Beware of Fraudulent Websites

fake website

What is website spoofing?

Website spoofing, aka domain spoofing, occurs when a scammer creates a fraudulent website, mimicking USF Federal Credit Union’s online banking login pages, oftentimes with the goal of stealing your personal information.

A spoofed website can be hard to spot and difficult to identify. The website will have the same look and feel of the actual legitimate website. But when you fall for a fake website, you run the risk of compromising your personal data. Due to the growing threat that spoofed domains pose to credit union members, it’s important to learn the tactics spoofers use for their scams—and how to avoid them.

How does website spoofing work?

Scammers will register a domain name that is fairly similar to the credit union's legitimate domain name and host a website that looks very similar to the actual credit union website, including logos and branding.

You may be led to these spoofed websites by a phishing email, text message, or even search engine results. Always ensure that you are viewing an actual USF Federal Credit Union website that shows in the domain name.

After you have fallen for a spoofed website, you will likely carry on with your normal behavior without a second thought. This could include typing in your username and password or entering credit card information, which is exactly what the scammer is hoping for.

Even though you think it’s business as usual, the website is saving whatever information you enter. The scammer can then use your login information to gain access to your online banking accounts, or any other website that uses the same username and password.

Another danger with spoofed websites is that they can be programmed to drop malware onto your computer. This is potentially more devastating because they could gain access to any information you have saved on that device.

Ways to protect yourself

  • Don’t click on links in an unsolicited email or text message.
  • Don’t use the phone number a potential scammer provided in an email or text message. Look up the company’s phone number on your own and call to verify the authenticity of the message or request.
  • Don’t give out personal information such as passwords, credit card numbers, bank account numbers, dates of birth, or Social Security numbers.
  • Don’t respond to suspected phishing emails, text messages or phone calls, even if you think it would be fun to tease or trick them. It’s best to avoid responding in any way.
  • Do be suspicious of anyone pressing you to act immediately.

« Return to "Blog"