How can I tell if I'm talking to a scammer

Know the Signs of a Scam

How Do I Know If I’m Talking to a Scammer?

Know the signs of a scam. The internet has made communicating with others much easier, but it also makes it easier for scammers to find new victims. Scammers are constantly looking for people to take advantage of and always coming up with new ways to fool people. Scammers can quickly contact people and try to defraud them, whether through email, text messages, social media, phone calls, or postal mail.

They contact you unexpectedly – One of the most obvious ways to spot a scammer is if they reach out and contact you first. If you receive a message from somebody you don’t know, you can verify the message’s authenticity by calling the business directly. If somebody you do not recognize calls and says they are from TEGFCU and requests this information or your account details by phone, do not share any information and hang up immediately. Call TEGFCU at 845.452.7323 and press option zero to speak to our Solution Center and verify the call was legitimate.


How Can a Scammer Gain Access to My Account?

Scammers use a variety of ways to get your username and password. They might have used methods such as:

  1. Successful Phishing attempts
  2. Hacked emails or social media accounts
  3. Malware or viruses downloaded to your device
  4. Stolen postal mail
  5. Company data breaches
  6. Lost, stolen, or shared USB thumb drives.
  7. Your username and password are available for sale on the dark web

What is Two-Factor Authentication (2FA), and why is it important?

Two-factor authentication (2FA) protects your online accounts against phishing, social engineering, and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials. This dramatically improves the security of login attempts – it’s like double locking your doors.

Methods Scammers Use to Bypass Two-Factor Authentication

One method scammers use to bypass or defeat 2FA is Social Engineering.  This non-technical method tricks the victim into disclosing the critical code unknowingly.  The attacker then uses this code with your username and password to gain access to your account.

A typical way this scam plays out is you may receive an alert claiming that a company representative needs your help resolving a problem with your account.  You may receive this alert by phone call or text message. The scammer claims they need your code to verify your identity. Victims fall for this scam when they are told the passcode is needed to verify their identity.

Once they are logged into your account, scammers will immediately change the login credentials and transfer the money from your account to an external one.

How to Better Secure Two-Factor Authentication

Despite the vulnerabilities exposed by hackers, 2FA is still the recommended way to secure your accounts. Here are some tips for using this feature effectively:

  • Always use authenticator apps like Microsoft or Google Authenticator instead of text message codes.
  • Never share your security codes.
  • Whenever possible, use longer codes with more than six characters.
  • If you are unsure about your security, hang up and call the company directly.
  • Use complex passwords from a password generator and a password manager.
  • Never reuse passwords.
  • Educate yourself about common social engineering tactics.

TEGFCU will NEVER contact you directly to request any of your account information.

This includes:
• Social Security Number
• Credit or Debit Card numbers
• Security Code or CVV
• PIN – Personal Identification Number
• Address
• Date of Birth
• Online Banking Login Information
• Verification Codes
• Mother’s Maiden Name
• Passwords

If someone contacts you and requests this information or your account details by phone, do not share any information and hang up immediately. Likewise, stop and think before you click if you receive an email, website pop-up, or text with a suspicious link.

For additional information on how to protect your personal information and sensitive data from these types of attacks, visit the Federal Trade Commission.