Beware of Scams and Phishing Attempts During COVID-19.

At HRCCU, security and education is one of our top priorities for our members. In uncertain times, scammers and fraudsters will capitalize on the vulnerability of organizations and individuals. We have already begun to see an increase of scammers calling members and suspicious emails flooding inboxes. Below are a few steps to help you avoid getting caught in a scam during the coronavirus (COVID-19) pandemic.


Early indications are that fraudsters may be increasing phishing attacks in an effort to exploit the current COVID-19 pandemic. Our partners at Fiserv have observed fraudster emails and voice mails sent directly to cardholders asking for personally identifiable information (PII) and impersonating HRCCU, health groups and federal government agencies.

Additionally, criminals in possession of card details and other forms of fraudsters are spoofing the phone numbers of financial institutions to fool cardholders into thinking that text messages and phone calls are actually from the fraud department of their financial institution.

It makes a difference when members remain vigilant. If something sounds suspicious, question it. As a reminder to our members, it’s important that you remain diligent in reviewing your accounts daily and quickly reporting any unauthorized activity.

data breach

There is a lot you can do to protect your own financial accounts and information in order to avoid compromising your own information. Please beware that HRCCU will never:

  • Ask you over the phone for your PIN, CV2 codes or Expiration Dates.
  • Send a text alert warning of suspicious activity on a card that includes: 
    • A link to be clicked. Cardholders should never click on a link in a text message that is supposedly from your financial institution.
    • A vague reference to a “Merchant” transaction – these details should be included.
    • Requests for cardholder data such as card numbers, PINs, CV2 Codes, Expiration Date
  • A text alert from HRCCU will always be from a 5-digit number and NOT a 10-digit number resembling a phone number.
    • A valid notification will provide information about the suspect transaction and ask the cardholder to reply to the text message with answers such as ‘yes’, ‘no’, ‘help’, or ‘stop’.
    • A text caller ID will be 20733 if you use the standard call center or 37268 if you use the premium call center (please refer to FYI 17504 for more details).
  • A phone call from one of our Call Center agents will only include a request for the cardholder Zip code, and no other personal information, unless the cardholder confirms that a transaction is fraudulent.
    • Only then will the cardholder be transferred to an agent, who will ask questions to confirm the cardholder’s identity before going through the transaction history. If, at any point the cardholder is uncertain about questions being asked or the call itself, they should hang up and call us directly.
  • If a call is received by the cardholder, claiming to be your Call Center and asking to verify transactions, no information should have to be provided by the cardholder other than their Zip code, and a ‘yes’ or ‘no’ to the transactions provided

These important steps will help you stay vigilant and aware of suspicious activities with your account. Please remember at any time you could be compromised, not just in the face of a pandemic.