Fighting Cybercrime Together

Use these tips and best practices to keep your personal information and finances cyber secure.

Citadel Cybersecurity & Scam Protection

Cybersecurity Resources

As technology advances, you can be sure that identity thieves are not far behind. Here are some common methods cyber thieves use to steal your personal information and how you can increase your security.

Frequently Asked Questions Related to Cyber Scams

What is a Brand Impersonation Scam?

In this sophisticated scam, scammers will send you an email that very closely mimics a Citadel Credit Union email and may even direct you to site that looks like Citadel Credit Union’s site, then try to solicit personal information from you. Please remember that Citadel Credit Union will never ask you for personal information via email or over the phone. If you suspect anything suspicious on your account or that someone's' impersonating Citadel, please contact our Member Care team at (800) 666-0191 immediately. To learn more, visit

What is credential stuffing?

Credential stuffing is a cybercrime tactic in which criminals use login credentials that were previously exposed due to prior security events/breaches at organizations like Yahoo, Facebook, Door Dash, etc. The cybercriminals create a computer script with the list of exposed credentials and ultimately attempt to gain access to a website such as Online Banking.

How can I protect myself against credential stuffing?

Cybercriminals are aware that consumers regularly use the same usernames and passwords for many of their online logins. To be safe, consider changing your passwords on all accounts and avoid repeating the same password for different logins. Citadel recommends making passwords as unique and complex as possible.

Read our Learn and Plan article for additional ways to protect your information.

What is a Work-From-Home Scam?

Work-from-home scams promise big money for little effort. You think you’ve landed the perfect job, but it turns out to be a scam. These scams will often ask you to put up money in advance in order to get the job. This may be in the form of an application fee, special software to purchase, or a business investment. Fraudulent job postings tend to include tasks such as: Reshipping or repackaging, mystery shopping, envelope stuffing, data entry, medical billing, paid surveys, and reselling discount products. To learn more, visit

What is phishing?

Your email messages may not be quite what they appear to be if you’re targeted by a phishing scam. Phishing is the act of sending fraudulent emails that seem to come from familiar businesses. These messages contain links to phony websites designed to steal personal information either directly or through malware and keyloggers. Often, you’ll see a problem referenced with a request to click on the link provided to correct it. Once you’ve entered your information, ID thieves can access your accounts.

What is vishing?

Vishing is the telephone version of phishing. Callers are sometimes bold enough to suggest the victim call back to verify authenticity. But the vishers don’t hang up; instead they play a recorded dial tone to make the victim believe he’s making a call.


What is a targeted social media scam?

Over the past few years, social media financial scams of multiple varieties have become more frequent. In fact, Citadel members have been targets of social media scams, and this scamming continues to occur across multiple regions and involves a variety of financial institutions.

One of the most common types of social media scams is when an individual is asked to surrender personal information in order to provide access to their bank account(s). The fraudsters tell the victim they will deposit money into their accounts, then deposit fraudulent checks via ATMs. These scams are sometimes positioned as “work from home” opportunities to make money.

What is a Romance Scam?

Romance scams are one of the more common and costly online scams. Scammers create fake profiles on dating and social media sites and present as the perfect date. They will chat with you for some time to gain your trust, and then start asking you for financial support. These scammers may ask you to pay for a plane ticket, medical expenses, or customs fees to retrieve something, for example. They will also have reasons why they can’t get together just yet. Citadel advises members to not provide any financial information to anyone, even those you do know, over the internet. To learn more, visit

What is identity theft?

The crime of stealing someone's personal, identifying information for the purpose of using that information fraudulently. Personal, identifying information includes Social Security numbers, credit card and banking account numbers, user names, passwords, and patient records. Fraudulent uses for that information can often include opening new credit accounts, taking out loans in the victim's name, stealing money from financial accounts, or using available credit.

What is debit and credit card fraud?

Most shoppers love the convenience of plastic, and identity thieves use this to their advantage whether it involves skimming, phishing, vishing, malware, mail theft or just looking over a victim’s shoulder to steal account numbers. When debit cards are compromised, it’s particularly alarming because fraudulent purchases drain your checking account instantly.

What is a BEC scam?

