eMail & Website Fraud


In recent years, the Internet has become an appealing place for criminals to obtain consumers' identifying data (such as passwords or banking information), then use them to gain unauthorized access to financial accounts, for identity theft, or to engage in other illegal acts.

We want you to be aware of some of the more prevalent ways criminals are attempting to obtain your information and how to prevent yourself from becoming a victim. Click a topic below to learn more.

email Fraud

email and Web site fraud, often referred to as "phishing," "carding," or "spoofing," involves a fraudster sending you an email request that appears to be from a business with whom you normally deal-for example, an Internet service provider (ISP), online payment service, or bank. The email may instruct you to "update" or "validate" your information, including account information, Social Security number, passwords and other sensitive information via email, or by directing you to a phony Web site that looks like the legitimate business. By complying with the email instructions, you unknowingly provide this information-not to the legitimate company-but to the thief. The information is then used to transfer money, make payments, and commit other illegal acts. Email scams may also carry worms or viruses that can further harm you by dropping potentially damaging viruses onto your computer system.

Phony Web Sites

Often used in connection with email fraud schemes, fraudsters will create a Web page or Web site that is similar to that of the legitimate company, using a URL address that is similar to that of the reputable business. For example, the address of the phony Web site or Web page may use a common misspelling of the company's name or may add a word, symbol or number before or after the name. Even if you do not receive an email directing you to such a site, you may accidentally mistype the address of a legitimate site in your browser and end up on the phony site. The fraudster's hope is that you will continue to conduct your online transactions as usual, entering personal information, account numbers, and passwords. RFCU continues to provide security controls to protect your information, you can help protect yourself and your accounts by following these guidelines:


  • The safest approach is to immediately delete email from unknown sources, before opening the email.
  • Avoid clicking on any links in unsolicited email, particularly emails that ask (either directly or by pointing to a Web site) for personal, financial, or identity information. Instead, directly type the Web site destination into your browser or use a trusted bookmark to verify the site or to log into your account directly.
  • Inspect the company logo, if used in the email or the linked Web site, and compare it to that used on the legitimate Web site of that company. Be suspicious of emails or Web sites if the logo is distorted or looks as if it has been stretched.
  • If you receive an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.
  • Avoid sending personal and financial information over the Internet. Before submitting financial information through a Web site, look for the padlock icon on your browser's status bar. It signals that your information is secure during transmission. If you double-click on the padlock, you can view the security certificate.

Web Sites

  • Bookmark trusted Internet destinations or, if you enter the website address directly, recheck it to ensure you have entered the correct address before providing personal information on a site.
  • Be suspicious of an information-collecting Web page that is an "orphan" page. In other words, you cannot locate a home page for the company, or the home page has an "under construction" message on it.
  • Look for the presence of an "@" symbol anywhere in the page URL. This is usually indicative of a fraudulent website.
  • Ensure you know the person/entity to whom you are giving information over the Internet.
  • Only do business with Internet companies that use a secure form to capture private information. To verify your session is secure, look for "https:" instead of "http:" in the URL address line, as well as the padlock icon on your browser's status bar. You can read more about the measures taken by RFCU to protect your information in our Security Statement.
  • You should always review credit card and bank account statements as soon as you receive them make sure there are no unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Reporting Suspicious or Fraudulent Communications and Transactions

You should report suspicious activity or email communications to the Federal Trade

Commission (FTC). Send the actual email you received to (If you believe you've been scammed, file your complaint at, then visit the FTC's Identity Theft Web site to learn how to minimize your risk of damage from identity theft.)

Reporting Suspicious or Fraudulent Activity Involving Your RFCU Account

If you receive a suspicious message that appears to be coming from RFCU, or discover a potentially phony RFCU Web site, please let us know by calling (800) 562-7328 or (781) 878-0232 or emailing us by using the secure email form on our website. We take these incidents seriously and work with our internal investigations team and law enforcement agencies to investigate them.

If you suspect fraudulent activity related to your RFCU account(s), please contact us immediately. Call (800) 562-7328 or (781)878-0232 to place holds on your accounts.

More Information about Identity Theft and Fraud Prevention