Member Security Education

What is Spoofing?

Spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust. If you answer, they use scam scripts to try to steal your money or valuable personal information, which can be used in fraudulent activity.

You may not be able to tell right away if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information.

  • Don’t answer calls from unknown numbers. If you answer such a call, hang up immediately.
  • If you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with “Yes” or “No.”
  • Never give out personal information such as account numbers, Social Security numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
  • If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
  • Use caution if you are being pressured for information immediately.
  • If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
  • Talk to your phone company about call blocking tools and check into apps that you can download to your mobile device. The FCC allows phone companies to block robocalls by default based on reasonable analytics. More information about robocall blocking is available at

Beware of new phone scam impacting Members

Another credit union has learned of a new phone scam affecting its members and others around the country. The scam targets debit card information followed by large withdrawals from members’ checking accounts.

The gist is this — members get a phone call with the caller pretending to be with your credit union’s fraud department. The caller is likely using a spoofed phone number so the incoming number looks legitimate. The caller explains that possible fraudulent activity occurred on your card, and they provide you with fake transaction details so you believe your card was compromised. Under the guise of verifying your identity and helping you get a new card, the caller will attempt to gain your personal information and private banking information.

There are three major red flags that should tell members to stop the call and hang up immediately:

  1. The caller asks for your card PIN.
  2. Never provide your PIN to anyone – verbally or with your phone keypad. There is no valid reason that a caller will ever request your card PIN.

  3. The caller asks you to provide your online banking ID or password.
  4. The caller asks you to provide your card or CVV number.

If you have fallen victim to the scam, SHERPA Identity Theft Protection can help. Learn more here.


Beware of Automated calls concerning your debit or bank card –  Fraudsters will try to obtain your debit card information by automated messages saying they are calling from the credit union or your financial institution.  They will want you to enter your card number, expiration date, or security value(the 3 digit value on the back of the card).  This is a phishing attempt.  This is  were the fraudster is trying to get your information to draw funds from your account by creating a counterfeit card.

Armco Credit Union does have a legitimate card security monitoring system in place where you may receive a call from an individual to verify transactions that appear to be fraudulent.  However they will not need the above requested information to determine the validity of the transactions.    If you are ever suspicious about a call, contact us directly to speak with one of our account service representatives.


Numerous firewalls and other sophisticated security measures, developed over the years to protect financial institutions, make old-fashioned “hacking” much less prevalent.  Cyber-thieves prefer the easy rout – your computer.  Here are a couple tips to make sure your computer isn’t the weak link in the security chain.

Wired Access by Home Computer:  Use a current anti-virus/anti-spyware scanning program, a current patched operating system, and a secure browser program.  The Windows firewall should be activated, or another software firewall should be on the computer along with Intrusion Prevention or Intrusion Detection.

Access by Wireless Home Network:  Follow all of the above rules for wired home computers, PLUS your wireless router should have a strong password protection, and it is recommended the wireless network have at least WPA or WPA-2 PSK encryption rather than WEP encryption.


Please visit

Online Services

Your accounts can be accessed under Online Banking via personal computer. Online Banking will be available for your convenience 24 hours per day. This service may be interrupted for a short time each day for data processing

EFT SERVICES – If approved, you may conduct any one (1) or more of the EFT services offered by the Credit Union.

ATM Card-Visa Check Card-Tele-R-Phone- Preauthorized EFTs- Electronic Check Conversion- Electronic Returned Check Fees- Online Banking- Mobile Banking- Bill Payment

MEMBER LIABILITY – You are responsible for all transactions you authorize using your EFT services under this Agreement. If you permit someone else to use an EFT service, your card or your access code, you are responsible for any transactions they authorize or conduct on any of your accounts.

CREDIT UNION LIABILITY FOR FAILURE TO MAKE TRANSFERS – If we do not complete a transfer to or from your account on time or in the correct amount according to our agreement with you, we may be liable for your losses or damages. However, we will not be liable for direct or consequential damages in any of the events as listed in our EFT Disclosure.

If you notice any suspicious activity please contact or call 724-284-2020.