Citadel Cybersecurity & Scam Protection

In this sophisticated scam, scammers will send you an email that very closely mimics a Citadel Credit Union email and may even direct you to site that looks like Citadel Credit Union’s site, then try to solicit personal information from you. Please remember that Citadel Credit Union will never ask you for personal information via email or over the phone. If you suspect anything suspicious on your account or that someone's' impersonating Citadel, please contact our Member Care team at (800) 666-0191 immediately. To learn more, visit CitadelBanking.com/scams

Credential stuffing is a cybercrime tactic in which criminals use login credentials that were previously exposed due to prior security events/breaches at organizations like Yahoo, Facebook, Door Dash, etc. The cybercriminals create a computer script with the list of exposed credentials and ultimately attempt to gain access to a website such as Online Banking.

Cybercriminals are aware that consumers regularly use the same usernames and passwords for many of their online logins. To be safe, consider changing your passwords on all accounts and avoid repeating the same password for different logins. Citadel recommends making passwords as unique and complex as possible.

Read our Learn and Plan article for additional ways to protect your information.

Work-from-home scams promise big money for little effort. You think you’ve landed the perfect job, but it turns out to be a scam. These scams will often ask you to put up money in advance in order to get the job. This may be in the form of an application fee, special software to purchase, or a business investment. Fraudulent job postings tend to include tasks such as: Reshipping or repackaging, mystery shopping, envelope stuffing, data entry, medical billing, paid surveys, and reselling discount products. To learn more, visit CitadelBanking.com/scams

Your email messages may not be quite what they appear to be if you’re targeted by a phishing scam. Phishing is the act of sending fraudulent emails that seem to come from familiar businesses. These messages contain links to phony websites designed to steal personal information either directly or through malware and keyloggers. Often, you’ll see a problem referenced with a request to click on the link provided to correct it. Once you’ve entered your information, ID thieves can access your accounts.

Vishing is the telephone version of phishing. Callers are sometimes bold enough to suggest the victim call back to verify authenticity. But the vishers don’t hang up; instead they play a recorded dial tone to make the victim believe he’s making a call.

Over the past few years, social media financial scams of multiple varieties have become more frequent. In fact, Citadel members have been targets of social media scams, and this scamming continues to occur across multiple regions and involves a variety of financial institutions.

One of the most common types of social media scams is when an individual is asked to surrender personal information in order to provide access to their bank account(s). The fraudsters tell the victim they will deposit money into their accounts, then deposit fraudulent checks via ATMs. These scams are sometimes positioned as “work from home” opportunities to make money.

Romance scams are one of the more common and costly online scams. Scammers create fake profiles on dating and social media sites and present as the perfect date. They will chat with you for some time to gain your trust, and then start asking you for financial support. These scammers may ask you to pay for a plane ticket, medical expenses, or customs fees to retrieve something, for example. They will also have reasons why they can’t get together just yet. Citadel advises members to not provide any financial information to anyone, even those you do know, over the internet. To learn more, visit CitadelBanking.com/scams

The crime of stealing someone's personal, identifying information for the purpose of using that information fraudulently. Personal, identifying information includes Social Security numbers, credit card and banking account numbers, user names, passwords, and patient records. Fraudulent uses for that information can often include opening new credit accounts, taking out loans in the victim's name, stealing money from financial accounts, or using available credit.

Most shoppers love the convenience of plastic, and identity thieves use this to their advantage whether it involves skimming, phishing, vishing, malware, mail theft or just looking over a victim’s shoulder to steal account numbers. When debit cards are compromised, it’s particularly alarming because fraudulent purchases drain your checking account instantly.

Business email compromise, or BEC, scams have cost companies more than $1.2 billion. A phony email from a CEO requesting that funds be transferred per attached instructions is sent to an employee. Because the email appears to come from the employee’s superiors, and because the message so closely resembles requests this employee receives regularly, the transfer is often made without question. The money then ends up in overseas accounts that are almost impossible to trace.