To continue enjoying all the features of Navy Federal Online, please use a compatible browser. You can confirm your browser capability here.

Beware of the Bait

Phishing scammers posing as legitimate businesses try to lure account holders into providing personal or financial information. These phishing scams can be conducted by email, phone calls, text messages or social media.

If a Suspicious Message Appears to Be From Us

Navy Federal will never solicit your personal information over the phone, through text, email or social media. Please notify us of any suspicious messages that appear to be from Navy Federal and provide the following information. For security reasons, please don't include any personal account information in the email.

 

Email

Forward the message to phishalert@navyfederal.org with the original subject line and include the name of your Internet Service Provider (ISP) in the body.

 

Phone or Text

Send an email to reportabuse@navyfederal.org with the time and date of the call or text, the number it originated from and what was requested.

 

Social Media

Send an email to reportabuse@navyfederal.org with the content of the message you received along with the social media account where it originated.

Contacting Navy Federal

If you supplied personal information via email, phone, social media or other means to someone you suspect was scamming you, contact Navy Federal 24/7 at 1-888-842-6328.

How Phishing Scammers Work

Phishing scammers use different ways to contact potential victims and may pose as legitimate businesses or government agencies. Some are even taking advantage of natural disasters or other upheavals to target people when they’re vulnerable. Learn how to spot the scams.

Ways to Identify a Phishing Scam

Phishing scams use people’s familiarity with certain organizations and play on their emotions. Many of these messages create a sense of urgency (“Your account will be deleted/You’ll lose all your photos”). And, sometimes in emails, instead of a regular sender name, they’ll use something to hook your attention (“Loans For People With Bad Credit”). Don’t fall for their traps. Keep telling yourself that legitimate businesses won’t ask for personal or sensitive information or confirmation of this information via email. Real companies won’t send emails or text messages with links to update your payment method.

Phishing scammers are getting more and more creative. To make their story more convincing, they sometimes will copy the look and feel of emails of the business or organization they’re impersonating. They’ve been known to use their actual logos and create email addresses that seem to be connected to them. They also may create web pages or sign-in pages that look just like the organization’s—so they can steal your email address and password. Plus, they troll social media accounts to gather information so they can tailor their attacks.  Here are some examples:

  • Job Opportunity: They’ll review an employment-related social network account and message a user about a potential job with the user’s exact job title.
  • Spoofing Geolocation: A user will receive a communication supposedly from their social media platform with a link to confirm a recent login from their hometown. Scammers also may spoof a phone number with an area code that matches yours, so you’ll think you’re getting a local call.

These scammers are also using more sophisticated methods. Some have mimicked loved ones’ voices to create verbal requests for money or assistance for a situation that sounds like an emergency. They’re also starting to use artificial intelligence (AI) chatbots to generate their messages. That means there are fewer misspellings, grammar mistakes and other clues that used to make fake messages easy to spot.  The new breed of communications are more conversational and natural sounding—like they come from a native speaker. 

But, there are some red flags to look for—especially if you receive an email or other communication you’re not expecting:

  • generic greetings like “Hello Customer”
  • suspicious links
  • threats 
  • first-time senders
  • an unexpected invoice 
  • offers for free stuff or refunds (even from the government)
  • notice of a service expiring or account on hold due to billing problems

What You Can Do to Protect Yourself Against Phishing Scams

The primary tools in these scammers’ toolkits are creating a sense of urgency, fear or tugging at your heart strings. Try to put aside these concerns and work to find out if the communication is real before you respond. Be suspicious of anyone who tries to pressure you into acting now. Be wary of emails, messages or phone calls that request your confidential information like:

  • your Social Security Number
  • account numbers
  • usernames & passwords
  • PINs
  • any other personally identifiable information

Suspicious or Unfamiliar Emails

If an email looks suspicious or is from an unknown source, don’t provide any information, open any attachments or click on any links, even if the email threatens to close or suspend your account or states your account has been compromised. Opening attachments or clicking links could download spyware to your computer or mobile device. Instead, before responding or disclosing any information, research and contact the organizations using trusted contact information. Use an alternative method like calling the phone number listed on the official website. If the communication proposes to come, for example, from your insurance or bank, call the number listed on your card.

What to Do If You Suspect You’re a Victim

If an email looks suspicious or is from an unknown source, don’t provide information, open attachments or click any links. If you suspect you’ve fallen victim to a phishing scam, follow these steps immediately:

  • Ensure that your computer’s firewall, anti-virus and spyware detection software is current.
  • Run a virus scan on your computer and clean up any viruses or Trojans that are detected.
  • Change your online banking password and username from an uninfected computer.
  • Change your mobile password or enable touch ID.