Protect Yourself

Account Takeover Fraud

Beware of Account Takeover Fraud: How Scammers Are Draining Accounts

Account takeover fraud is on the rise, and financial institutions are seeing an uptick in these sophisticated scams. This type of fraud happens when a scammer gains access to your account and makes unauthorized transactions.

How do they do it? Typically, through phishing scams. Fraudulent emails or text messages that look like they’re from your credit union but are actually designed to trick you into sharing your login details. Once scammers have that information, they can lock you out and steal your money before you even realize what’s happening.

Real-Life Example: A $70,000 Scam

One account holder lost $70,000 after receiving an urgent text message that seemed to be from his financial institution. The message asked him to click a link and log into his account to resolve an issue. Trusting the message, he entered his login details.

Four days later, he discovered that the scammer had:
Changed his password and locked him out
Opened a new account in his name at his financial institution
Transferred the $70,000 into the new account
Moved the money onto a reloadable gift card, making it nearly impossible to recover

Unfortunately, even with fraud awareness efforts, scammers still find ways to trick people.

How We’re Fighting Back—And How You Can Stay Safe

At TruEnergy FCU, we take fraud prevention seriously and are constantly working to protect your accounts. Here are some key security measures being implemented across financial institutions:

🔹 Enhanced Security for Transfers: Only allowing account-to-account transfers when the member is joint on both accounts.
🔹 Extra Verification: Double Multi-Factor Authentication (MFA) is critical for extra security.
🔹 Fraud Monitoring: We use real-time fraud detection with behavioral analytics to spot suspicious transactions.
🔹 IP & Device Security: Blocking suspicious activity with IP checks, device recognition, and stricter login protections.

Protecting Against SIM Swapping: What You Need to Know

SIM swapping—also known as SIM hijacking—is a fast-growing form of fraud that can compromise your mobile identity and unlock access to your most sensitive online accounts. Criminals use personal details collected from phishing, data breaches, or even social media to trick mobile providers into transferring a victim’s phone number to a new SIM card under their control.

Once that switch is made, the fraudster can intercept calls and texts, including one-time passcodes used for two-factor authentication (2FA). From there, they can initiate password resets, gain access to financial platforms, and take over your digital life.

Warning Signs of a SIM Swap

Even if a user insists they didn’t share their credentials, a SIM swap may be the real culprit behind an account takeover. Common red flags include:

  • Sudden loss of mobile signal or being stuck in “roaming” unexpectedly

  • Inability to send or receive calls and texts

  • Notifications about changes to login credentials or unusual login attempts

  • PIN resets or messages from the user’s mobile provider they didn’t request

What’s Vulnerable

When fraudsters succeed, the damage goes beyond just one account. Here’s what they can access:

  • Banking & Payment Platforms: Apps tied to your phone number can be breached

  • Social Media & Online Profiles: Accounts can be stolen or impersonated

  • Device Access: Saved data, contacts, and messages are all exposed

  • Personal Info: Names, addresses, and birthdates can be leveraged for further fraud

How to Reduce the Risk

Preventing SIM swaps requires a layered approach to security:

Use Safer Authentication Methods

  • Avoid relying on SMS for 2FA

  • Use authenticator apps like Google Authenticator or Authy

  • Enable biometric logins or hardware security keys when possible

  • Implement risk-based authentication to verify users during suspicious activity

Tighten Account Controls

  • Require identity verification across multiple channels before changing a phone number or resetting credentials

  • Monitor accounts for unusual transactions and recent SIM card changes using mobile carrier data

  • Flag potentially compromised accounts for extra verification steps

Educate Your Members or Customers

  • Share tips on how SIM swapping happens and how to stay safe

  • Promote carrier-specific protections like SIM locks or account PINs through providers like Verizon, AT&T, T-Mobile, and US Cellular

  • Encourage digital hygiene: complex passwords, MFA everywhere, and phishing awareness

  • Recommend freezing credit to reduce the risk of identity theft or fraudulent account openings

Need Help or Want to Learn More?

If you’d like to explore additional fraud mitigation strategies or need help identifying potential SIM swap activity, our risk specialists are here to support you.

📧 Contact: [email protected]
🔗 Explore more risk resources or register for our Let’s Talk Fraud webinars

How You Can Protect Yourself

NEVER click on links in unexpected emails or text messages claiming to be from your credit union.
ALWAYS go directly to your credit union’s website or app to log in.
DOUBLE-CHECK the sender’s email or phone number. Scammers often use fake addresses that look real.
CALL US if you ever receive a suspicious message about your account.

If something feels off, trust your gut and reach out to us. We’re here to help!

🚨 Think you’ve been targeted by a scam? Call us immediately at 703-750-4394 to secure your account.


Skip to content