How to Spot Fake RBFCU Notifications

Learn how to identify valid RBFCU text messages, emails and phone calls

With fraud on the rise, RBFCU wants to help protect you from potential scams. Fraudsters will try to trick you by posing as reputable companies in order to obtain your personal information, such as passwords or credit card numbers. Learning how to recognize fraudulent RBFCU notifications before taking action can help prevent fraud and save you from making a costly mistake.

RBFCU and RBFCU employees will never initiate a phone call, email or text message to anyone — members or non-members — asking for your sign-in information, including usernames, passwords, security questions and answers, multifactor authentication (MFA) codes, MFA recovery codes and one-time passcodes (OTP), or other personal information, like account, credit card, debit card or Social Security numbers. Also, RBFCU employees will never need to sign in to your Online Banking account on your behalf. If someone contacts you claiming to be an RBFCU employee and asks you to approve a sign-in request for them, do not respond.

How to spot a fake: Website | Text | Email | Phone Call

RBFCU’s website is https://www.rbfcu.org. Before you sign in to your Online Banking account, always make sure the website you’re using is rbfcu.org.

You can check if you’re on RBFCU’s website by checking your browser’s address bar for rbfcu.org, and a padlock icon 🔒 indicating that rbfcu.org is a secure website.

Arrows pointing to rbfcu.org and a padlock icon in website browser's address bar

 

To see the full address of a website, click in to your browser’s address bar. An “h​t​t​p​s​:​/​/” at the beginning of the URL means the website you’re visiting is secure. Unsecure websites begin with “h​t​t​p​:​/​/”

Arrow pointing to https in rbfcu.org URL in website browser's address bar

 

You may also see RBFCU products or services using websites with subdomains, like membersafe.rbfcu.org.

Fraudsters will often make fake versions of trusted, well-known websites in an attempt to steal your username and password for that site, then gain access to your real account with that company. Fraudsters will also pay to boost their fake website in popular search engines to improve their chances that their scam is successful.

Bookmark RBFCU’s website in your browser, and use your bookmark whenever you need to sign in to your Online Banking account to ensure you go to RBFCU’s correct, trusted website.

Arrow pointing to bookmark button in website browser's address bar

 

RBFCU also may use third-party vendor websites to provide products or services. However, you’ll find these vendor websites linked directly from rbfcu.org or from within your Online Banking account, and should not have to visit them directly.

Text messages from RBFCU are sent from a shortcode, or a shortened phone number. Third-party companies sending text messages on RBFCU’s behalf — like MemberSafe® — may use full phone numbers. However, please be aware that fraudsters can imitate legitimate phone numbers, including shortcodes.

RBFCU may text you to alert you to a transaction, or to verify a transaction or Online Banking sign-in attempt, but will never text you a link and ask you to sign in to your Online Banking account. RBFCU also won’t ask you to respond via text message with personal information.

SPOOF TEXT

Spoof RBFCU text alert

1 . Phone number or email address
Fake messages usually originate from full phone numbers or email addresses instead of shortened phone numbers

2. Suspicious link
Fake website — RBFCU’s website is rbfcu.org

VALID TEXT

Valid RBFCU text alert

1. Short code*
RBFCU text messages originate from shortened phone numbers, also known as short codes

2. Text messages from RBFCU alerting you to fraud will never include links to websites
MemberSafe, our identity theft coverage product, may use a full-digit phone number to send text message alerts with a link to members who are enrolled in the program**

*The format of RBFCU text message Alerts may vary based on the Alert type.

** MemberSafe®, our identity theft coverage product, may use a full-digit phone number to send text message alerts with a link to members who are enrolled in the program. Insurance products are not deposits; not NCUA insured; not an obligation of Randolph-Brooks Federal Credit Union (RBFCU); and not guaranteed by RBFCU or any affiliated entity. Visit our Identity Theft Coverage page to learn more.

Emails from RBFCU will come from an email address ending with “rbfcu.org.” However, please be aware that fraudsters can imitate legitimate email addresses.

