Rest Confident, Your Money is Safe and Secure at Kirtland Credit Union, a message from our President & CEO. Learn More

All Kirtland CU branches and locations will be closed on Monday, October 14 in observance of Indigenous Peoples’ Day.

Our TellerPhone service is experiencing intermittent issues.  We are working diligently to resolve. Please use our Online and Mobile banking services. We apologize for any inconvenience.

Kirtland CU will never contact you to ask for your login or payment information such as your email, online credentials, access codes, or your debit card number, PIN, or CVV. >> Learn more

We have engaged Forvis Mazars, LLP (Attn: Bud Hollenkamp, 1801 California Street, Ste. 2900, Denver, CO 80202) to perform member verifications. Kindly compare the balance of your accounts on your September 2024 statement WITH YOUR RECORDS. If balances do not agree, please address your discrepancies directly to Forvis Mazars, LLP. Include your name, truncated account number, and an explanation of the difference noted.  A reply is not considered necessary unless a difference is noted.

Welcome To The Insighter!

Explore the latest happenings at Kirtland CU and learn about important topics from around the financial world. Here’s your insight! To learn about retirements, investments and financial planning, check out Invested now.

SMiShing: Double Check That Text!

By Ashleigh, K-Staff

Facebook
Twitter
LinkedIn

Ah, technology.

Our high-tech world moves at lightning speed, with communication and tasks often happening in real-time. In many ways, security has lagged behind innovation. Now, new security measures such as two-factor authentication have emerged to protect the vast amounts of information and money that is exchanged online. But criminals are beginning to exploit those extra security measures and options, and you need to be on the lookout for this latest ploy to access your accounts.

Financial partner CO-OP, which owns and operates credit union ATMs nationwide, recently warned Kirtland FCU of a tactic called ‘SMiShing’—phishing (posing as a legitimate company) via SMS text messaging. And it’s effective because of the popularity of texting. According to the Pew Research Center, 97% of Americans send at least one text every day. 

What The SMish?

SMiShing, according to CO-OP, is a text is designed to look like an automated text communication from a legitimate company. There are two different methods of SMiShing that we’ll discuss: the SMiShed text alert and the SMiShed two-factor. 

SMiShed Text Alert

Criminals in possession your debit card details and other forms of personally identifiable information (PII) are spoofing credit union phone numbers in an effort to fool credit union members into thinking that the text messages are actually from the fraud department of a particular credit union. Fraudsters are sending text messages under the guise of trying to validate recent card activity and are including hyperlinks within some text messages.

Fraudsters are also using text messaging to deceive credit union members into providing card-related data and login credentials. A typical SMiShing occurrence can begin with a member receiving a text message inquiring about a suspicious transaction on an account. In reality, the fraudster is looking to obtain other information from members such as debit card numbers, CV2 codes, expiration dates, PINs and other web login credentials.

Before we go into how to spot one of these texts, you should know that there ARE legitimate texts that can come in from your credit union (especially if you’ve registered for Text Alerts for Online Banking login, transaction alerts for your cards, or use Text Banking. But there are key differences between a SMiShing text and a valid text transaction alert).

SMiShing Text ContainsLegitimate Text Contains
A vague reference to a bank or no reference at allAn abbreviated version of your credit union's name
No specific card informationThe last 4 digits of the card number
No specific transaction informationThe amount of the transaction detail
No merchant informationMerchant details
Hyperlinked phone numbers and/or web addressesNo hyperlinks
Requests for card numbers, CV2 codes, passwords, PINs, expiration datesReply options of: YES, NO or STOP (to opt out)

The SMiShed Two-Factor

Have you opted in to two-factor authentication for your financial accounts? Many companies and financial institutions are now offering two-factor authentication as a way to make logging in faster and safer by requiring not only a username and password but the entry of a one-time code, sent through a different channel (usually e-mail, text, or voice call). Which means that if a fraudster obtained your username and password to a specific account, they would also need to have access to your e-mail account or phone to obtain the one-time code—an unlikely situation. Thieves are now calling members, posing as credit union employees, to get you to turn over the code while you’re on the phone with them!

While on the phone with a member, the fraudster logs into a credit union Online Banking site. When the one-time code is sent to the member’s phone, the fraudster asks the member to provide the code as a means to validate the member. When the information is shared with the person the member believes is a credit union employee, the fraudster uses the code to finalize access to Online Banking, which is typically followed by changing the Online Banking password and transferring funds from member accounts.

How To Miss The SMiSh

  • Be aware! By simply knowing of the possibility of a SMiShing attack, you can keep an eye out for the signs.
  • Never provide information via text. A legitimate credit union employee or alert text will never ask for personal information to be sent over unsecured channels, and you will NEVER be asked for your Online Banking password or two-factor code outside of your login attempt.
  • Never click hyperlinks in texts. Legitimate requests to validate card activity will request a simple response of YES or NO. They will not include hyperlinks to other websites or ask for any personal info.
  • Don’t believe the caller ID. It’s amazingly easy to spoof a phone number—to make it look like a call is coming from a legitimate source.
  • When in doubt, check! You can always call the credit union (Kirtland FCU member, call 1-800-880-5328) to check on the validity of a transaction alert or to report a request for information that seems, well, phishy.

Let's Make Friends

Share the love! Get $200 for you and your friend for each qualified referral you make.

Online and Mobile Banking are currently experiencing technical difficulties and may be intermittently unavailable. We apologize for any inconvenience this causes our members.