Scam Spotlight: 

Spoofed Credit Union Phone Numbers

Recently, credit union members have reported a scam where they receive a phone call that appears to be from the credit union, but is in fact a fraudster spoofing the credit union’s phone number. These callers will ask for personal account information in order to gain access to Online Banking. Once the fraudster has access to the member’s account, fraudulent transactions can be made.

Please remember that a legitimate call from our Fraud Department WILL NOT ask for your login ID, Online Banking credentials, or personal account information. If you are unsure if a call is legitimate, end the call and dial the TruWest Fraud Department number: 1 (855) 878-9378

These fraudsters can be tricky. Usually, our fraud department may text you for confirmation of transactions that seem out of pattern for you. Fraudsters may tell you over the phone to reply “yes” to these text messages, granting permission for subsequent (fraudulent) transactions to proceed. Please only answer “yes” if you indeed authorized the transaction in question.

Fraudulent Calls

Some members have also reported receiving phone calls attempting to verify transactions made on their debit or credit cards. The caller then asks for the security code on the back of your debit or credit card to ensure that they have reached the correct card holder. This is a fraudulent attempt to steal your personal information! A legitimate call from the TruWest Fraud Department WILL NOT ask for your card number, expiration date, or security code on the back of the card.

Fraudulent Texts

Members have also reported receiving text messages with a warning that their card has been locked. These texts do not include the name of a financial institution. Responding to the texts could lead to compromising your personal information. If you receive a suspicious call or text, DO NOT give out any personal information. We encourage you to call TruWest Credit Union at 1 (855) 878-9378 to confirm activity on your account.

The Card Manager within our mobile app are also a valuable option to verify card transactions. Card controls allow you to turn on or off your cards if you have any safety concerns.


Common Scams: 

  • Zelle Fraud Scam

    The Zelle Fraud Scam works when a fraudster calls a member from a number spoofed appearing to be the credit union. The fraudster then asks the member to answer some identifying questions, specifically their online user name and password. The fraudster then informs the member that they will be receiving a one-time passcode as another layer of verification and requests that the member provide them with that code. The fraudster now has everything necessary to access the members online banking. They typically then change the password and proceed to use online services to transfer funds.

    Zelle attempted to combat this scam by adding another layer of authentication with transaction details. However, the fraudsters are using the same tactics to bypass this additional security.

    Tips to Consider:

    • TruWest will never contact you and ask you to provide personal information such as user name, password, account number, social security number, or PIN number.
    • Consider whether the call makes sense. If it feels suspicious, trust your instincts.
    • If in doubt, hang up and call TruWest directly at 1 (855) 878-9378.


  • Corporate Check Fraud

    Reports of fake check scams are on the rise. Some individuals thought they received a payment for a new job (secret shopper or car wrap), others received an overpayment for something they sold online, and still others received prize money in the mail for a lottery or sweepstakes they had supposedly won. Regardless of the situation, the scammer’s goal is always the same – to convince you to deposit the fraudulent check and then send some of the money back. Some specifics have been reported to include a person named “Andrew Beck” and being signed by “Oprah Winfrey”. We are also seeing a trend with checks being signed by H. Greg McCullough, who is not someone that has authority to sign TruWest checks. Another emerging trend surrounding corporate check fraud is the inclusion of REF 600889683479 in the remitter line. We are advising members to confirm the validity of any unexpected checks, prior to their deposit. If you happen to receive a check that you were not expecting, please do not negotiate the check. Please contact TruWest to make sure the check is valid.

    How to protect yourself:

    • If you’re suspicious about a check you received, ask yourself:
    • Is the check for more than you expected?
    • Did you receive specific instructions on how to deposit the check?
    • Are you asked to send money back using an immediate form of payment such as, a money order, gift card, wire transfer, or mobile payment?
    • Are you directed to act quickly to make the deposit and return the money?
    • Does the person who sent the check keep asking when you’re going to send the money?
    • If you answered ‘yes’ to any of these questions, don’t deposit the check.
    • Be aware: It can take weeks for a bank to confirm a bad check once it’s deposited and you may be out the amount of the check and any money sent to the scammer.

    For more information on how to identify and protect yourself from this type of fraud, please click here. There is information that can be reviewed on scams of this nature on the NCUA, the Federal Trade Commission, and the Maricopa County Attorney’s websites. If you were solicited or a victim, we encourage you to file a complaint with the Federal Trade Commission and if you received the check by mail, the United Postal Inspector. You are in the best position to report this instance as the victim and the person who received the check.  Filing a report is the best way to gather information on these fraudsters and help law enforcement.