An RBFCU email may ask you to visit rbfcu.org to sign in to your Online Banking account, but will never take you directly to the Online Banking sign-in page. RBFCU also won’t ask you to respond via email to verify or provide personal information, or open or sign a document, unless you’ve contacted us previously to initiate a transaction, like applying for a loan or opening an account.

Example of a scam email

1. The subject line
Scammers tend to use an urgent or aggressive tone.

2. The sender
In the example above, is the sender using a Gmail address? If you said yes, take a closer look! It’s actually G-R-N-A-I-L.com. Sneaky scammers will use email handles that are one letter off from what they should be (e.g., “RBCU” or “RFCU” instead of “RBFCU”) so that, at a glance, everything appears official.

» Tip: RBFCU emails will always come from an email address ending in “rbfcu.org.”

3. The time stamp
When was the email sent? This is an especially telling clue when a scammer is impersonating someone you know or correspond with regularly.

» Tip: RBFCU emails will always be sent during business hours.

4. The greeting
Does it address you by name, by email address or by a generic title? A generic or awkwardly phrased greeting could be the sign of a scam.

» Tip: RBFCU emails will address you by name or “Member.”

5. The spelling
Errors in spelling and grammar are always a red flag.

6. Buttons and links
These are easy for scammers to format and disguise. Get in the habit of accessing your Online Banking account by typing the official rbfcu.org URL in a new browser window, or create a bookmark in your browser so you’ll always go to the right page. Avoid using the direct links in your email messages.

» Tip: RBFCU will never send you a link to the Online Banking sign-in page or a link to a page prompting you to change your Online Banking password.

7. The contact info
Does it look sketchy? If you need to verify the legitimacy of the sender, never use the contact information contained within the email. Cross-reference it with a separate web search.

» Tip: RBFCU’s contact information can be found at rbfcu.org/contact-us.

8. Attachments
Malicious files can be easily disguised as innocent Word documents, spreadsheets and presentations. Be deliberate about which attachments you choose to open or download.

» Tip: RBFCU will never send you an unsolicited attachment. We’ll only send you attachments when you’ve reached out to us to initiate a transaction, like applying for a loan or opening an account.

Source: It’s a Money Thing

 

How to spot a fraudulent RBFCU phone call

Spoof phone calls ...

Spoof phone calls ...

Valid phone calls ...

Valid phone calls ...


Caller ID + -

Spoof phone calls ...

... may have a phone number listed on the caller ID that is not RBFCU’s phone number. However, fraudsters can manipulate caller ID so a call may look like it’s coming from RBFCU, even if it’s not.

Valid phone calls ...

... will have “RBFCU” or our phone number listed on the caller ID. RBFCU’s phone numbers are 210-945-3300 (San Antonio/Corpus Christi/Dallas-Fort Worth), 512-833-3300 (Austin) and 1-800-580-3300 (toll-free).

Who initiated the call? + -

Spoof phone calls ...

... are unsolicited — meaning you didn’t apply for an RBFCU loan, open an RBFCU account or contact RBFCU for assistance first.

Valid phone calls ...

... are solicited. We’ll only call you if you contacted us first, or we need more information to complete an application you submitted.

However, you may get an unsolicited call from RBFCU alerting you to fraud, but beware: Fraudsters use this tactic, too! It’s OK to hang up and call RBFCU back to confirm it’s a legitimate call — we’d rather you be cautious.

Before hanging up, you can ask for the name and extension of the person you are speaking with, then call RBFCU’s main line at 210-945-3300 and provide the extension when prompted, or ask a Member Service Representative to connect you to that person.

Information RBFCU should have + -

Spoof phone calls ...

... may ask you to provide or verify information you think RBFCU should already have, like your address or account, credit card or debit card numbers.

Valid phone calls ...

... won’t ask you to provide or verify information RBFCU should already have. If you initiate a call, we’ll ask for information to verify your identity before assisting you.

