A scam known as “account takeover” fraud is on the rise, and there are a few things you can watch out for to try to keep it from happening to you.

What it is: The account takeover scam involves theft of your login usernames and passwords with the intent to access, and then take over, your account. This can also include taking over your social media and email accounts, usually as a preliminary step to access financial accounts. By impersonating you online, the scammers can use your account(s) as they wish, including taking funds out for themselves.

How it works: This scam usually begins with the fraudster calling, texting, or emailing you and claiming to be an employee of your credit union, bank, or other business where you have an account. The caller may already have certain personal details about you, such as the last four digits of a card number, the names of others on your account, a partial Social Security number, or your phone number or address. The information they have can make them seem like a legitimate representative, but don’t be fooled!

The scammer’s next step is to ask you about questionable transactions on your account. When you say the transactions aren’t yours, they say they need to verify some details in order to freeze the card/account and prevent theft. They may ask you for your online banking user ID to “verify your identity.” Once they have your user ID, they’ll enter it and use the “forgot password” option to reset your password, usually while they still have you on the phone. If you have two-factor authorization set up, your bank will send you an automatic verification code; the caller will ask for that code, implying that they sent to you.

That’s all it takes. Now the scammer has your user ID, a new password that you don’t know, and full access to your account. Your money won’t stay in that account for long. What’s worse is that the cybercriminals may also attempt “credential stuffing,” where the login and password from one site are used to try to log in to accounts elsewhere.

• Protect yourself. Some risk factors for account takeover and other types of identity theft are out of your control. For example, you may be the victim of a data breach, or your information might have been posted to the dark web. But there are some steps you can take to decrease the risk:
• Don’t use the same online user ID and password for multiple sites. Try to use a unique, secure password for every online account. Look into secure password managers to generate and store unique passwords so you don’t have to remember every single one.
• Use multifactor authentication when it’s available. You’ll receive a one-time passcode by text or email each time you log in to your account. Don’t share this code with anyone you don’t know and trust.
• Check your financial accounts often. If you catch errors or unfamiliar transactions quickly, you have a better chance at success in working with the institution to protect your money.

One of the most common financial scams today is ATM skimming. Hundreds of millions of dollars are lost in this scam each year. As you use your ATM and debit cards at swipe terminals, including ATMs and retail outlets, please be aware of what skimming is and how it can affect you.

ATM skimming is a type of fraud that occurs when an ATM or card processor is compromised by a skimming device. A skimming device is a fraudulent card reader disguised to look like a real part of the machine. A criminal will affix the skimming device to the card terminal, and once the card is swiped through a skimming device, the card reader saves the user’s card number and pin code. Once the criminal has this info, they replicate it into a counterfeit ATM or debit card that can be used to fraudulently remove funds from your account. It is important that you always keep a close watch on your accounts to make sure there are no unauthorized transactions.

When you’re at an ATM terminal or paying with a card at a retail store, look at the card terminal before you swipe. Ask yourself if it looks like it could be fake and look at the machine closely for anything that appears suspicious. Look for unusual wiring outside of the machine. To protect our members from losses, Zeal Credit Union will deactivate any cards that we suspect have been skimmed, and immediately issue a new card.

If you suspect a card reader is a skimming device, contact your local police department. If you know you have swiped your card through a skimming device, contact us immediately at (800) 321-8570.

The Federal Trade Commission (FTC) cautions: Be aware of Imposter Scams via Text Messaging.

Don’t click on that random text asking you to take action or click a link. It’s a scam. Today’s most common fraud tactic targeting consumers is the Imposter Scam; Scammers are using text messaging to target their victims.

The scam begins with a text or a call; the scammer pretends to be a person or business you trust to convince you to send them money or share personal information. Any text asking you to share personal, sensitive information is a scam; Zeal Credit Union, as well as any other legitimate business, will never contact you to request sensitive information such as: your Online Banking password/username, PIN(s), or account number – and we’ll never request that you wire us money.
For more examples of imposter scams via text message, visit the FTC’s website:

Don’t believe promises of money or prizes! Any email or social media link that promises freebies, prizes, or “Get Rich Quick!” schemes should be dismissed – these are almost always scams.

