Trending and Everyday Scams

Learn about current tactics used by scammers to compromise your personal information and put you at risk.

It’s important to be aware of fraudsters and scammers taking advantage of individuals. Below are some tips to protect your personal information and finances.

  • Never share your personal or financial information via email, text messages, or over the phone. This includes your financial institution’s username and/or password.
  • Keep all your computer programs updated, especially the computer’s anti-virus/anti-malware software and operating system (i.e. Windows, Mac OSX, etc.).
  • Employ unique, strong passwords for every critical online account, such as those for banking, financial investments and healthcare. Use a password manager to keep track of your passwords in a secure manner.
  • Practice smart online shopping. Never use a debit card for online transactions as scammers may be able to empty your bank account before you have a chance to dispute the charges. Only shop with reputable businesses employing the proper security on their website (beginning with “https”). Browse directly on the online shopping site instead of clicking links that may have been manipulated to send you to a potentially fraudulent site.
  • If you are sent any check for deposit, make sure it’s real. Never deposit a check from someone you don’t know. Learn how to spot fake check scams from the FTC at

For the most common Trending and Everyday Scams, click on the dropdown lists below:

  • Smishing and Shortened URLs

    Smishing (text message phishing) continues to grow in popularity. Smishing attacks can be difficult to catch, especially because both legitimate and phishy text messages tend to use shortened URLs. A URL is the web address of a page. Typically, the URL shows you where a link will take you. For example, a URL like https://blog[dot]knowbe4[dot]com/why-should-we-care-about-personal-smishing-attacks will take you to a blog post about personal smishing attacks.
    Because text messages have character limits, including a full URL is not practical. Instead, URL shortening programs are used to create a redirect link. For example, this shortened URL https://bit[dot]ly/3gUpTk1 will redirect you to the blog post mentioned above—or will it? There is no way for you to know where that shortened URL will send you. Cybercriminals often use this technique to redirect you to a malicious website or to a download page for malware. Don’t be fooled!

    Follow these tips to spot a potential Smishing attack:

    • Think before you click. Were you expecting this message? When did you give this company your phone number? Did you sign up for text notifications?
    • Be cautious of a sense of urgency. The bad guys often use words like “urgent” or “ATTENTION” to try and trick you into impulsively clicking a malicious link.
    • If you think the text message could be legitimate, try typing the shortened URL into a URL expander tool, such as GetLinkInfo or ExpandURL. These tools will reveal where the shortened URL will direct you, without taking you to the redirected site.
  • Voice Changing “Catphish”

    In a recent phishing attack that targets single men, cybercriminals show us how they use modern technology to trick their victims. The scam starts with the cybercriminal posing as a single woman and befriending their target on social media. Then, they start building rapport with the target through various interactions. Eventually, the cybercriminal sends audio messages with a woman’s voice to convince their target that they are who they claim to be.
    The target doesn’t know it, but the cybercriminal is actually using a voice changing software to disguise their true identity. If the target falls for the fake audio messages, they receive a video file of their newfound love interest. Except, the file is actually a dangerous piece of malware designed to grant the cybercriminals access to the victim’s entire system.

    This tactic isn’t exclusive to romantic scams, so be sure to remember these tips:

    • Keep your social media accounts private and only accept friend requests from people that you know and trust.
    • If you meet someone online, be sure to verify their identity. You could use a search engine to find their other social media profiles or simply ask to have a video call to make a face-to-face connection.
    • Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!
  • Tricky PDF Files

    Cybercriminals have a new favorite phishing lure: PDF files. A PDF is a standard file type that presents text and images in their original format regardless of which program you use to open the file. Unfortunately, this makes the use of PDFs a great way for cybercriminals to get creative and trick victims into clicking on malicious links.
    One common tactic for phishing with PDF files is to include an image that looks like something that you should interact with. The PDF may include a fake captcha image with the “I am not a robot” checkbox. Or the PDF may include an image of a paused video with a play button over the display. If you try to click the captcha checkbox or play the phony video, you’ll actually be clicking a link to a malicious website.