Information you should never provide + -

Spoof phone calls ...

... may ask you to provide information that you shouldn’t give out to anyone, like usernames, passwords, security questions and answers, multifactor authentication (MFA) codes, MFA recovery codes and one-time passcodes (OTP) sent to your phone via call or text.

Valid phone calls ...

... will never ask you to provide information that you shouldn’t give out to anyone, like usernames, passwords, security questions and answers, multifactor authentication (MFA) codes, MFA recovery codes and one-time passcodes (OTP) sent to your phone via call or text.

What's the situation? + -

Spoof phone calls ...

... may alert you to an urgent situation, and pressure or threaten you with consequences — like closing your account or losing all your money — if you don’t act immediately.

Valid phone calls ...

... will never pressure or threaten you to make an immediate decision about your finances. We’re here to help!

If you receive an unsolicited phone call that appears to be from RBFCU, or the person claims to be an RBFCU representative, do not provide or confirm any personal information and hang up. Remember: Fraudsters can manipulate caller ID so a call may look like it’s coming from RBFCU, even if it’s not.

If you believe a call from RBFCU may be legitimate, it’s OK to hang up and call us back to confirm — we’d rather you be cautious! Before hanging up, you can ask for the name and extension of the person you are speaking with, then call RBFCU’s main line at 210-945-3300 and provide the extension when prompted, or ask a Member Service Representative to connect you to that person.

You can also contact RBFCU to report a fake phone call.

If you believe you have been a victim of fraud, click here to report it.

  • How can I report a fraudulent RBFCU text message?
    + -

    If you receive an unsolicited text message that appears to be from RBFCU, do not respond or click any links. Send a screenshot of the text message to abuse@rbfcu.org, then delete it.

  • How can I report a fraudulent RBFCU email?
    + -

    If you receive an unsolicited email that appears to be from RBFCU, do not respond, do not click any links and do not open any attachments. Forward the email to abuse@rbfcu.org, then delete it.

  • How can I report a fraudulent RBFCU phone call?
    + -

    If you receive an unsolicited phone call that appears to be from RBFCU, or the person claims to be an RBFCU representative, do not provide or confirm any personal information and hang up.

    Contact RBFCU to verify if the phone call was legitimate or not, and report it.

  • What should I do if I already responded to a fraudulent RBFCU text message, email or phone call?
    + -

    If you have already responded to an RBFCU message you think may be fraudulent, and believe your account, username or password has been compromised, you should immediately contact RBFCU at 210-945-3300 for assistance. Additionally, you should monitor your account and report any suspicious transactions.

    Here are five steps you should take immediately if you think your identity has been stolen.

  • What should I do if I see suspicious activity in my Online Banking account?
    + -

    If you see suspicious activity in your account — such as you notice favorite accounts or joint owners you didn’t add, or changes to your contact information that you didn’t authorize — your Online Banking account may have been compromised. You should immediately contact RBFCU at 210-945-3300 for assistance.

    If you’re still able to access your Online Banking account, report the unauthorized access to RBFCU and take the following steps:

    1. Sign in and check your account for any changes or transactions that you did not authorize — for example, changes to your email address or other contact information, added joint owners on your accounts, or fraudulent transfers
      • To check your contact information: Select the profile icon, then Profile Settings, then Contact Settings. Be sure to update any incorrect or outdated information
      • To check your joint owners: Select the profile icon, then Profile Settings, then Account Roles. Be sure to remove anyone who shouldn’t have access to your accounts
    2. Next, change your password to a strong, unique password. Get tips on creating a strong password here
      • To change your password: Select the profile icon, then Profile Settings, then Security Center
    3. Consider changing your username, since it’s likely it has also been compromised
      • To change your username: Select the profile icon, then Profile Settings, then Security Center
    4. Enable multifactor authentication (MFA) for your account. Get directions for setting up MFA here

    If you’re unable to access your Online Banking account, try the self-service options to reset your username and/or password. If you're still unable to regain access to your account, contact RBFCU at 210-945-3300 or visit your nearest branch for assistance.

