Skip to main content Skip to footer
Common scams & cybercrimes

Common scams & cybercrimes

Educating yourself on common scams
is your best defense

Common fraud and identity theft scams

Fraudulent scams have been around for centuries. The only differences between centuries ago and now is that it continues to evolve. To protect yourself and your assets, the best defense is knowledge.

The common scams and cybercrimes seen in the financial industry include but are not limited to: malvertising, malware, phishing, ransomware, social engineering, and vishing among others.

TDECU takes security very seriously. Open each section below to learn more about each scam topic.

Credit/Debit Card Fraud Prevention Tips


Malvertising is the use of online advertising to spread malware. Typically, it involves injecting malicious or malware-laden advertisements into legitimate online advertising.

Fraudsters can inject advertising content can into high-profile and reputable websites. Malvertising provides fraudsters the opportunity to push their attacks to unsuspecting web users who might not otherwise see the ads, due to firewalls, more safety precautions, or similar.

Preventative measures can be taken to minimize risk including:

  • Keep your operating system, web browsers, and commonly used programs (such as Adobe Flash and Reader) up-to-date regularly.
  • Download and use anti-virus software to protect against threats and removed malicious software from systems and keep them up-to-date daily.
  • Use ad blocking software to avoid downloading the malware contained in advertisements whether through a native web browser or a third-party extension.

Related links:


Phishing is a term used to describe the fraudulent attempt from those who seek to obtain sensitive information such as usernames, passwords and credit card details. This is often done by disguising as someone trustworthy through electronic mediums. Email spoofing and instant messaging are the most common methods of phishing but not the only ones. Phishing attempts often direct users to enter personal information at a fake website which matches the look and feel of the legitimate site.

Minimize phishing scam risks:

  • Use security software: set your computer's operating system, web browsers and programs to automatically update so it can deal with the latest security threats.
  • Protect your smartphone: Set your smartphone to automatically update software automatically. This is critical fo the protection of security threats.
  • Use multi-factor authentication
  • Back up data

Related links:

Ransomware and Malware

Malware is malicious software (program or file) that's harmful to a computer or smartphone user. It can include computer viruses, worms, Trojan horses and spyware.

Ransomware is a form of malware that works by encrypting a victim's files. The attacker then demands a ransom from the victim in exchange to restore access.

Protecting against malware:

  • Keep your software up-to-date: install and keep protection software up-to-date
  • Do not click on email links: If you do not recognize a sender of an email or the links look suspicious, do not click it.
  • Antivirus software: Use and keep antivirus software up-to-date.
  • Back up your computer: Regularly back up your computer files to an external hard drive, cloud backup service, or other online back up service.
  • Strong passwords: A strong password is one that is complex containing a mix of letters, numbers, and symbols. Use eight characters or more and make them easy to remember with short phrases separated by spaces or underscore marks such as "living_b1g_in_TX!".
  • Use a firewall: PCs and Macs both come with built-in firewall software. Check to ensure they are enabled.
  • Minimize downloads: Ensure your web browser's security settings are high enough to detect unauthorized downloads.
  • Use pop-up blockers: Web browser have the capability to stop pop-up windows and allow you to set the security individually.Generally, never click on a link from a pop-up window.

Related links

Social Engineering

Social engineering is the practice of manipulating people into giving up confidential information. Types of information criminals seek may vary. When an individual is targeted, the criminal is typically attempting to trick them into obtaining their passwords, bank information, access to a computer and more.

Such attempts may appear to come in the form of an email from a trusted friend, a trusted source, instant messages, and more. The content may appear authentically, compelling and even realistic. It may also contain a link or download which tricks you into giving away information or embedding malicious software.

Ways to protect yourself:

  • Reject offers or requests of help - Legitimate companies and organizations do not contact you to provide help. If you didn't request assistance from the sender, consider offers to help restore credit scores, refinance homes, answer questions, etc., a scam.
  • Secure your computing devices - Install anti-virus software, firewalls, email filters and keep these up-to-date. 
  • Set spam filters to high - Email programs should have a spam filter. Set these to high and remember to periodically check your spam folder to see if legitimate email was accidently moved there.
  • Delete requests for financial information or passwords - If you're asked to reply to a message with personal information, it's likely a scam.

Related links:


Vishing is the term used for someone committing fraud by making phone calls or leaving voice messages pretending to be from a reputable company or organization in order to fool people into revealing personal information such as bank details, credit card numbers, and personal information.

Smishing is a type of phishing attack using SMS (short message services - or text messages) on cell phones.

Protecting yourself:

  • Be aware: Be aware that scams exist.
  • Be suspicious of unknown callers: Be suspicious of phone calls as if they were email asking for personal information. Experts suggest letting all calls from unknown callers go to voicemail.
  • Don't trust caller ID: Your caller ID may display a phone number or name of a legitimate company you recognize. But, that doesn't guarantee the call is really coming from that number or company. Caller ID spoofing is easy.
  • Ask questions: If someone is trying to sell you something or ask for personal or financial information, ask them to identify themselves, who they work for, and then check them out to see if they are legitimate.
  • Call them back: Tell the person on the other end you will call them back to verify the company is legitimate. Or, call them back using a number from your bill or card. Never provide credit card or private information to anyone who calls you.
  • Register with National Do Not Call registry: Go to and register your phone numbers. While criminals and telemarketers may ignore the list, if you are on the list and get a call, that could be a tip the offer is bogus. Most legitimate telemarketers obey the rules and laws about contacting consumers.

Related links:

Security and fraud tips, tools and advice to help protect you

Live Chat