Skip to main content
 
X

online banking

Enter your Member ID

Forgot Password | Register Now

Routing Number: 254074345

Don't let the Grinch steal your Christmas.


With the holiday season almost upon us, we’re here to help you stay vigilant against seasonal scams. Fraudsters are poised to exploit the holiday shopping rush: major targets include Black Friday, Cyber Week, and travel-related spending. Here’s what you need to know.

Threat Overview

Here are the top schemes we expect to see this season:

  • Digital Skimming

    Fraudsters target online shoppers with malicious code to steal the payment information entered at checkout. Scammers may target merchant websites selling in-demand products or services because they’re receiving high traffic.

  • Spoofing

    All forecasts indicate that these evergreen schemes will continue to increase. Threat actors may create fake websites impersonating major retailers, often using fake ads (malvertising) to entice victims. When the victim attempts to make a purchase on the fraudulent site, the scammer steals their payment details. The malicious ads may also target consumers on social media.

  • AI Phishing

    The advancement AI over the past year has helped scammers create highly customized, convincing phishing campaigns—sometimes free of the tell-tale red flags like spelling and grammar errors that we know to look out for. They can even ‘push’ their impostor sites higher in search engine results to increase the likelihood that you’ll click on them.

  • One-Time Passcode (OTP) Fraud

    In this scheme, criminals obtain the passcode provided to a cardholder during the user-authentication process, which gives them access to the victim’s account. In one type of OTP phishing attack, threat actors send OTP prompts to victims attemptimg to make a purchase on one of the fraudulent websites impersonating real retailers. The victim provides the OTP to the scammer.

  • Fraud Alert Spoofing

    In this scheme, criminals obtain the passcode provided to a cardholder during the user-authentication process, which gives them access to the victim’s account. In one type of OTP phishing attack, threat actors send OTP prompts to victims attempting to make a purchase on one of the fraudulent websites impersonating real retailers. The victim provides the OTP to the scammer.

Common Online/Phone/Zelle Smishing (Texting) Scams


smishing blue

A text message that appears to be from your financial institution requests that you click a link to address and resolve an issue with your account or card. If it’s clicked, malware is installed and your email address, contact list information, and other data is stolen.

smishing yellow

A text message claims the user signed up for some sort of service and will be charged unless a link is clicked. The result is malware getting installed and data stolen from the device.

smishing teal

You receive a text claiming you've won a prize (often, it’s a gift card). You must click a link to claim it. The link directs to a website requesting personal information. Your information will then be used for spamming or efforts to steal additional information such as financial account credentials.


We have everything you need to stay a step ahead of fraud.

 

No need for guesswork: stay on top of the very latest threats and get expert tips, updated daily, right here: Financial Security Center.

 
For additional resources, check out these helpful links:

Helpful tips:


  • Congressional Federal will not ask you to verify or update details via text or email--nor should any other financial institution. Only update your information directly from the official mobile banking app or online banking.

  • As a general rule, never click links in messages for financial-related details. Don’t react quickly to any message (whether text, voice, or email) that threatens something bad may happen if you don’t. Just stop, breathe, and verify.
  • If you don’t know the sender, aren’t expecting a message with a link or attachment, or just aren’t sure a link is safe to click, don’t click it. Instead, contact the sender independently to ask about it. 
  • If you didn’t initiate a phone call to your financial institution, don’t send information. Don’t use information sent to you in unsolicited messages.
  • It’s not rude to simply not reply to suspicious emails or texts. In fact, it is recommended you do just that.
  • Report fraud to the FCC. There is a form on the agency’s website. This helps the FCC combat these types of crimes and potentially protect others.

Requests for Account Information

 

Fraudsters may pose as financial institution employees and ask for information which allows them to access your account. Remember that Congressional Federal will never email, text, or call you to solicit personal information, logins, or passwords.


Requests for Donations


Scams follow current events because the public interest is high. Cybercriminals play with our emotions, interests, fears, or excitement to make scams very enticing; they may exploit your goodwill by posing as a charity or relief fundraiser. Bottom line: do not click on any unexpected email or attachment, unless you can verify with the sender that the email is safe. 


Quick Tips to Keep Your Accounts Safe

  • If you receive a one-time passcode you didn’t request, don’t give the code to anyone who contacts you for it.
  • Never open or use a personal bank account to deposit or transfer funds for someone else.
  • Be wary of “get rich quick” or “easy money” schemes, especially if unsolicited.
  • Use known links to access businesses online.
  • Verify any phone, text or email contacts are legitimate before sharing information such as your account number, security word, PIN, User ID or password.
  • Be leery of requests to download apps to fix issues or that allow access to your device.