All Point Breeze Credit Union offices will be closed on Monday, January 20, 2025 for Martin Luther King Jr. Day. Enjoy easy access to your accounts via Online Banking, Mobile Banking and AUDRE (Phone Teller). View the full list of holidays here.
Make an Appointment

Security & Fraud Prevention

Helping you identify scams, prevent fraud and safeguard your accounts

Consider these tips as we work together to fight fraud

Receive fraud text alerts

You're automatically enrolled if your number is on file with us. You'll receive a text message if a suspicious transaction is detected on your debit or credit card. Make sure we have your current email address and mobile phone number on file to ensure timely fraud monitoring communications.

These are example of message you may receive. Simply reply 'Yes' if the transaction is valid or 'No' if it is fraud. You can choose to opt out of this free service* at any time by replying 'Stop' to any message received from our Fraud Center.

IMPORTANT REMINDER: Point Breeze Credit Union employees and any third-party representatives with whom we contract to provide service to our members, will NEVER call, email, or text you to ask for your username, password, credit or debit card number, PIN, or security code. If someone claiming to be from Point Breeze Credit Union asks for this information, do not respond. When in doubt, call us immediately at 410.584.7228 or using the number on the back of your card. You should never, ever give out your personal, confidential, or sensitive information to anyone by unsolicited phone call, text or email.

An important part of online safety is knowledge. The more you know, the safer you'll be. Here are some tips on how to stay safe online:

  • Set good passwords. A good password is a combination of upper and lower case letters, numbers, and special characters, and is not easily guessed. Change your password frequently. Don't write it down or share it with others.
  • Don't reveal personal information via email. Emails and text messages can look like they are coming from a trusted sender when they are actually from someone else. Play it safe. Don't send your personal information such as account numbers or passwords via email or text.
  • Don't download that file. Opening files attached to emails can be dangerous, especially when they are from someone you don't know, as they can allow harmful malware or viruses to be downloaded onto your computer. As an additional measure of protection, make sure you have a good antivirus program on your computer that is up to date.
  • Links aren't always what they seem. Never log in from a link that is embedded in an email message. Criminals can use fake email addresses and make fake web pages that mimic the page you expect. To avoid falling into their trap, type in the URL address directly and then log in.
  • Websites aren't always what they seem. Be aware that if you navigate to a website from a link you don't type, you may end up at a site that looks like the correct one, when in fact it's not. Take time to verify that the web page you're visiting matches exactly with the URL that you expect.
  • Log off from sites when you are done. When you are ready to leave a site you have logged in to, be sure to log off rather than just closing the page.
  • Monitor account activity. Monitor your account activity regularly, either online or by reviewing your monthly statements, and report any unauthorized transactions right away.
  • Assess your risk. We recommend periodically assessing your online banking risk and put into place increased security controls where weaknesses are found; particularly for members with business accounts. Some items to consider when assessing your online banking risk are:
    • Who has access to your online business accounts?
    • How and where are usernames and passwords stored?
    • How strong are your passwords and how often are they changed? Are they changed before or immediately after terminating an employee who had access to them?
    • Do you have dual controls or other checks and balances with respect to access to online banking transactions?

Phishing is a type of email scam in which identity thieves send official looking emails with urgent-sounding messages asking the recipient to click a link within the email. The link takes you to a website, which may look like Point Breeze Credit Union's website, where you will be asked to provide confidential information such as account numbers, credit card numbers, or other sensitive information. Fraudsters send these emails and text messages to a large group of random email addresses, hoping to reach at least a few of our members.

Point Breeze Credit Union will NEVER send unsolicited emails or text messages asking you to give or verify personal information online or by phone.

Please contact us immediately if you ever have questions or concerns about suspicious messages you may have received.

Identifying Safe Email

Email is a timely, effective and convenient way to communicate with our members. Therefore, we have outlined the types of emails that we DO send and how you can tell if the email you receive is real or a fake.

