Example Scams

• Be cautious with unexpected inbound emails, calls, or texts to you. If something feels off, it probably is.
  From time-to-time, GTE Financial will reach out to members.
• However, if someone contacts you, as a best practice, never share personal details, account numbers, or login codes over the phone, text, or email—even if the request sounds urgent and legitimate.
• Instead, verify first. If you receive an unexpected call, hang up and dial GTE Financial back at our official number: 813.871.2690 or 888.871.2690 (or the number on the back of your card).
• If you get a suspect email that looks a bit off (perhaps the logo is slightly wrong, there are typos or the sender is a random address), don’t click on any links or supply any information.
• Report anything suspicious immediately. If you’re unsure, let us know right away—we’re here to help.
• Learn more about Security Tips.

Know the fraudster language! What is a Phishing, SMShing, and Vishing attack?

• Spoofing is an approach used by cybercriminals to disguise themselves as a trusted source, like a financial institution. Spoofing can commonly occur in the form of a fake website or an email with a forged sender address. Sometimes, fraudsters will even create ads on Google or social media to try and lure consumers to a false website.
• Phishing commonly uses email, text, phone, social media and social engineering techniques to entice a victim to share sensitive information like an account number or a password. Sometimes victims are prompted to download a malicious file that will deploy harmful viruses onto a computer or phone.
• SMShing uses mobile phone text messages to trick victims into sharing sensitive data, often pretending to be a financial institution, an organization with authority or a shipping service to collect personal information.
• Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information for the purpose of financial reward.

• Member gets a call that looks like it is from GTE Finanicial, but it is a spoofed (fake) phone number.
• The fraudster confidenty states their name is X from GTE and informs you that there’s a suspicious transaction attempting to post on your card.
• During the call, you also receive several text messages, including the “Forgot Password” code for your Online Banking account.
• You are provided with a new code to reset your password and the fraudster asks to be provided with that code to validate your identity.
  • Remember, GTE includes verbiage when sending over a validation code, indicating you should never provide password or verificaton code information to anyone.
• Once the fraudster gets your verification code, they can now log into your Online and Mobile Banking account and can:
  • Change personal contact information
  • Conduct transfers and withdrawals

• You receive a call claiming you’ve won a gift card and all you have to do is provide them with your account information.
• You receive an automated message that your debit card has been suspended or deactivated. The message may prompt you to enter your card number to re-activate the card.
• You receive an automated phone call claiming to be from the National Credit Union Administration (NCUA), notifying consumers their cards have been compromised. The call then asks the receiver to follow prompts, which request personal information, including sensitive financial data and personal identification information.

• If you get a text that looks like this, it is a scam.
• “Your account has been suspended for IRS review. Contact us immediately at 866.XXX.XXXX.” 
• “Because of unusual activity on your card, please call 678.255.XXXX. Please provide your card information and enter it correctly or your account could be permanently closed.”
• “GTE Bank Notification – Your GTE bank account is closed due to unusual activity. Email your 16 digit debit/credit card number, expiration date, and social security number to gtefinancial.bank@xxxx.mi”
• You get a text that indicates your card has been deactivated and please call XXX-XXX-XXXX to reactivate.

• “In our terms and conditions, you have agreed to state that your account must always be under your control or those you designate at all times. We have noticed some activity related to your account that indicates that other parties may have tried gaining access or control of your information in your account. Therefore, to prevent unauthorized access to your GTE Financial Internet Banking account, you are limited to five failed login attempts in a 24-hour period. You have exceeded this number of attempts. To reactivate your debit card, please call: +1(805-XXX-XXXX).”
• From: beirek@gtefcu.org
  
  • Dear Customer,
    During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information.
    
    a. A recent change in your personal information ( i.e. change of address).
    b. Submitting invalid information during the initial sign up process.
    c. An inability to accurately verify your selected option of payment due to an internal error within our processors.
    
    To regain access, you must logon to your account and confirm your account details within 24 hours. Please visit www.cuathome.gtefcu.org and update your account. Your security is important to us. If you are not aware of this situation, please contact us immediately at 1.813.871.2690. *Note: If you have not registered with GTE Financial, please ignore this message and your contact information will be deleted within 7 days.
    
    Thank you.
    We apologize for any inconvenience.
    
    
• This is an example of an unverified email that is coming from a "spoofed" gtefcu.org account. This is an email phishing scam asking members to update their account information on a fake GTE website. "Spoofing" of email addresses can sometimes occur, however in many cases, if you look at the email header, you will see the true sender. Many anti-spam engines and email services check for this and will mark as SPAM. If you are ever concerned about an email being "real", it is best practices to not click on any links, do not login or sensitive information.

• Some scams take the form of a mobile application for your smartphone.  An example masquerades as an MMS message from a user’s phone contact. The virus delivers a link; clicking on it unpacks the virus via an app.
• The malicious program then gains admin privileges to your phone, sending further messages to contacts and requesting fund transfers from any linked bank accounts via SMS.
• Victims are greeted with the following message at the start: “Dear user, you have received an SMS photograph. You can view it using the link below.”

• A criminal will email, text or call a consumer pretending to be an employee of the institution’s fraud department. On the call, or in the written message, the “fraud” rep will tell the customer they’ve been a victim of financial fraud and must take steps to halt any transfers.
• The criminals then push the customer into completing a “Zelle refund” to stop the suspected criminal withdrawal from transferring out of the victim’s account.
• Once the “Zelle refund” is complete, funds are indeed transferred out of customer’s accounts and into a criminal’s account in near real-time. The entire scam takes only minutes to accomplish.

Think you been affected?  Click below on how to report fraud or identity theft.