    Additionally, you should monitor your accounts regularly and report any suspicious transactions.

  • What should I do if I find fraudulent transactions in my Online Banking account or on my account statement?
    + -

    Visit the “How to Report Fraud to RBFCU” page for instructions on reporting suspicious transactions, including:

    • How to dispute debit card, credit card, checking, savings and Money Market transactions
    • How to stop payment on a check
    • How to report fraud involving your debit card
    • How to dispute a credit card transaction

Signs of a Scam: What to Watch for

Always be cautious when you receive any urgent communication from a financial institution — whether it’s an email, phone call, text message or mobile payment app request. When in doubt, don’t respond to these messages; contact your financial institution instead to verify the message is legitimate. If you treat all messages as potential risks, it will help protect you from falling victim to fraud. Here are some tips to help spot these common scams.

Signs of a Text Message Scam


Mobile phone receiving alert

You're alerted to a serious situation

Oh no! You receive a text message saying there’s a problem with your account, and you should sign in to fix it immediately!

Stop and pause for a second: Financial institutions will never text you and ask you to sign in to your account, or ask you to provide or verify personal information via text message.

Although you may receive text messages from your financial institution regarding things like debit and credit card fraud, transfers, transactions or demographic changes, you’ll never be asked to sign in or provide personal information via text to address those situations.

If you think there may be a problem with your account, you can always contact your financial institution directly to ask.

A scary link asking you to sign in

You're sent a link to click

Your financial institution won’t send you a link to verify your username or password, or ask you to sign in and take action on your account.

Be wary of any text message asking you to sign in to a website. If you think it might be a legitimate text message, contact your financial institution directly by phone. You can also chat with a representative by visiting your financial institution’s website.

Just don’t click that link in the text message — type your financial institution’s verified URL directly in your browser’s address bar or click a bookmarked link instead.

Stranger asking for your personal information

You're asked to text back with personal information

Your financial institution will never text you and ask you to verify or provide personal information like usernames, passwords, one-time passcodes (OTP), PINs, Social Security numbers, or account, debit card or credit card numbers.

Never, ever provide this information via text message or a link sent via text message.


Signs of an Email Scam


Suspicious person coming out of email message

The link or text looks suspicious

If you receive a link from a financial institution asking you to click and take an immediate action on your account, pause to verify the link is legitimate before clicking it.

Hover over the link to see where it actually goes. The real URL will display in the bottom left corner or in a pop-up in most web browsers or email programs.

If you think the email might be legitimate, call your financial institution or visit its website directly by typing a URL you know is correct in your web browser’s address bar. Better yet, bookmark the website in your browser, so you can be sure you’re always using the correct link.

If you notice misspelled words, grammatical errors or phrasing that “just doesn’t sound right,” these are also signs that you may have received a phishing email from someone pretending to be your financial institution.

Computer with caution sign on screen

You're pressured to make an immediate decision

Financial institutions won’t email you to verify your username and password or make an immediate payment, but fraudsters will.

If you’re asked to make an urgent decision, be skeptical.

No matter how legitimate an email looks, never reply to an email with personal information like usernames, passwords, one-time passcodes (OTP), PINs, Social Security numbers, or account or credit card numbers.

Scary attachment in an email

You're sent an attachment you weren't expecting

Financial institutions won’t send you documents that you aren’t expecting via email, but fraudsters may use attachments as a way to infect your computer with viruses, spyware, malware or ransomware.

If you receive an unsolicited attachment from your financial institution, contact them to verify it’s legitimate before opening it and potentially infecting your computer!

The only exception is if you’ve been communicating with your financial institution regarding a transaction, like finalizing a loan. If you’ve started a transaction, you may receive documents to complete it via email — but only after you’ve initiated contact.


Signs of a Phone Scam


Fraudster calling on the phone

The caller ID doesn't look correct (or maybe it does!)