Business email compromise, or BEC, scams have cost companies more than $1.2 billion. A phony email from a CEO requesting that funds be transferred per attached instructions is sent to an employee. Because the email appears to come from the employee’s superiors, and because the message so closely resembles requests this employee receives regularly, the transfer is often made without question. The money then ends up in overseas accounts that are almost impossible to trace.

Still have questions? Visit our Security Center.

Common Scams & Red Flags

  • One-time Password Scam: In the event your personal information is compromised in a company data breach, cyber criminals may contact you pretending to be from that company and ask for a one-time verification code they may have sent to your number. This enables them to use your information to access your account. 
  • Tech Support Scam: You receive a request from tech support claiming your computer has malware and requesting payment to fix the defects or access your computer.
  • Gift Card Scam: In this type of scam, a merchant insists you pay for something by putting money on a gift card and then giving them the numbers on the front and back of the card, leaving your funds vulnerable. A legitimate merchant will not insist you pay by gift card.
  • Business Email Compromise Scam: You receive a request to change fund transfer details unexpectedly.
  • Email Account Compromise Scam: You receive a request to redirect funds for a legitimate purpose such as a home or auto purchase.
  • Grandparent Scam: You receive a call from someone claiming to be a grandchild or loved one asking for money to help with an emergency and instructions on where to send the funds.
  • Lottery and Sweepstakes Scam: You receive a request to prepay fees or taxes in order to receive a large prize you supposedly won.
  • Investment Scam: You receive a request to invest in a business opportunity with promises of high returns to getting rich quick.
  • Charity Scam: You receive a request to donate to a charity that you've never heard of and for which you can’t find an official website.
  • Overpayment for Goods or Service Scam: You receive an overpayment for an item you are selling and a request to deposit the check and then send money via a wire or gift card.
  • Fake Goods Scam: You receive a request to send a money transfer to pay for an online purchase. Never transfer money for example by using Zelle® for a product or merchandise that you have not received yet
  • Debt Relief Scam: You receive a request for payment in order to establish a service relationship to pay, settle or get rid of debt.
  • Assistance Cashing a Check Scam: You are approached outside branch and asked to cash a check for someone who claims they don’t have an account or their ID with them. The bad check will be held against your account when it doesn’t clear.
  • Fake House/Apt Rental Scam: Your house is legitimately listed for sale on multi-listing service (MLS) web sites, however scammers set up a fake website and list your house as a rental. You then receive inquiries from prospective renters about deposit checks they sent you (which they really sent to the scammer).

Quick Tips to Protect Yourself

✔ Install the latest editions of antispyware, antivirus, firewalls and browsers to all devices, and password-protect them.
✔ Use strong passwords for all accounts and change them frequently.
✔ Monitor accounts and credit reports to detect fraud early.
✔ Don’t use public Wi-Fi networks for financial transactions.
✔ Keep cards away from public view, and shred personal documents before discarding.
✔ Opt in for two-factor authentication on all online accounts where possible.
✔ Turn off Bluetooth and near field communication when not in use.
✔ Never share sensitive information with unsolicited callers or email senders.
✔ To verify calls, hang up for at least one minute to insure the first call is disconnected.

Learn how to spot red flags and avoid scams.

Get Started

How to Avoid Fraud Scams:

➜ Legitimate businesses or employers will not ask for your account information. Never allow another individual to use your account or have access to your account information. These folks may promise you’ll make money, but ultimately, their promises are fraudulent, so refrain from answering suspicious requests via social media.
➜ If information is shared, you can be held responsible. When account or personal information is willingly shared with another individual, the victim can face monetary losses, civil action, and possible criminal charges.
➜ Keep your information as secure as possible. To keep your accounts safe from other types of fraud or scams, create strong passwords/PINs, keep your cards secure, and report suspicious activity to Citadel immediately.

Digital Tools Built to Protect Your Finances

  • Citadel Card Controls – allows you to set controls and manage your Citadel debit and credit cards from a centralized location with the Mobile Banking App.
  • Sign up for Account Alerts – we offer account alerts and e-alerts through Online and Mobile Banking to help members monitor spending behaviors, fraudulent activity, and more.
  • Consider purchasing ID Theft Protection services – Citadel member have access to sign up for credit file monitoring and identity theft protection through a trusted party.

See more security resources and recent alerts.

Explore Now

Find an ATM or Branch Near You