What We Do To Protect You

We’re committed to informing you on any security updates and providing resources to keep your accounts safe.

What We Do To Protect You

We Take Security Seriously

Citadel monitors your accounts 24/7 for suspicious activity, and we update members immediately if something is detected. In addition, we’re dedicated to keeping you informed about any new security threats or scams targeted at consumers. We offer several resources to keep you up-to-speed on security, along with tips to help you protect your accounts and information.

Security Alerts

Set up custom account alerts in Online & Mobile Banking to get notified by text message, email, or push notifications for transactions and other card activity:

Member Verify & One-Time Codes

To better protect against identity theft, Citadel requires members to provide a one-time verification code when calling member care to authenticate members. These codes will only be required when members call into Member Care and will only be sent to the phone number associated with the account.

Remember, Citadel will NEVER call or text you asking for personal information. If you receive a call requesting private info hang up immediately and contact us at 800-666-0191.

Cybersecurity & Scam Protection

As technology advances, you can be sure that identity thieves are not far behind. Citadel has a number of ways to report a scam or cybersecurity breach. If you suspect you are being scammed, call us immediately at 800-666-0191, video chat us through Video Connect, or stop into a branch and talk to an expert in person. Staying alert is your best line of defense!

Be on the look out for these current cybersecurity scams:

What is a Brand Impersonation Scam?

In this sophisticated scam, scammers will send you an email that very closely mimics a Citadel Credit Union email and may even direct you to site that looks like Citadel Credit Union’s site, then try to solicit personal information from you. Please remember that Citadel Credit Union will never ask you for personal information via email or over the phone. If you suspect anything suspicious on your account or that someone's' impersonating Citadel, please contact our Member Care team at (800) 666-0191 immediately. To learn more, visit CitadelBanking.com/scams

What is credential stuffing?

Credential stuffing is a cybercrime tactic in which criminals use login credentials that were previously exposed due to prior security events/breaches at organizations like Yahoo, Facebook, Door Dash, etc. The cybercriminals create a computer script with the list of exposed credentials and ultimately attempt to gain access to a website such as Online Banking.

How can I protect myself against credential stuffing?

Cybercriminals are aware that consumers regularly use the same usernames and passwords for many of their online logins. To be safe, consider changing your passwords on all accounts and avoid repeating the same password for different logins. Citadel recommends making passwords as unique and complex as possible.

Read our Learn and Plan article for additional ways to protect your information.

What is a Work-From-Home Scam?

Work-from-home scams promise big money for little effort. You think you’ve landed the perfect job, but it turns out to be a scam. These scams will often ask you to put up money in advance in order to get the job. This may be in the form of an application fee, special software to purchase, or a business investment. Fraudulent job postings tend to include tasks such as: Reshipping or repackaging, mystery shopping, envelope stuffing, data entry, medical billing, paid surveys, and reselling discount products. To learn more, visit CitadelBanking.com/scams

What is phishing?

Your email messages may not be quite what they appear to be if you’re targeted by a phishing scam. Phishing is the act of sending fraudulent emails that seem to come from familiar businesses. These messages contain links to phony websites designed to steal personal information either directly or through malware and keyloggers. Often, you’ll see a problem referenced with a request to click on the link provided to correct it. Once you’ve entered your information, ID thieves can access your accounts.

What is vishing?

Vishing is the telephone version of phishing. Callers are sometimes bold enough to suggest the victim call back to verify authenticity. But the vishers don’t hang up; instead they play a recorded dial tone to make the victim believe he’s making a call.


What is a targeted social media scam?

Over the past few years, social media financial scams of multiple varieties have become more frequent. In fact, Citadel members have been targets of social media scams, and this scamming continues to occur across multiple regions and involves a variety of financial institutions.

One of the most common types of social media scams is when an individual is asked to surrender personal information in order to provide access to their bank account(s). The fraudsters tell the victim they will deposit money into their accounts, then deposit fraudulent checks via ATMs. These scams are sometimes positioned as “work from home” opportunities to make money.

What is a Romance Scam?

Romance scams are one of the more common and costly online scams. Scammers create fake profiles on dating and social media sites and present as the perfect date. They will chat with you for some time to gain your trust, and then start asking you for financial support. These scammers may ask you to pay for a plane ticket, medical expenses, or customs fees to retrieve something, for example. They will also have reasons why they can’t get together just yet. Citadel advises members to not provide any financial information to anyone, even those you do know, over the internet. To learn more, visit CitadelBanking.com/scams

What is identity theft?

The crime of stealing someone's personal, identifying information for the purpose of using that information fraudulently. Personal, identifying information includes Social Security numbers, credit card and banking account numbers, user names, passwords, and patient records. Fraudulent uses for that information can often include opening new credit accounts, taking out loans in the victim's name, stealing money from financial accounts, or using available credit.

What is debit and credit card fraud?

Most shoppers love the convenience of plastic, and identity thieves use this to their advantage whether it involves skimming, phishing, vishing, malware, mail theft or just looking over a victim’s shoulder to steal account numbers. When debit cards are compromised, it’s particularly alarming because fraudulent purchases drain your checking account instantly.

What is a BEC scam?

Business email compromise, or BEC, scams have cost companies more than $1.2 billion. A phony email from a CEO requesting that funds be transferred per attached instructions is sent to an employee. Because the email appears to come from the employee’s superiors, and because the message so closely resembles requests this employee receives regularly, the transfer is often made without question. The money then ends up in overseas accounts that are almost impossible to trace.

Still have questions?