Is that really Arkansas Federal? How to spot a scam.

You’re going about your day when your phone rings. When you answer, it’s someone from the credit union alerting you that there’s an issue with your account. 

Like anyone, you want to get it taken care of as quickly as possible. But then, the caller starts asking for things like your social security number, one-time login code, PIN, or other personal information. You grow suspicious, but you’re also frantic to take care of your account. 

Your instincts are spot on. This call is from a scammer who is phishing for your information to get access to your accounts. 

How to protect yourself? 

Always be skeptical whenever you’re contacted by someone claiming to be with your financial institution. Believe it or not, many scammers can even fake the caller ID information or the number from a text message to make it appear like it’s coming from your bank or credit union. So even if the number is saved in your contacts, you trusting your caller ID offers no guarantees.

If you aren’t 100% certain that it’s a call from your financial institution, hang up immediately. If it’s a text, don’t respond — not even to reply Yes or No — as this could be an attempt to access your account or personal information.

Typically, scammers will ask you for:

• Your social security number
• Login information for your digital banking 
• Your debit card information, such as the number, expiration date, or security code
• One-time login codes for online accounts

Arkansas Federal will never initiate contact asking for any of this information. We will also never request you to log in to any of your online accounts or ask you to initiate any transaction. Anyone who asks you for these things is a scammer. 

Best Practice

A best practice is to stop communication with the individual immediately – hang up, don’t text back, and don’t give them any information. Tell the caller that you can’t talk right now. Then, call your financial institution directly to confirm if there is a problem with your account. They will be able to verify if it is legitimate or not.  When you report this type of fraud to Arkansas Federal, we take it seriously and encourage you to reach out immediately so that we can secure your accounts and investigate.

Additional Safety Tips

Outside of spotting a scam, here are a few more tips to keep your accounts safe when banking online.

• Password protect your devices. Password-protecting your phone, tablet, and computer adds an extra security layer in case your device is lost or stolen.
• Create unique, strong passwords and change them often. Make sure your passwords are eight or more characters long and include a combination of numbers, symbols, and upper/lowercase letters. Use unique passwords for digital banking that you don’t use elsewhere. Also, be sure to change them about every three months.
• Use Two Factor Authentication. Most online services require a single-factor authentication—username and password combo, but some, including Arkansas Federal, also have two factor authentication, also known as 2FA. With 2FA, you need to provide your password/username, but you must also prove your identity some other way, such as by providing a unique code sent to either your email or via SMS text to your phone. Although either method – email or text – adds an added layer of security outside of your password/username, we recommend using text if possible. Since a password can usually be reset from an email account, SMS text is a bit more secure than email.
• Hang Up/Don’t Text Back: If someone calls or texts claiming to be from Arkansas Federal, or another financial institution, and is trying to get information from you, hang up and/or don’t text back. It’s not rude. Then, call your financial institution to verify the contact instead, but don’t call a number texted to you—use the website or app phone number.
• Don’t stay logged in. When you’re done with your digital banking account, log out.
• Avoid public WiFi. When accessing your financial accounts online, avoid doing it on public WiFi networks as they aren’t as secure as your secure network at home.