Credit and debit card fraud involves the unauthorized use of another person's card information to make purchases from their account or access their funds.
Card fraud occurs through a variety of channels, including online scams, data breaches, and card or mail theft. Know how to defend yourself and rest assured Truity is continually monitoring for threats and suspicious activity. You also have the peace of mind that you're protected from unauthorized purchases by our $0 Fraud Liability policy.
Smishing uses text messages to lure members in. Usually, the text will contain a URL or phone number. The phone number will most likely have an automated voice response system. They may ask you to confirm your account number or password.
Smishers may use the first few digits of your debit or credit card as bait, since credit and debit cards all follow the same standard method for card numbers. Their text message might include a link to a bogus credit union website that looks and acts like your real credit union’s website. Or, it might prompt you to download a fake credit union app or call a number to clear up a supposed issue with your account. Once spammers capture your personal information, they can sell it on the black market or use it to commit fraud.
Do not respond to smishing messages. If you think you've received a fraudulent text from Truity, please take a screenshot of the message and send it to ReportScams@TruityCU.org.
Criminals also use verbal calls to solicit your personal information. Vishing relies on “social engineering” techniques to trick you into providing information that others can use to access and use your important accounts. People can also use this information to pretend to be you and open new lines of credit.
To avoid being fooled by a vishing attempt:
- If you receive an email or phone call asking you to call and you suspect it might be a fraudulent request, look up the organization’s customer service number and call that number rather than the number provided in the solicitation email or phone call.
- Forward the fraudulent email to the member service or security email address of the organization, to validate the email legitimacy.