Fraud FAQs

No, it is not safe. If your account has been flagged for any reason, SECU will never ask you to authenticate your account via email. See an example of a fraudulent email below:


A fraudulent email

Although a website appears to look safe, it may not actually be safe — a quick glance at the address bar will show that the website is NOT a SECU website. Always make sure that you see ‘secumd.org’ between ‘https://’ and the next ‘/’ in the URL address bar. See an example below:


Don’t click links you are suspicious of — hover your mouse over the button to see the full website link, and then determine if the link is safe. What looks like a legitimate hyperlink can be a disguised link to a criminal website.

When in doubt, hover your mouse over the text of the hyperlink to see the full URL, which will verify it leads to a legitimate website. Better yet, open a browser window and manually type in the hyperlink yourself to prevent being re-directed to an unsafe website.

Hang up — SECU will never call you to ask for sensitive details such as these. Scammers may call pretending to be from SECU. Never provide personal information like your date of birth, social security number, financial data, or other personal information in response to a robocall.

A legitimate email

Yes — this is a legitimate activity alert from SECU. There are no suspicious web links or attachments. There are no spelling errors, awkward formatting, or obvious grammatical errors. The message does not include an urgent or threatening tone.

Email that uses urgent language and unreasonable consequences

No — this email and web link are suspicious. A common tactic fraudsters use in phishing emails is to use urgent language and unreasonable consequences to inspire a victim to click on a malicious web link or attachment. Cyber criminals often include links to spoofed websites designed to look like the legitimate website.

If the victim enters their username and password into these sites, their credentials are recorded so that they can be used for account takeover. They may even ask you to select challenge questions and provide answers in an attempt to bypass two-factor authentication.

It is best to use a one-time passcode, instead of challenge questions to further secure your online and mobile banking.

Email that has poor spelling and grammar

Yes — the spelling and grammar are poor, which is a red flag. The majority of social engineering pre-texts disguise themselves as a well-known company to make them appear trustworthy. These emails often have misspellings, improper grammar, or awkward wording that can be a sign that it is a scam. Large well-known organizations would not distribute an email with these types of errors.