How to Spot Fake RBFCU Notifications

Learn how to identify valid RBFCU text messages, emails and phone calls

With fraud on the rise, RBFCU wants to help protect you from potential scams. Fraudsters will try to trick you by posing as reputable companies in order to obtain your personal information, such as passwords or credit card numbers. Learning how to recognize fraudulent RBFCU notifications before taking action can help prevent fraud and save you from making a costly mistake.

RBFCU will never initiate a phone call, email or text message to anyone — members or non-members — asking for your sign-in information, including usernames, passwords, security questions and answers, multifactor authentication (MFA) codes, MFA recovery codes and one-time passcodes (OTP), or other personal information, like account, credit card, debit card or Social Security numbers.

How to spot a fake: Website | Text | Email | Phone Call

RBFCU’s website is https://www.rbfcu.org. Before you sign in to your Online Banking account, always make sure the website you’re using is rbfcu.org.

You can check if you’re on RBFCU’s website by checking your browser’s address bar for rbfcu.org, and a padlock icon 🔒 indicating that rbfcu.org is a secure website.

To see the full address of a website, click in to your browser’s address bar. An “h​t​t​p​s​:​/​/” at the beginning of the URL means the website you’re visiting is secure. Unsecure websites begin with “h​t​t​p​:​/​/”

You may also see RBFCU products or services using websites with subdomains, like membersafe.rbfcu.org.

Fraudsters will often make fake versions of trusted, well-known websites in an attempt to steal your username and password for that site, then gain access to your real account with that company. Fraudsters will also pay to boost their fake website in popular search engines to improve their chances that their scam is successful.

Bookmark RBFCU’s website in your browser, and use your bookmark whenever you need to sign in to your Online Banking account to ensure you go to RBFCU’s correct, trusted website.

RBFCU also may use third-party vendor websites to provide products or services. However, you’ll find these vendor websites linked directly from rbfcu.org or from within your Online Banking account, and should not have to visit them directly.

Back to top

Text messages from RBFCU are sent from a shortcode, or a shortened phone number. Third-party companies sending text messages on RBFCU’s behalf — like MemberSafe^® — may use full phone numbers. However, please be aware that fraudsters can imitate legitimate phone numbers, including shortcodes.

RBFCU may text you to alert you to a transaction, or to verify a transaction or Online Banking sign-in attempt, but will never text you a link and ask you to sign in to your Online Banking account. RBFCU also won’t ask you to respond via text message with personal information.

*The format of RBFCU text message Alerts may vary based on the Alert type.

** MemberSafe^®, our identity theft coverage product, may use a full-digit phone number to send text message alerts with a link to members who are enrolled in the program. Insurance products are not deposits; not NCUA insured; not an obligation of Randolph-Brooks Federal Credit Union (RBFCU); and not guaranteed by RBFCU or any affiliated entity. Visit our Identity Theft Coverage page to learn more.

Back to top

Emails from RBFCU will come from an email address ending with “rbfcu.org.” However, please be aware that fraudsters can imitate legitimate email addresses.

An RBFCU email may ask you to visit rbfcu.org to sign in to your Online Banking account, but will never take you directly to the Online Banking sign-in page. RBFCU also won’t ask you to respond via email to verify or provide personal information, or open or sign a document, unless you’ve contacted us previously to initiate a transaction, like applying for a loan or opening an account.

1. The subject line
Scammers tend to use an urgent or aggressive tone.

2. The sender
In the example above, is the sender using a Gmail address? If you said yes, take a closer look! It’s actually G-R-N-A-I-L.com. Sneaky scammers will use email handles that are one letter off from what they should be (e.g., “RBCU” or “RFCU” instead of “RBFCU”) so that, at a glance, everything appears official.

» Tip: RBFCU emails will always come from an email address ending in “rbfcu.org.”

3. The time stamp
When was the email sent? This is an especially telling clue when a scammer is impersonating someone you know or correspond with regularly.

» Tip: RBFCU emails will always be sent during business hours.

4. The greeting
Does it address you by name, by email address or by a generic title? A generic or awkwardly phrased greeting could be the sign of a scam.

» Tip: RBFCU emails will address you by name or “Member.”

5. The spelling
Errors in spelling and grammar are always a red flag.

6. Buttons and links
These are easy for scammers to format and disguise. Get in the habit of accessing your Online Banking account by typing the official rbfcu.org URL in a new browser window, or create a bookmark in your browser so you’ll always go to the right page. Avoid using the direct links in your email messages.

» Tip: RBFCU will never send you a link to the Online Banking sign-in page or a link to a page prompting you to change your Online Banking password.

7. The contact info
Does it look sketchy? If you need to verify the legitimacy of the sender, never use the contact information contained within the email. Cross-reference it with a separate web search.

» Tip: RBFCU’s contact information can be found at rbfcu.org/contact-us.

8. Attachments
Malicious files can be easily disguised as innocent Word documents, spreadsheets and presentations. Be deliberate about which attachments you choose to open or download.

» Tip: RBFCU will never send you an unsolicited attachment. We’ll only send you attachments when you’ve reached out to us to initiate a transaction, like applying for a loan or opening an account.

Source: It’s a Money Thing

Back to top

If you receive an unsolicited phone call that appears to be from RBFCU, or the person claims to be an RBFCU representative, do not provide or confirm any personal information and hang up. Remember: Fraudsters can manipulate caller ID so a call may look like it’s coming from RBFCU, even if it’s not.

If you believe a call from RBFCU may be legitimate, it’s OK to hang up and call us back to confirm — we’d rather you be cautious! Before hanging up, you can ask for the name and extension of the person you are speaking with, then call RBFCU’s main line at 210-945-3300 and provide the extension when prompted, or ask a Member Service Representative to connect you to that person.

You can also contact RBFCU to report a fake phone call.

Back to top

If you believe you have been a victim of fraud, click here to report it.

Signs of a Scam: What to Watch for

Always be cautious when you receive any urgent communication from a financial institution — whether it’s an email, phone call, text message or mobile payment app request. When in doubt, don’t respond to these messages; contact your financial institution instead to verify the message is legitimate. If you treat all messages as potential risks, it will help protect you from falling victim to fraud. Here are some tips to help spot these common scams.