What they’re up to – Real fraud cases at OAS FCU

What they’re up to – Real fraud cases at OAS FCU

Current, real-life fraud cases at OAS FCU so that you’re aware of what’s happening and protect your account.

Due to the creativity and inventiveness of modern-day fraud, OAS FCU will be informing members almost in real time on new fraud cases that we see happening to our members. Today we bring you a very clever scam involving members’ online banking access.

How it starts
phone - cyrbersecurity

The member receives a text message that reads “OAS FCU fraud alert: Did you just try and charge $XXX  at such-and-such merchant? Reply YES to authorize, STOP to cancel the transaction. As the member has assuredly not made this purchase, they reply STOP. A few minutes later they receive a phone call from someone claiming to be from the credit union.

How they get in

This caller asks the member to confirm their identity by providing their Online Banking Login ID (not the password). The member provides it, and the caller says that they are sending a security code to their phone to verify their identity. The member reads it to the specialist to confirm their identity.

They go over the most recent transactions on the member’s account while on the phone, in order to confirm that there are no other suspicious transactions; the member recognizes all the transactions, so everything seems fine and the fraud seems to have been stopped just on time. Finding no issues, the caller offers to allow the member to change the PIN number on their card so that their debit card will not be used again.

The final piece of the puzzle

The member provides their current PIN number and proceeds to choose a new one. After that, the caller says the number has been changed, that they have denied the payment mentioned on the text message and that the member should use the card.

headphones - fraud cases - cybersecurity

Soon after the member finds out that the account has been wiped clean of funds via a series of Peer-to-Peer (P2P) transfers of funds.

What really happens

The fake caller uses the member’s user ID to attempt to log in to the Online Banking. However, instead of using the password –which they didn’t know- they click the “Forgot password” option at the login, and select to receive a security code via SMS message. That is the code that the member reads to them over the phone, granting them access to the account, where they immediately set a new password.

At that point, the scammer has access to the member’s account and reads legitimate transactions to them over the phone, giving the whole process a large degree of credibility. After all, this person is reading actual, real transactions on the account.

When the member elects to change the card’s PIN code? That doesn’t really happen, either. OAS FCU doesn’t change PIN numbers over the phone. Instead, the member gives the scammer their debit card PIN number, which the scammer then uses to authorize however many Peer-to-Peer (P2P) transfers needed to transfer funds out of the account and empty it.

What OAS FCU will never do

We will never call you and:

Man paying making an online payment with a card on a laptop. Cybercrime.

  • Ask you for your login credentials (not your User ID or password)
  • Have you give us any card PIN number, be it debit or credit
  • Ask you for personal identifications numbers: your full social security number, TIN or driver’s license/passport number
  • Request that you provide us any codes that we have sent you via phone or email
  • Ask you to provide any of your card numbers, be it debit or credit.

We may ask you to confirm things such as the last four digits of your social security number or credit card, or to give tell us a previously-specified security code that you have set into your account for when we speak with you on the phone.

What we will do

  • Block your card(s) when we detect suspicious activity –so that you will call us
  • Notify you with any activity that meets the criteria you set on your eAlerts for your account(s).

What you can do

Following are a list of things you can do to protect your account at OAS FCU:

  • Ensure that the email address that you have set on file for notifications is one you check every day. You may verify this via your Online Banking, selecting My Profile > Security Preferences. There, click ‘Secure delivery’.
    Where to set account security English
  • Also make sure that we have your current mobile phone number on file (in the same place as the email).
  • Set up eAlerts on your account. They will notify you via email or text message of any transaction higher or lower than any amount you choose –or of ANY transaction, if you want- that takes place on an account. To set your security alerts up now, on your Online Banking click My profile > Alerts setup.
  • Add the email address notifications@oasfcu.org to your contacts list on the email address where you receive notifications and alerts from us. That way, when we contact you, it will never go to your spam folder.
  • Hang up if you receive a call from us that sounds like we described, or asking you for any of the things we said we’d never ask for. Then, call us right away at 202-458-3834, we answer 24/7.
  • Downloading CardNav on your phone. This free app gives you complete control over your OAS FCU debit card(s). You can set when it can be used, and where, and how; you can set it to notify you of every single transaction the moment if happens. Additionally, you can quite literally, turn it off when you aren’t using it. It provides 100% security to your cards. And like we said, it’s free!


  • This field is for validation purposes and should be left unchanged.