To continue enjoying all the features of Navy Federal Online, please use a compatible browser. Confirm your browser capability.

Don't Take the Bait

Phishing scammers posing as legitimate businesses try to lure account holders into providing personal or financial information. They try to solicit your personal information over the phone or through text, email or social media—which Navy Federal will never do.

If you do receive a suspicious message through one of the following channels, here's what to do:

 

Email

Forward the message to phishalert@navyfederal.org with the original subject line and include the name of your Internet Service Provider (ISP) in the body.

 

Phone or Text

Send an email to reportabuse@navyfederal.org with the time and date of the call or text, the number it originated from and what was requested.

 

Social Media

Send an email to reportabuse@navyfederal.org with the content of the message you received along with the social media account where it originated.

For security reasons, please don't include any personal account information in the email.

What to Do If You're a Victim

If you supplied personal information via email, phone, social media or other means to someone you suspect was scamming you, stop all contact with them and contact Navy Federal 24/7 at 1-888-842-6328.

If you suspect you’ve fallen victim to a phishing scam, follow these steps immediately:

  • Ensure that your computer’s firewall, anti-virus and spyware detection software are current.
  • Run a virus scan on your computer and clean up any viruses or Trojans that are detected.
  • Change your online banking password and username from an uninfected computer.
  • Change your mobile password or enable touch ID.
  • If you're a victim of cybercrime, visit the Cybercrime Support Network for additional information.

How to Spot and Avoid Phishing Scams

Protecting yourself from phishing scams is crucial as fraudsters become increasingly more creative in their tactics. They’ll often use your familiarity with certain businesses or government agencies to play on your emotions and get you to interact with their communications.

Be suspicious of anyone who tries to pressure you into acting now. Be wary of emails, messages or phone calls asking for your confidential information like:

  • your Social Security number
  • account numbers
  • usernames and passwords
  • PINs
  • any other personally identifiable information

Scammers try to create urgency with messages like “Your account will be deleted”, and they may use attention-grabbing sender names, like "Loans For Bad Credit,"—but don’t fall for these traps. Legitimate businesses won’t ask for personal information via email or send links to update payment methods.

Phishing scammers will even replicate the look of emails from the business or organization they’re impersonating, using actual logos and creating email addresses that appear to be connected to the legitimate organization. Be cautious of web pages or sign-in pages that seem authentic but are designed to steal your credentials.

Scammers also troll social media accounts to gather sensitive information for tailored attacks. Here are some examples:

  • Job Opportunity: They’ll review an employment-related social network account and message a user about a potential job with the user’s exact job title.
  • Spoofing Geolocation: A user will receive a communication supposedly from their social media platform with a link to confirm a recent login from their hometown. Scammers also may spoof a phone number with an area code that matches yours, so you’ll think you’re getting a local call.
  • Mimicking Loved Ones: Some fraudsters mimic loved ones’ voices to make verbal requests for money or assistance for a situation that sounds like an emergency.

Scammers are even leveraging Artificial Intelligence (AI) to improve the quality of fraudulent messaging! Chatbots can generate messages by the millions and make them less detectable, because of fewer mistakes and other clues that made fakes easier to spot. The new breed of scam language is more conversational and natural sounding—like they come from a real person. Even if you get a message that addresses you by name, it doesn't mean it's legitimate.

Beware of These Red Flags

Here are some warning signs to look for—especially if you receive any communication you’re not expecting:

  • Generic greetings like “Hello Customer”
  • Suspicious links
  • Threats 
  • First-time senders
  • An unexpected invoice 
  • Offers for free stuff or refunds (even from the government)
  • Notice of a service expiring or account on hold due to billing problems

Signs of Fraudulent Texts, Calls, Emails and Social Media

Fraudulent Text Message Clues

  • Unfamiliar numbers
  • Urgent language
  • Suspicious links
  • QR codes
  • Unexpected attachments
  • Typos and grammatical errors
  • Offers that are too good to be true

Fraudulent Phone Call Clues

  • Unknown numbers
  • Urgent requests or unusual demands
  • Requests for personal information
  • Pressuring tactics

Fraudulent Email Clues

  • Unfamiliar senders
  • Mismatched email addresses
  • Urgent language
  • Suspicious links
  • QR codes
  • Unexpected attachments
  • Typos and grammatical errors
  • Offers that are too good to be true
  • Inconsistent look and feel to the brand

Fraudulent Social Media Clues

  • New profiles with few followers
  • Typos and grammatical errors
  • Posts that seem too good to be true
  • Suspicious links
  • Requests for money
  • Requests for personal information

How to Know a Text Is From Navy Federal

We may send you text messages with alerts or one-time passcodes for security authentication. We send these text messages from short codes, which are unique 5- to 6-digit phone numbers that are only used by our system. If you ever want to verify a text you received came from us, the table below outlines short codes we use.

Message

SMS Short Code

Description

Credit Card Fraud Alerts

20270

Alert about possible risk of credit card fraud

Debit Card Fraud Alerts

33748

Alert about possible risk of debit card fraud

One-Time Passcode Alerts

668439

Delivering your passcode via a one-time text message on your mobile phone

Security Alerts

35038

Alert about possible risk of fraud, identity theft and/or account security

Account Transaction Alerts

AKA “Recurring”

21398

Notifications related to account transactions, including, but not limited to, account balance alerts or deposit confirmation alerts

On-Demand Alerts

73949

24149

Delivering information you have requested via a one-time text message to your mobile phone

Visit Notifications

36428

Notifications about your visit to a Navy Federal Branch

Account Servicing and Collection Alerts

37531

62351

Notifications to contact you for account servicing and collection purposes, including payment reminders

Informational Alerts

39227

Delivering informational messages about Navy Federal

Status Alerts

68678

Notifications related to account status updates, including, but not limited to, application and appointment updates

Visa® Consumer Authentication Service (VCAS)

833 738 4591

Notifications containing a one-time passcode for security verification of certain transactions

Navy Federal will never solicit your personal information over the phone or through text, email or social media.

If Something Looks Suspicious

If a message looks suspicious or is from an unknown source, don’t provide any information, open any attachments or click on any links, even if the sender threatens to close or suspend your account or states your account has been compromised. Opening attachments or clicking links could download spyware to your computer or mobile device.

Instead, research and contact the organizations using trusted contact information before responding or disclosing any information. Use an alternative method like calling the phone number listed on the official website. If the communication proposes to come from your insurance or bank, for example, call the number listed on your card.