  • Email Alerts – These are emails that notify you of balance information, a check that has cleared or Certificate of Deposit maturity dates. Alert emails are set up by you, the end user, so you are in complete control. These emails will NEVER contain links to a website.
  • Online Bill Pay Emails – These emails notify you when a bill has arrived or when a bill has been paid. You can change your Online Bill Pay options for each payee. These emails will NEVER contain links to a website.
  • Password Changes – Whenever you change your Online Banking password, an email is automatically sent to your email address on file. These emails will NEVER contain links to a website.
  • eStatement & eDocument Notifications – These emails are sent to notify you that your eStatement is available online for your review or when a new document has been posted to your account. These emails will NEVER contain links to a website.
  • Marketing Emails – These emails are designed to keep you informed of current promotions and specials. These emails may contain links back to our website. If you still feel uncomfortable clicking a link, please visit our website by typing our web address into your web browser or utilizing your saved bookmarks.

How to Protect Yourself

  • Do not respond to emails requesting personal information, and do not click on links within suspicious emails.
  • Do not call phone numbers listed in messages you receive. Instead, go to our website to find our number or look on the back of your credit/debit card.
  • Update your computer software with current versions and utilize virus protection and firewall software to protect data.

It usually comes as a phone call that sounds urgent or alarming. An unsolicited caller tells you your bank account has been compromised, and that they need your PIN so they can verify your identity or unlock the account. Or, they say they’re from a government agency, such as the IRS or the Social Security Administration. Sometimes they insist you owe money. Or, they might announce you’re a lucky winner — but you’ll need to pay for shipping and handling to claim your prize.

These are all examples of “vishing,” a term that combines “voice” and “phishing” to describe a scam perpetrated by phone. Phishing refers to any attempt by cyber criminals to steal money or personal information from people through deceptive practices. It can also be perpetrated through email and short message or texting systems (known as “smishing”).

Vishing calls might come from an actual person or use automated robocall technology or some combination of both. The caller may know nothing about you, or they may provide information such as your address or even the last four digits of your Social Security number to win your trust. In every attempt, there will be a request for more information.

The bottom line? You should never give out personal information to an unsolicited caller, no matter who you think they are.

Criminals continue to use vishing techniques because they realize that talking quickly and persuasively can catch many people off guard. While some of these attempts are easy to detect, others are subtle enough to fool even cautious consumers, especially when the caller makes it seem like urgent action is needed.

One of the reasons these deceptions can be so convincing is that criminals can use personal information they’ve harvested from other sources to make a vishing attempt sound like an honest exchange. They also spoof phone numbers that belong to established organizations, which makes them appear legitimate on your caller ID. And they may lower your defenses with excellent imitations of call center professionals.

How to Protect Yourself

  • Don’t answer calls from numbers you don’t recognize. Bear in mind, however, that vishing scammers sometimes leave voicemails with a callback number. Do not call a number back without checking to see if it belongs to a business you know.
  • Do not trust caller ID numbers. Criminals are routinely spoofing legitimate numbers of established companies and services.
  • If you are suspicious, even if you recognize the caller’s organization, hang up before you give out any information or do not answer. If you think the call might be legitimate, call back a number you’ve verified independently — do not use your callback function.
  • Do not give any caller personal information, even if they know some of your personal information already. Scammers can steal personal information from other sources or find it on the dark web and will use what they know to trick you into giving them more. The fact that a caller knows something about you is not enough of a reason for you to trust them.
  • Remember that Point Breeze Credit Union, like many businesses, will never ask you for account details unless you call us first.

 

Phishing is one of the most common tactics used in online identity theft and cybercrimes. Phishing is the fraudulent attempt to obtain a user’s sensitive information, such as usernames, passwords, and credit card details, by disguising oneself as a trustworthy entity in an email.

A popular variation of this tactic, smishing or SMS-phishing, has emerged as a growing cyber threat. Smishing is a text-message-based variation of the email-based scams that have been a staple for malicious actors for many years. Smishing is an attractive tactic to cybercriminals because victims are often under the misconception that their text messages are somehow more secure than their emails. This is a dangerous misunderstanding and one that fraudsters are all too willing to take advantage of.
More than 20 billion text messages are sent every day in the United States. A growing number of texts are from criminals attempting to scam you. They can send millions of smishing texts at the same time to a large number of targets. And because smartphone users are three times more likely to fall for fake text messages than computer users are to fall for fake email messages, text message scams are on the rise.

