing these active scams with you, so you are aware and prepared to protect yourself should you encounter them.

Understanding Digital Fraud: An Overview

• A comprehensive introduction to the various forms of digital fraud, including phishing, identity theft, and malware attacks.
• Source: Federal Trade Commission (FTC) - Understanding Digital Fraud
  
  

Stay Safe Online - National Cyber Security Alliance

• Offers simple, straightforward advice on how to protect yourself online, with resources tailored for older adults.
• Link: Stay Safe Online

Recognizing Phishing Attempts:

• Tips and tricks on how to spot phishing emails, texts, and calls that may lead to fraud.
• Source: Cybersecurity & Infrastructure Security Agency (CISA) - Phishing Infographic
  
  

Digital Literacy Project

• This initiative provides tutorials and articles aimed at helping users of all ages increase their understanding of digital safety and privacy.
• Link: Digital Literacy Project

Latest Scam Alerts and Reports:

• Updates on recent scams as reported by consumers and financial institutions.
• Source: Consumer Financial Protection Bureau (CFPB) - Fraud & Scams
  
  

AARP Fraud Watch Network

• Aimed particularly at older adults, AARP's Fraud Watch Network sends out regular alerts about scams and frauds that are targeting seniors, including the latest tricks scammers are using.
• Link: AARP Fraud Watch Network
  
  

Better Business Bureau (BBB) - Scam Tracker

• The BBB Scam Tracker is a crowd-sourced tool that allows consumers to report scams and see what scams are happening in their area or across the country.
• Link: BBB Scam Tracker
  
  

National Cybersecurity and Communications Integration Center (NCCIC)

• Part of CISA, the NCCIC publishes bulletins and alerts on cybersecurity issues, including ongoing scam campaigns.
• Link: CISA Current Activity Alerts

Best Practices for Online Banking Security:

• Guidelines for maintaining strong passwords, enabling two-factor authentication, and monitoring account activity.
• Source: American Bankers Association (ABA) - Safe Online Banking Tips
  
  

Fraud Prevention Center:

• Make sure your financial information is protected.
• Source: National Credit Union Administration (NCUA) - Fraud Prevention Center

Identity Theft: What It Is and How It Happens

• An in-depth look into the nature of identity theft, common tactics used by thieves, and the impact it can have on victims.
• Source: Federal Trade Commission (FTC) - About Identity Theft

Preventing Identity Theft: Best Practices

• Strategies for safeguarding personal information online and offline to prevent identity theft.
• Source: Federal Trade Commission (FTC) - Protecting Your Identity

Fraud Alerts and Credit Freezes

• Explanations on how to place fraud alerts or freeze credit to prevent further damage.
• Source: Federal Trade Commission (FTC) - Credit Freeze FAQs

Identity Theft Recovery Plans:

• Step-by-step advice on what to do if you’re a victim of identity theft.
• Source: Federal Trade Commission (FTC) - Identity Theft Recovery Steps