Fraudsters can manipulate caller ID so a call may look like it’s coming from your financial institution, even if it’s not!

Always be on alert when you receive an incoming call from your financial institution.

It’s OK to hang up — even if you’ve already began a conversation or when the call sounds legitimate — and call your financial institution back at a verified phone number listed on its website or account documents. Don’t worry about being rude — it’s better to be safe!

Stranger asking for your personal information

You're asked to provide personal information

Your financial institutions may ask you for personal information to verify your identity when you call for assistance — but never when you haven’t initiated the call!

Financial institutions will never reach out to you and ask you to provide personal information like usernames, passwords, one-time passcodes (OTP), PINs, Social Security numbers, or account or credit card numbers.

Mobile phone receiving alert

You're asked — or threatened! — to make an urgent decision

Fraudsters rely on creating an urgent or scary situation in order to catch you off-guard and pressure you into making a decision without thinking.

Examples include calling you to tell you your account will be closed or that fraud has been detected — yup, fraudsters will claim they’re trying to help you with fraud to gain your trust!

If your financial institution reaches out to you, don’t provide any personal information and don’t make any snap decisions. Remember, it’s OK to hang up and call your financial institution back at a verified phone number, even when you think the call might be legitimate or you’ve already begun a conversation.


Signs of a Mobile Payment App Scam


Accessing banking accounts on mobile phone

You receive a phone call or text about a mobile payment app

Scams where a fraudster asks you to send money via a mobile payment app usually start with a phone call or text message encouraging — or demanding! — immediate payment to avoid a dire consequence.

Stop and pause before sending money: Fraudsters count on scaring you into making rash decisions.

Your financial institution will never contact you and ask for a payment via a mobile payment app like Zelle®, Venmo® or CashApp™. It’s a scam.

If you think there might be trouble with your account, hang up or don’t respond, and contact your financial institution directly via a verified phone number or their website to get assistance.

Fraudster calling on the phone

You're asked to use a mobile payment app to pay someone you don't know

You’re shopping on Facebook® Marketplace or Craigslist®, and see something you’d like to buy. The seller says they’ll hold the item for you — but only if you use a mobile payment app to send them part or all of the item’s cost.

Don’t do it! Mobile payment apps are the same as sending someone cash. If the seller is a scammer, you’ll never see that money again!

Only use a mobile payment app to provide payment to someone you know, like family and friends, and never provide payment to someone until you receive the item. This guide from Facebook has more tips to stay safe when buying and selling on Facebook Marketplace.

Urgent request for payment

You're asked to make an urgent payment via a mobile payment app

You receive a phone call telling you a payment via Zelle®, Venmo® or CashApp™ is needed immediately or you’ll be arrested — or audited by the IRS, or your account will be overdrawn and you’ll incur fees. Hang up, because it’s a scam!

Government agencies and financial institutions will never request money be sent via mobile payment app (or gift cards or other unconventional payment methods). Most won’t call you either; instead, you’ll receive a letter in the mail.


RBFCU and RBFCU employees will never initiate a phone call, email or text message to anyone — members or non-members — asking for your sign-in information, including usernames, passwords, security questions and answers, multifactor authentication (MFA) codes, MFA recovery codes and one-time passcodes (OTP), or other personal information, like account, credit card, debit card or Social Security numbers. Also, RBFCU employees will never need to sign in to your Online Banking account on your behalf. If someone contacts you claiming to be an RBFCU employee and asks you to approve a sign-in request for them, do not respond.

If you receive a suspicious phone call, email or text message, hang up, do not respond to the message, do not click any links, and do not open any attachments. Forward any suspicious emails and text message screenshots to abuse@rbfcu.org, then delete the message. If you believe your account, username or password has been compromised, you should immediately contact RBFCU at 210-945-3300 for assistance. Additionally, members should monitor their accounts regularly and report any suspicious transactions.

Ask RBFCU