At Achieva Credit Union, protecting your financial security against phishing scams is our top priority. In recognition of Cybersecurity Awareness Month, we want to ensure you have both the knowledge and tools to protect yourself against the latest phishing scams. We are sharing this comprehensive guide from our IT security team about newer scams and how to protect yourself. Additionally, review Achieva Life’s article from June on elderly scams here.

AI-Powered Digital Deception

Phishing scams remain the most pervasive online threat, and today’s scammers have become significantly more sophisticated, leveraging AI and advanced technology at their disposal. Criminals and hackers now craft messages that are nearly indistinguishable from legitimate communications. Additionally, they can spoof bank telephone numbers and have become skilled at emotional manipulation. They know exactly which buttons to push to make you act before you have a chance to think.

Scammers are master manipulators who don’t target your wallet first; they target your feelings. They expertly weaponize these five powerful emotions to bypass your rational judgment:

• Excitement & Greed: The promise of winning something is presented to make you overlook red flags.
  • “You’ve won our sweepstakes! Just pay a small fee to claim your prize.”
• Fear & Panic: They create an immediate sense of danger to short-circuit your critical thinking.
  • “Your debit card has been charged $830. Did you make this transaction? Please use this new password to access your account to verify these transactions.”
• Urgency & Pressure: A limited timeframe is used to force you into a rushed decision before you have time to think.
  • “Act now or your account will be permanently deleted today!”
• Authority & Intimidation: They impersonate trusted institutions to make you feel obligated to comply without question.
  • “This is the IRS. You owe back taxes, and a warrant for your arrest is being issued if you don’t pay immediately.”
• Sympathy & Desire to Help: They prey on your kindness and compassion with a heartbreaking story of need.
  • “Help! I’m stranded and need you to wire me money right away.”

These messages arrive through emails, text messages (smishing), social media, and even phone calls (vishing).

Cyberfraud’s Red Flags to Watch Out For

While AI has made scam messages more polished, certain warning signs remain consistent:

• Unexpected messages demanding immediate action.
• Requests for sensitive information like passwords, PINs, or Social Security numbers
• Requests for payment via gift cards, cryptocurrency, or wire transfers
• Slight misspellings in sender addresses (like “achievacreditunlon.com”)
• Generic greetings despite claims of personalization
• Links that don’t match the organization’s official website

Remember: Achieva Credit Union will never ask for your complete account numbers, passwords, or PINs via email, text, or phone.

Next Gen Sophisticated Phishing Scams

Modern fraudsters have some new tactics, from lengthy emotional grooming to using cutting-edge AI voice cloning of family and friends. The term “phishing” typically refers to email attacks, but these related terms describe attacks across other communication channels:

Term	Attack Method
Vishing	Phishing via voice (phone calls)
Smishing	Phishing via SMS (text messages)
Spear Phishing	A highly targeted email attack against a specific individual
Whaling	A spear phishing attack targeted at a high-value executive (the “big fish”)
Pharming	Redirecting users from a legitimate site to a fake one via a compromised DNS or host file (more technical than a simple email link)
Spoofing	Disguising an email address, phone number, or website URL to look like a trusted source (this is a technique used in phishing)

Below are examples of frequently used phishing scams:

Pig Butchering – The Long Con

In this particularly cruel scam, criminals invest weeks or months building trust through social media or dating apps. Starting with a seemingly mistaken message on the app, they gradually convince victims to invest in fake cryptocurrency schemes. Once they’ve “fattened up” their target with illusions of success, they vanish with the money.

Another example is that someone texts you asking if you are someone else. When you reply that they mistakenly reached the wrong person, they start a conversation with you. They send fake pictures of themselves and tell a sad story about what happened to them.  They befriend you by texting friendly, positive messages every day, until eventually asking for money.

Accidental Deposit Scams

Scammers “accidentally” send money via payment apps like Venmo or Zelle, then frantically request it back. However, the original payment comes from a stolen account, meaning you lose real money when you “return” it.

