Security Tips


Beware of ‘SMiShing,’ ‘Phishing’ and ‘Vishing’ Attacks

Read below to keep yourself up to date on the latest methods fraudsters use to target victims and attempt to steal their identity.

Remember, Dow Credit Union does not send messages by text or by email asking you to verify personal information.  When you contact us, we may ask for personal information to confirm identity for your protection, such as your name, date of birth, and/or last four digits of a social security number, but we will never ask you for your PIN.

We urge you to be vigilant in guarding your personal information. If you ever have a question, contact us directly at our main branch number as provided here and on official credit union correspondence and statements: (925) 331-1010 option 4.

SMiShing Attacks
The latest high-tech crime wave involves sending fraudulent text messages to cell phones of unsuspecting consumers. The scheme is known as “smishing” – an acronym for short message services.

These SMiShing text messages appear to come from the consumer’s financial institution and may indicate a debit card has been inactivated. The consumer is instructed to contact a number and provide their PIN to reactivate the card.

Phishing Attacks
Fraudsters also use unwanted e-mail to lure people into fake Web sites to obtain personal information and commit identity theft. Victims receive fraudulent e-mails containing authentic looking logos and familiar graphics.  Your credit union never will send you an e-mail—or call you by phone—asking for personal data.  We already have this information.

Vishing Attacks
Similarly, in ‘vishing’ attacks scammers represent themselves as the consumer’s financial institution in voice messages or telephone calls.  This use of social engineering and Voice over Internet Protocol (VoIP) technology exploits the public’s trust in landline telephone services.  Victims are asked to ‘re-verify’ their personal information and provide passwords.

Tips from the Credit Union National Association

Be a Cautious Internet User:
• Install a firewall. This is the primary block between you and other computers on the network.

• Install, run, and update antivirus and antispyware programs. Visit to check ratings
of spyware removal programs.

• Ensure your browser is up-to-date with security patches. Set your computer to do so automatically.

• Never use links within e-mail to visit a Web site.  Open a new browser window and type the URL (uniform resource locator) in the address bar.

• Don’t fill out e-mailed forms that ask for personal information. The only way you should send credit card or account information is via a secure Web site—you’ll see https (s for secure)and the padlock icon on the browser frame; click on the lock to view the security certificate.

• Be cautious of and don‘t respond to urgent, upsetting, or exciting e-mails requesting personal information.

• Be suspicious if someone claiming to be from your financial institution asks for confidential information. This information should alreadybe on file.

• Review statements closely and report any suspicious activity to the source of the statement. If
you generally receive statements by mail, call the company if a statement is late to make sure an ID thief hasn’t redirected your mail by changing your address.

• If you have online access, monitor your accounts frequently. That assures you’ll notice unauthorized transactions promptly and can take steps to prevent more transactions.

• Change your online banking and shopping account passwords often—every three to six months.   Experts recommend using passwords with a combination of letters (upper and lowercase), numbers, and symbols.

• Request a free copy of your credit report from the three major credit-reporting agencies—Experian
(, 888-397-3742); (, 800-685-1111); and TransUnion (, 800-888-4213).

The Fair and Accurate Credit Transactions Act (FACT Act) requires each major credit bureau to provide one free credit report annually to consumers who request a copy (, 877-322-8228). If you’ve mistakenly taken the bait, call the company that’s been spoofed right away. If you’re quick enough, you might be able to change your password or account number in time to stop unauthorized transactions.