Fraud Prevention

Security Alert. A picture of a thief who is lerking to steal you identity.

Knowledge is Power When it Comes to Fraud Prevention 

Nothing is more important to us than the security of your assets and your personal information. We’ve compiled these resources to help you learn more about common scams, identify legitimate fraud alerts and prevent identity theft.


Impersonation Scams 

Impersonation Scams occur when members are convinced, they're communicating with an actual credit union representative via email (Phishing), SMS text message (Smishing), or live voice call (Vishing).
In reality, you’re sharing confidential information with a scammer. Be vigilant when receiving phone calls
or emails asking for personal information or account details. If you are unsure of the validity, hang up and
call the place of business directly. The trusted companies you work with will not make cold calls requesting information for a reason you are unaware of.


Pop-up Warnings

Tech support scammers may try to lure you with a pop-up window that appears on your computer screen.
It might look like an error message from your operating system or antivirus software, and it might use logos from trusted companies or websites. The message in the window warns of a security issue on your computer and tells you to call a phone number to get help

If you get this kind of pop-up window on your computer, don’t call the number. Real security warnings and messages will never ask you to call a phone number.  If you get a phone call you didn’t expect from someone who says there’s a problem with your computer, hang up.

Email Scams
When receiving emails, be cautious of links and forms requesting personal information. Always be on high alert, and make sure the sender’s email address is correct. Fraudsters will attempt to copy the look of an email and change one or two letters in the email address to make it look legitimate. Always be cautious when you are asked for personal information either on the phone or by email.

*Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.


Be Aware of Phone Number Spoofing Fraud Attempts!

Phone spoofing is when a fraudster makes another person’s or company’s phone number appear on the receiver’s caller ID in an attempt to impersonate that individual or organization.  If you receive a phone call, email or text claiming to be from TFCU, asking for personal identification, member number or account information, DO NOT RESPOND!

Fraudsters may attempt to “spoof” legitimate TopMark phone number(s).  Legitimate calls, emails or text from TFCU would never contain a request for account information or a link to click on. 


Here are 10 common practices scammers to attempt to fool you and commit fraud. 

  1. Faking an emergency. Scammers pretend to represent an official organization (like the IRS) and call, text or email members to demand immediate money for bogus issues. They use threatening phrases such as, “Your 401k plan will be frozen,” “Your passport will be seized,” or “The maximum sentence for this crime is five years in prison and a $10,000 fine,” to create a sense of urgency.
  2. Expressing that resistance is ineffective. Once the scammer has created the emergency and instilled panic, they reinforce there is nothing the member can do to remedy the situation. In the case of an IRS scam, they often tell the member they must cooperate or face arrest or fines.
  3. Rewarding cooperation with encouraging comments. Scammers sometimes try to play the part of a trusted friend, offering help and a way out of the emergency that would provide relief to the member. They often tell the member they seem like a good person and offer to help them with the situation at hand.
  4. Not allowing victims to hang up until they pay up. Phone scammers say it is a one-time opportunity for the member to take action to avoid further consequences, and if the member hangs up the phone, he or she will not be offered another chance to resolve the problem.
  5. Using official sounding titles and names for ordinary things. Scammers try to sound impressive to gain members’ trust. They use official sounding titles and names for merchants and everyday items. Examples include referring to a gift card as an “electronic federal tax payment system,” or instead of using the name of a store, they call it a “government-affiliated payment processor.”
  6. Stating they are not asking for personal information upfront. Scammers know asking for personal information could raise alarm bells for the member. Instead, they may say they are not looking to obtain this information, or they are not looking for an exchange of funds over the phone, which may cause members to let down their guard. This is why scammers often use gift cards to extract payment.
  7. Signaling to members they are being recorded. In an attempt to sound legitimate, scammers say the call is being recorded and monitored by the IRS.
  8. Threatening to alert the media. Scammers go to great lengths to keep suspicious or wary members on the phone, and even go so far as to threaten to contact the media on behalf of the IRS if the member does not comply with what is being asked. This is used as a last resort to salvage a conversation that might not be going well.
  9. Exploiting member engagement. Once scammers have members hooked, they may transfer the call to another fake agent in an attempt to further legitimize the call. Often, these scamming “call centers” employ multiple scammers who work together to make the initial call and then close the scam. Scammers are highly organized: some are responsible for getting members hooked, while others focus on closing the deal by extracting payment. They may say, “Please hold on the line, I am transferring the call to my senior treasury specialist,” or “Thanks for waiting, this is senior officer Matthews from the account department. My badge ID is…”|
  10. Insisting members keep quiet about special offers. If a scammer offers a special tax break, for instance, they will often demand the member not discuss it with anyone, as it would prevent them from getting the settlement. 


Suspicious Call/Email

Please remember that TopMark Federal Credit Union will never call or email you requesting your personal account information (we already have that).  Beware of calls or emails requesting account numbers, credit or debit card numbers, social security numbers, usernames or PIN numbers.  Typically these emails will claim that you have to respond quickly or your account/cards will be closed or blocked.



Phishing is a form of fraud that is commonly employed via email. Phishing attempts occur when an email is sent and may look legitimate but is not. Phishing scams, as in fishing for information, typically rely on email recipients recognizing familiar products or websites. The messages will attempt to fool the recipient into revealing sensitive information. The mechanisms used may entice the recipient to (a) click on a link leading to a fraudulent website (although it may appear legitimate), (b) reply to a specific offer or request in the email, or (c) download an infected attachment.

Here are some tips to help you avoid becoming a victim of these threats:

  • Think before you click. Be cautious with any message you don’t expect or that doesn’t make sense. If you get a message from the New York police about a speeding ticket but you have not been driving in NY recently, it’s bogus. Delete immediately. Even if you had been driving in NY, ask yourself whether it makes sense that the NY police have your e-mail address. Probably not.
  • Be wary of offers of something for nothing. These are most likely scams. Won the lottery without entering? A free gift card from a store you don’t patronize? Likely bogus.
  • Carefully scrutinize the destination of links in e-mails and text messages. Hover your mouse/finger over the link to see where it really goes. Clever phishers sometimes include valid links among the malicious links in the e-mail in a further attempt to disguise their intent.
  • Do not respond to unsolicited requests for sensitive information, whether by e-mail, phone, or text message. If an unsolicited caller starts asking for personal information, it’s time to end the call.|
  • Do not submit personal information via website pop-up screens. Legitimate organizations do not ask for personal information via pop-ups.


The Federal Trade Commission,

The company that the email reportedly came from, companies may have a “to report abuse” email address.

Just remember to include the entire original email with its original header information when you forward to the FTC or other entity when reporting phishing.

For more information on scams, visit the FBI’s website, or the NCUA’s website,