    Don’t fall for these tricks! Remember the following tips:

    • Never click or download an attachment in an email that you were not expecting.
    • Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you click!

    If you receive a suspicious email, be sure to contact your IT department or follow the specific procedure for your organization

  • Advanced Phishing Hidden in Plain Text

    Cybercriminals are using advanced tactics to disguise dangerous malware as harmless text files. Using a phishing email, the bad guys try to trick you into downloading a file attachment named “ReadMe_knl.txt”. Typically, files ending in .txt are plain text documents that can be opened in any text editing software. But in this case, the cybercriminals use a trick called Right-to-Left Override (RLO) to reverse part of the file name.
    The true name of the attached file is “ReadMe_txt.lnk.lnk”. It is not a plain text document, but actually, a command that instructs your computer to download the bad guy’s malware. Once the malware is installed, cybercriminals have complete access to your system. They can access everything from your browser history to your cryptocurrency wallet and they can even take photos using your webcam.

    Advanced phishing tactics can be intimidating, but you can stay safe by practicing the tips below:

    • Remember that bad guys can disguise anything, even file types.
    • Never click a link or download an attachment in an email that you were not expecting.
    • When in doubt, reach out to the sender by phone to confirm the legitimacy of the email.
  • Classic Facebook Phishing

    While cyber threats continue to advance in new and intimidating ways, classic phishing methods are still a favorite among bad guys. Let’s take a look at a recent Facebook-themed phishing attack and see if you can spot the red flags:

    The email appears to come from Facebook and starts with “Hi User”. The body states that there is an issue with your account that you must log in to resolve. The email includes a link to “verify” your account and ends with the line “This link will expires in 72 hours, We appreciate your attention to this matter.” If you click the link, you are taken to a phony look-alike Facebook login page. Any information that you enter on this page is delivered straight to the bad guys.

    How many red flags did you see? Remember the following tips:

    • Question everything. For example, your name is part of your Facebook profile, so why is the email addressing you as “User”?
    • Look for a sense of urgency. In this example, the email gives you 72 hours to verify your account. Remember, the bad guys rely on impulsive clicks.
    • Pay close attention to the grammar and capitalization. For example, the words “This link will expires in…” should be “This link will expire in…”. Also in that same line, the word “We” is in the middle of a sentence, so this should be lowercase.
  • VIN Cloning

    In recent years it has become common for criminals to gather legitimate VIN information from dealerships, parking lots and off the street, and then use that information to sell stolen vehicles. The stolen vehicles are often the same year, make and model as the legitimate vehicles.

    Once the stolen vehicles are located the authorities will seize them and return them to their rightful owner. This leaves innocent members with no vehicle and an unsecured loan.

    Tips to Consider:

    • Check the VIN on the National Insurance Crime Bureau’s website.
    • Utilize Carfax or AutoCheck
    • Review that the vehicle VIN matches the loan documents prior to signing

    A National Crime Prevention Council report states that as many as 225,000 stolen cars each year are subject to VIN cloning.

  • Zelle Fraud Scam

    The Zelle Fraud Scam works when a fraudster calls a member from a number spoofed appearing to be the credit union. The fraudster then asks the member to answer some identifying questions, specifically their online user name and password. The fraudster then informs the member that they will be receiving a one-time passcode as another layer of verification and requests that the member provide them with that code. The fraudster now has everything necessary to access the members online banking. They typically then change the password and proceed to use online services to transfer funds.

    Zelle attempted to combat this scam by adding another layer of authentication with transaction details. However, the fraudsters are using the same tactics to bypass this additional security.

    Tips to Consider:

    • Never give out your user name and/or password! TruWest will never ask you for this information.
    • Consider whether the call makes sense. If it feels suspicious, trust your instincts.
    • If in doubt, hang up and call TruWest directly at 1 (855) 878-9378.



As a reminder, our branches will be closed on Monday, June 19th in observance of Juneteenth. We will be open our normal hours on Tuesday, June 20th.