A common smishing tactic is to send a text warning about a fake problem with one of your accounts and ask follow-up questions to confirm your identity. The initial text may look like it came from your bank or credit card company, expecting you to rely on the legitimacy of the source and react quickly. Scammers know that you will do anything to protect your hard-earned money and take immediate action by responding and following instructions.

One such example is a text message claiming to be from your financial institution's fraud department asking you to confirm if you made suspicious charges or withdrawals by texting back a ‘yes’ or a ‘no’. After responding 'no', you are asked to provide your online banking username and password to their investigation team, which is used by the criminal to access your account, reset the password, and start removing money from your account.

Point Breeze Credit Union may email, text, or call you if we detect unusual account activity. However, we will NEVER ask for your username, password, credit or debit card number, PIN, or security code. If you receive a suspicious text message or email claiming to be from Point Breeze Credit Union, don’t respond, click on any links, or open attachments and contact us immediately at 410.584.7228. Don’t login to your account from a link in a suspicious message. Close the suspicious message and login using the Point Breeze Credit Union mobile app or type https://pbcu.com into a new browser window or tab.

How to Report Spam Text Messages

  • Forward suspicious text messages to 7726 (SPAM). This helps your wireless provider spot and block similar messages in the future.
  • Report it on the messaging app you use. Look for the option to report junk or spam.
  • Report it to the FTC at ReportFraud.ftc.gov.

Skimming is the copying of electronically transmitted full track data on the magnetic strip of a credit card, to enable valid electronic payment authorization to occur between a merchant and the issuing financial institution. The skimmer simply wants all the data located on the magnetic strip including the credit card number, name, CVV number, and any other discretionary information.

Skimming can occur in restaurants, hotels, gas stations and at ATMs. These locations are popular due to heavy customer volume, credit cards being the common method of payment, multiple employees, and high employee turnover.

Here are some examples of how it works:

Credit Cards

  1. Customer uses a credit card to pay for dinner.
  2. Restaurant employee walks away from table to run the card through the cash register, but before getting to the register swipes the card through a small, concealed hand-held device that copies and stores the account data. The stolen card information is later downloaded (or downloaded right away from a wireless device) to a computer.
  3. The information is then encoded on a counterfeit card, or re-encoded on a lost/stolen card. The fraudulent card is then used to make purchases.

ATMs

  1. The skimmer is mounted to the front of a normal ATM card slot. Once a card is swiped, the skimmer reads the data on the strip while also allowing the person to do regular transactions and receive money.
  2. The data is then transmitted to the criminals where they encode the data. At the same time the data is being received by the criminal, a wireless camera that is disguised (sometimes as a brochure holder) captures the customer's PIN.
  3. Once all the information is received, the criminal is able to make duplicate cards and withdraw money using any ATM.

How to Avoid Getting Skimmed

  • Be aware of your surroundings. If a Point-of-Sale device looks suspicious, have the sales person swipe the card through the cash register. Make sure you are aware of who has your credit card information and what transactions are being charged.
  • Keep in contact with your financial institution to verify all transactions on your credit or debit card. This will enable you to identify fraud quickly. Monitor your account activity through Online Banking and review your monthly account statements carefully. If you see any suspicious activity or unauthorized transactions, notify the financial institution immediately.
  • Keep your PIN in a safe and secure place. Shield the keypad when typing in your PIN so others behind you are unable to view your PIN.

If you notice something suspicious at an ATM or retailer location, do not tamper with any switches or buttons or try to open the device. You could delete the stored data and lose valuable evidence. If you see or suspect anything suspicious, contact your local U.S. Secret Service office at 443.263.1000.

Point Breeze Credit Union is a full-service financial institution with locations throughout Maryland.

*Standard rates and fees from your wireless carrier may apply.