Be extra cautious of “pay to enter” promotions where you’re asked to pay up front for the chance to win a certain amount of money, as well as organizations asking for donations for national disaster relief that aren’t associated with a legitimate 501(c)3. When in doubt, do some research! You can look up nonprofits online at state-sanctioned websites, such as searching Michigan Nonprofit Association for Michigan 501(c)3 nonprofits.

Phishing emails – or emails that pretend to be from a legitimate source but aren’t – attempt to trick you into providing them with your personal information through deception, links to fake websites, and more. Though the website may look identical (or nearly identical) to the real thing, logging in or providing your personal information on this website will end up sending that information straight to the scammer. Links may also lead to websites that attempt to install malware on your device, which then mine your digital data to get your login and personal information, and subsequently get hold of your accounts and funds.

These phishing emails often use scare tactics and a sense of urgency to scam you – making you panic and tricking you into providing data to an unreliable source. Be wary of emails that use these fear tactics, such as “Your information will be deleted if you don’t log into your account in the next 24 hours!” or “Your account has been compromised by an unknown source. Log in now to retrieve your account.”

Utilize the HOVER technique. Before clicking any links, hover your curser over the link to see the full URL. While the link may say a reputable destination (such as IRS.gov or your local financial institution), oftentimes you can tell immediately that the link isn’t legitimate based on the URL that shows up when you hover over it. Make sure the destination is your intended one, and not an unfamiliar URL that has extra periods between words or routes to a “.net” or “.com” when it should be “.org” or “.gov.” When in doubt, DON’T click the link – navigate to the official webpage using a bookmarked page or a trustworthy search engine.

When it comes to unsolicited emails, your best bet is to delete, delete, delete! If you didn’t initiate contact, there’s a good chance that you’re being targeted for fraud. Legitimate companies will never send you requests for sensitive information via email.

Romance scams are definitely on the rise – with the FTC reporting that in 2023, upwards of 64,000 victims nationally reported losing an approximate $1.1 BILLION to romance scams in the U.S. And since many don’t report romance scams, the actual amount is likely much higher.

With the prevalence of romance scams around the world, it’s important you know how to spot – and stop! – a romance scam.

• No matter how long you’ve been communicating with someone online, via text, or in an app, only send money to people you KNOW, have met in person, and have an established, close personal relationship with. Never send money to anyone you have only communicated with online or by phone. This includes gift cards, crypto, bank/wire transfers, cash apps, and more.
• Many scammers will use the same types of tried (and untrue) stories to get you to send them funds – “my child needs surgery,” “I need money to get out of jail,” “I’m stuck overseas and need money to get back home.” A good rule of thumb: sad stories are usually scam stories.
• NEVER agree to field online payments for someone you’ve never met. Scammers often use unwitting accomplices as middle-men in their scams to avoid getting caught. This can include being sent funds on Cash App, Venmo, or even in your personal bank account, that you then send on to another account as directed by the scammer. This is illegal and can end with you becoming responsible
• Research any suspicious persons’ photo and profile using online searches. If the photo of the person you’re speaking to belongs to someone of a different name/location, it may be stolen. Scammers often use the names/photos of real people or create new ones using popular AI generators.
• Beware those who ask you to leave the platform where you “met” and communicate directly by text or phone, but refuse to video chat or meet in person. Also be aware that if the person promises to meet in person but always comes up with a reason to postpone, this is a hint that they are a scammer.
• If a person attempts to isolate you from friends and family, or asks you to keep information secret from those around you, this is a BIG red flag. Block the individual and cut off contact.
• If the person claims to be a celebrity, famous individual, or popular influencer be especially on alert! If the individual requests money, a wire transfer, gift cards, or crypto-currency, it is definitely a scam. No celebrity/influencer needs cash from you – they have their own.
• If you, or someone you know, becomes a victim of romance or another form of fraud, report it as soon as possible to your financial institution and local law enforcement.