  • Prevent ATM Fraud

    Check deposit fraud is on the rise, and scammers are targeting members in person– outside of branches and ATM’s. Members may be asked to deposit a check by someone at the ATM and withdraw cash for them. Often, they will offer the member cash in exchange for the gesture.

    Unfortunately, the deposited checks are fake, stolen, or do not have sufficient funds. In this case, the member is then held responsible for an overdrawn account. While concerning, here are some tips that can help avoid this and other types of fraud:

    • Never deposit a check for someone you don’t know.
    • Enter the branch for assistance if someone approaches you and asks you to do a deposit.
    • Contact us at 1 (855) 878-9378 or walk into a branch, if you’re ever unsure about a situation.
  • Protect Your Information

    TruWest will never contact you to ask you to verify online username or passwords, ATM/Debit/Credit Card numbers, Online Banking One-Time Passcodes (OTP) or PIN numbers over the phone, through text or by e-mail.

    We have been hearing recent reports of increased fraudulent activity targeting members (and other financial institutions) by text, email, and/or by phone, claiming to be from TruWest Credit Union. At times, they are also texting a number to call. THIS IS A SCAM. If you receive this type of message, simply ignore it and do not respond. As a reminder:

    • Never share your personal or financial information. This includes your financial institution’s username and/or password.
    • When communicating with someone new over the internet, confirm their identity and do not readily share personal or financial information with them.
    • Be careful what information you share on downloaded mobile apps. Information about you, such as the games you like to play, your contact list, where you shop and your location, has value. Be thoughtful about who gets that information and how it’s collected through apps.

    If you think you have already responded to a suspicious text and provided personal information, please call 602-629-1805 during business hours so we can take steps to protect you from possible fraud.

  • Account Takeover Phishing Scams

    Reports of account takeover phishing scams have recently increased. Members have been receiving fraudulent emails from companies such as MacAfee, Geek Squad, and Norton stating that they need to update their antivirus. A link is provided in the email to update their services but the link is often infected with malware.

    TruWest is advising all members to take the following precautions:

    • If you receive an email of this nature do not click on the link.
    • Do not call or text the number provided in the email. If you want to call, look up the company’s number online.
    • Never give your password out.
    • Make your passwords long, strong and complex.
    • Do not give your financial information out to someone who contacts you out of the blue.
    • It typically isn’t normal to refund a company in gift cards.
  • Smishing and Shortened URLs

    Smishing (text message phishing) continues to grow in popularity. Smishing attacks can be difficult to catch, especially because both legitimate and phishy text messages tend to use shortened URLs. A URL is the web address of a page. Typically, the URL shows you where a link will take you. For example, a URL like https://blog[dot]knowbe4[dot]com/why-should-we-care-about-personal-smishing-attacks will take you to a blog post about personal smishing attacks.
    Because text messages have character limits, including a full URL is not practical. Instead, URL shortening programs are used to create a redirect link. For example, this shortened URL https://bit[dot]ly/3gUpTk1 will redirect you to the blog post mentioned above—or will it? There is no way for you to know where that shortened URL will send you. Cybercriminals often use this technique to redirect you to a malicious website or to a download page for malware. Don’t be fooled!

    Follow these tips to spot a potential Smishing attack:

    • Think before you click. Were you expecting this message? When did you give this company your phone number? Did you sign up for text notifications?
    • Be cautious of a sense of urgency. The bad guys often use words like “urgent” or “ATTENTION” to try and trick you into impulsively clicking a malicious link.
    • If you think the text message could be legitimate, try typing the shortened URL into a URL expander tool, such as GetLinkInfo or ExpandURL. These tools will reveal where the shortened URL will direct you, without taking you to the redirected site.
  • Voice Changing “Catphish”

    In a recent phishing attack that targets single men, cybercriminals show us how they use modern technology to trick their victims. The scam starts with the cybercriminal posing as a single woman and befriending their target on social media. Then, they start building rapport with the target through various interactions. Eventually, the cybercriminal sends audio messages with a woman’s voice to convince their target that they are who they claim to be.
    The target doesn’t know it, but the cybercriminal is actually using a voice changing software to disguise their true identity. If the target falls for the fake audio messages, they receive a video file of their newfound love interest. Except, the file is actually a dangerous piece of malware designed to grant the cybercriminals access to the victim’s entire system.