Tech Support Scams

Pop-ups or calls claim your computer is infected, with fake technicians requesting remote access to “fix” the problem. Once in, they steal personal information or demand payment for non-existent services.

Delivery Notification Scams

Fake messages from UPS, FedEx, or USPS claim there’s an issue with your package. The included link leads to phishing sites designed to harvest your personal and payment information.

AI Voice Cloning: The Newest Threat

Perhaps most disturbing, scammers now use artificial intelligence to mimic the voices of loved ones. They create panic scenarios, such as arrests, accidents and kidnappings to pressure you into sending immediate financial help.

A Defense Strategy for Phishing Scams

Here are some immediate actions that you can start today when you look at a suspicious email or text that comes across your phone or computer screen:

1. Pause Before You Click: Take a breath, stop and think. Legitimate organizations do not pressure for immediate action.

2. Verify Independently:

– Never use contact information from suspicious messages

– Call the company directly at their official support number. Use phone numbers from your contacts or official websites

3. Never Respond to Unexpected Messages: Don’t even reply to say they have the wrong number. This confirms your contact information is active.

4. Hang Up and Call Back: If someone claiming to be a loved one or authority figure calls with an urgent request, hang up and call them back using a verified number.

Proactive Protection: Staying ahead of Online Scams

Be one step ahead of fraudulent scammers using these strategies:

• Create a Family Safe Word: Establish a code phrase known only to family members for verifying emergency calls.  If the person on the other end of the line doesn’t comply, then hang up.

• Enable Two-Factor Authentication: Add an extra security layer to all accounts with biometric authorization, or password managers that require an extra security login feature.
• Monitor Your Accounts: Set up alerts for transactions that are debits, payments, or transfers.
• Be Social Media Smart: Remember that scammers mine social platforms for personal information.

Here’s what you can do if you suspect you are a victim of a phishing scam

Acting quickly is crucial. Here’s what to do:

1. Stop All Communication: End contact immediately, even if the scammer becomes threatening or attempts guilt tactics

2. Contact your financial institution’s risk management or fraud hotline.

3. Document Everything: Screenshot messages for evidence.

4. Change Passwords: Update all potentially compromised accounts

5. File Reports with:

• IC3.gov (FBI’s Internet Crime Complaint Center)
• ReportFraud.ftc.gov (Federal Trade Commission)
• Your local police department
• Anti-Phishing Working Group at reportphishing@apwg.org

Achieva Credit Union’s Commitment to Your Security

At Achieva Credit Union, we employ industry-leading security measures and will:

• Never request passwords, PINs, or full Social Security numbers via unsecured channels.
• Always provide secure methods to verify our communications.
• Continuously monitor for fraudulent activity.
• Offer products like Achieva Checking Plus that provide additional layers of protection.

Achieva Checking Plus Provides Identity Theft Protection

While knowledge is your first line of defense, it helps to have a security feature included with your checking account.  Achieva Credit Union offers an additional layer of protection through our Achieva Checking Plus account with built-in Identity Theft Protection.

This comprehensive service provides:

Real-Time Monitoring

Our advanced systems continuously monitor for signs of identity theft, alerting you to suspicious activity before significant damage occurs.

Recovery Assistance

Should you become a victim, our dedicated specialists guide you through the recovery process, helping restore your identity and credit standing.

Financial Reimbursement

The Checking Plus Identity Theft Protection includes coverage for certain expenses related to identity restoration, giving you peace of mind beyond just monitoring.

Expert Support

Access to fraud resolution specialists who understand the latest scam tactics and can provide personalized guidance for your situation.

Learn more about Achieva Checking Plus or speak with a member service representative at any branch to discover how Achieva Checking Plus can enhance your financial security.

*Achieva Credit Union is committed to your security. We will never request sensitive information through unsecured channels. This article is for educational purposes and member protection.