What NOT to Tell Your Financial Institution

By Garrett Lloyd | Jan 30, 2023 12:46:38 PM

We’d all like to think we can spot a scam from a mile away. The numbers, however, tell a different story. In 2021 alone, consumers reported losing more than $5.8 billion to fraud (Federal Trade Commission). Many of these losses were the result of imposter scams; that is, scammers pretending to be someone their victims know and trust. These scammers may even try to convince you that they’re from your financial institution. They might tell you there’s an issue with your account and you need to deposit money as soon as possible, or that they need to help you log into your online bank account.

So, how can you know who to trust? Take a look at the four tips below to help you and your money stay safe from scams.

Never disclose your login credentials.

It seems like common sense that you should keep your usernames and passwords private. But scammers know that if they pretend to be someone you trust, you’re more likely to let your guard down. Remember: Your login credentials are for you only. If you receive a text, phone call, email, or a message on social media from someone asking for you login credentials, do NOT disclose them—even if the person reaching out to you claims to be a family member, a friend, your financial institution, a love interest, or even a government agency like the IRS.

Never reveal your access codes.

If you’ve ever forgotten your username or password to an app, a website, or your online bank account, there’s a good chance you’ve had experience with access codes. Here’s a quick review in case you’ve forgotten or aren’t familiar with access codes.

Access codes or “security codes” are temporary codes—typically between four and six digits long—that you can request to be texted, emailed, or phoned to you, usually in the event that you’ve forgotten your username or password. These codes are only valid for several minutes. Once you’ve received the code, you’ll provide it in place of your usual login credentials. As long as you enter it in correctly, you’ll be given temporary access so that you can set up a new username or password.

In order for an access code to be an effective security measure, it has to be sent to an email address or phone number that ideally only you have access to. But there’s a surprisingly easy way for scammers to get around this hurdle: by simply asking you to give them the access code. Beware of anyone who contacts you claiming they need to help you log into one of your accounts, and never give them your access codes.

Got a bad feeling? Hang up.

Through a process called “spoofing,” scammers can make it look like incoming calls are coming from a person or place you recognize, such as your financial institution. Of course, this doesn’t mean you should always assume the worst when you get a call from your bank or credit union. But if the person on the other end of the line starts asking you to divulge information like your login credentials, access codes, or card numbers, play it safe. Hang up the phone, look up the number for your financial institution, and call them separately to see if they've really been trying to contact you.

Be wary of clicking on links.

Think twice before clicking on any links you’ve been sent in an email, as they could cause you to inadvertently download malicious software or “malware.” This method of attack (known as “phishing”) gives scammers access to the personal information on your phone or computer. This can include files, passwords to your accounts, or even your personal photos to help them create a social media profile under your name. This same kind of attack is known as “smishing” when it occurs by text message rather than email. If you’re unsure whether or not it’s safe to click a link or a button in an email or text message, don’t click on it.


When it comes preventing fraud and scams, you are the last line of defense. While usernames, passwords, access codes, and security questions help to keep your accounts secure, they won’t be effective if you voluntarily give out your private information. Following the guidelines above can help you stay safe from scams. Reach out to your credit union or bank if you'd like to verify the authenticity of an email, text message, phone call, or other correspondence you've received from them. Our team at Cyprus Credit Union can be reached by calling 801-260-7600 (extension 5000) or by chatting with us on CyprusCU.com.

Topics: fraud, scams, scam prevention, identity theft, fraud prevention, fighting fraud

Author: Garrett Lloyd