    This tactic isn’t exclusive to romantic scams, so be sure to remember these tips:

    • Keep your social media accounts private and only accept friend requests from people that you know and trust.
    • If you meet someone online, be sure to verify their identity. You could use a search engine to find their other social media profiles or simply ask to have a video call to make a face-to-face connection.
    • Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!
  • Tricky PDF Files

    Cybercriminals have a new favorite phishing lure: PDF files. A PDF is a standard file type that presents text and images in their original format regardless of which program you use to open the file. Unfortunately, this makes the use of PDFs a great way for cybercriminals to get creative and trick victims into clicking on malicious links.
    One common tactic for phishing with PDF files is to include an image that looks like something that you should interact with. The PDF may include a fake captcha image with the “I am not a robot” checkbox. Or the PDF may include an image of a paused video with a play button over the display. If you try to click the captcha checkbox or play the phony video, you’ll actually be clicking a link to a malicious website.

    Don’t fall for these tricks! Remember the following tips:

    • Never click or download an attachment in an email that you were not expecting.
    • Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!

    If you receive a suspicious email, be sure to contact your IT department or follow the specific procedure for your organization.

  • Advanced Phishing Hidden in Plain Text

    Cybercriminals are using advanced tactics to disguise dangerous malware as harmless text files. Using a phishing email, the bad guys try to trick you into downloading a file attachment named “ReadMe_knl.txt”. Typically, files ending in .txt are plain text documents that can be opened in any text editing software. But in this case, the cybercriminals use a trick called Right-to-Left Override (RLO) to reverse part of the file name.
    The true name of the attached file is “ReadMe_txt.lnk.lnk”. It is not a plain text document, but actually, a command that instructs your computer to download the bad guy’s malware. Once the malware is installed, cybercriminals have complete access to your system. They can access everything from your browser history to your cryptocurrency wallet and they can even take photos using your webcam.

    Advanced phishing tactics can be intimidating, but you can stay safe by practicing the tips below:

    • Remember that bad guys can disguise anything, even file types.
    • Never click a link or download an attachment in an email that you were not expecting.
    • When in doubt, reach out to the sender by phone to confirm the legitimacy of the email.
  • Classic Facebook Phishing

    While cyber threats continue to advance in new and intimidating ways, classic phishing methods are still a favorite among bad guys. Let’s take a look at a recent Facebook-themed phishing attack and see if you can spot the red flags:

    The email appears to come from Facebook and starts with “Hi User”. The body states that there is an issue with your account that you must log in to resolve. The email includes a link to “verify” your account and ends with the line “This link will expires in 72 hours, We appreciate your attention to this matter.” If you click the link, you are taken to a phony look-alike Facebook login page. Any information that you enter on this page is delivered straight to the bad guys.

    How many red flags did you see? Remember the following tips:

    • Question everything. For example, your name is part of your Facebook profile, so why is the email addressing you as “User”?
    • Look for a sense of urgency. In this example, the email gives you 72 hours to verify your account. Remember, the bad guys rely on impulsive clicks.
    • Pay close attention to the grammar and capitalization. For example, the words “This link will expires in…” should be “This link will expire in…”. Also in that same line, the word “We” is in the middle of a sentence, so this should be lowercase.
  • VIN Cloning

    In recent years it has become common for criminals to gather legitimate VIN information from dealerships, parking lots and off the street, and then use that information to sell stolen vehicles. The stolen vehicles are often the same year, make and model as the legitimate vehicles.

    Once the stolen vehicles are located the authorities will seize them and return them to their rightful owner. This leaves innocent members with no vehicle and an unsecured loan.

    Tips to Consider:

    • Check the VIN on the National Insurance Crime Bureau’s website.
    • Utilize Carfax or AutoCheck
    • Review that the vehicle VIN matches the loan documents prior to signing

    A National Crime Prevention Council report states that as many as 225,000 stolen cars each year are subject to VIN cloning.


Financial Fraud Resources

TruWest is continually reviewing the safeguards we have in place to protect our member’s personal information. We aim to stay up-to-date on new and evolving tactics used by scammers, and we commit to updating our members as we learn of new schemes or variations in criminal maneuvers. The links below have additional information and resources that will help you work through your specific situation.

Credit Bureau Information

If you feel your personal information has been compromised or you have been a victim of a scam:

Identity Theft Resources

If you feel that you are a victim of identity theft, there are several resources available to assist you. and are two sound resources that can provide information on a personalized recovery plan as well as other valuable information.

The material and information presented here is for informational purposes only and is not intended to be used as financial, investment, legal or other advice. Please consult with a professional concerning your specific circumstances.