Phishing Scams
Don't Take the Bait
Phishing scammers posing as legitimate businesses try to lure account holders into providing personal or financial information. They try to solicit your personal information over the phone or through text, email or social media—which Navy Federal will never do.
If you do receive a suspicious message through one of the following channels, here's what to do:
Email
Forward the message to phishalert@navyfederal.org with the original subject line and include the name of your Internet Service Provider (ISP) in the body.
Phone or Text
Send an email to reportabuse@navyfederal.org with the time and date of the call or text, the number it originated from and what was requested.
Social Media
Send an email to reportabuse@navyfederal.org with the content of the message you received along with the social media account where it originated.
For security reasons, please don't include any personal account information in the email.
What to Do If You're a Victim
If you supplied personal information via email, phone, social media or other means to someone you suspect was scamming you, stop all contact with them and contact Navy Federal 24/7 at 1-888-842-6328.
If you suspect you’ve fallen victim to a phishing scam, follow these steps immediately:
- Ensure that your computer’s firewall, anti-virus and spyware detection software are current.
- Run a virus scan on your computer and clean up any viruses or Trojans that are detected.
- Change your online banking password and username from an uninfected computer.
- Change your mobile password or enable touch ID.
- If you're a victim of cybercrime, visit the Cybercrime Support Network for additional information.
How to Spot and Avoid Phishing Scams
Protecting yourself from phishing scams is crucial as fraudsters become increasingly more creative in their tactics. They’ll often use your familiarity with certain businesses or government agencies to play on your emotions and get you to interact with their communications.
Be suspicious of anyone who tries to pressure you into acting now. Be wary of emails, messages or phone calls asking for your confidential information like:
- your Social Security number
- account numbers
- usernames and passwords
- PINs
- any other personally identifiable information
Scammers try to create urgency with messages like “Your account will be deleted”, and they may use attention-grabbing sender names, like "Loans For Bad Credit,"—but don’t fall for these traps. Legitimate businesses won’t ask for personal information via email or send links to update payment methods.
Phishing scammers will even replicate the look of emails from the business or organization they’re impersonating, using actual logos and creating email addresses that appear to be connected to the legitimate organization. Be cautious of web pages or sign-in pages that seem authentic but are designed to steal your credentials.
Scammers also troll social media accounts to gather sensitive information for tailored attacks. Here are some examples:
- Job Opportunity: They’ll review an employment-related social network account and message a user about a potential job with the user’s exact job title.
- Spoofing Geolocation: A user will receive a communication supposedly from their social media platform with a link to confirm a recent login from their hometown. Scammers also may spoof a phone number with an area code that matches yours, so you’ll think you’re getting a local call.
- Mimicking Loved Ones: Some fraudsters mimic loved ones’ voices to make verbal requests for money or assistance for a situation that sounds like an emergency.
Scammers are even leveraging Artificial Intelligence (AI) to improve the quality of fraudulent messaging! Chatbots can generate messages by the millions and make them less detectable, because of fewer mistakes and other clues that made fakes easier to spot. The new breed of scam language is more conversational and natural sounding—like they come from a real person. Even if you get a message that addresses you by name, it doesn't mean it's legitimate.
Beware of These Red Flags
Here are some warning signs to look for—especially if you receive any communication you’re not expecting:
- Generic greetings like “Hello Customer”
- Suspicious links
- Threats
- First-time senders
- An unexpected invoice
- Offers for free stuff or refunds (even from the government)
- Notice of a service expiring or account on hold due to billing problems
Signs of Fraudulent Texts, Calls, Emails and Social Media
Fraudulent Text Message Clues
- Unfamiliar numbers
- Urgent language
- Suspicious links
- QR codes
- Unexpected attachments
- Typos and grammatical errors
- Offers that are too good to be true
Fraudulent Phone Call Clues
- Unknown numbers
- Urgent requests or unusual demands
- Requests for personal information
- Pressuring tactics
Fraudulent Email Clues
- Unfamiliar senders
- Mismatched email addresses
- Urgent language
- Suspicious links
- QR codes
- Unexpected attachments
- Typos and grammatical errors
- Offers that are too good to be true
- Inconsistent look and feel to the brand
Fraudulent Social Media Clues
- New profiles with few followers
- Typos and grammatical errors
- Posts that seem too good to be true
- Suspicious links
- Requests for money
- Requests for personal information
How to Know a Text Is From Navy Federal
We may send you text messages with alerts or one-time passcodes for security authentication. We send these text messages from short codes, which are unique 5- to 6-digit phone numbers that are only used by our system. If you ever want to verify a text you received came from us, the table below outlines short codes we use.
Navy Federal’s Common Short Codes
Message | SMS Short Code | Description |
Credit Card Fraud Alerts | 20270 | Alert about possible risk of credit card fraud |
Debit Card Fraud Alerts | 33748 | Alert about possible risk of debit card fraud |
One-Time Passcode Alerts | 668439 | Delivering your passcode via a one-time text message on your mobile phone |
Security Alerts | 35038 | Alert about possible risk of fraud, identity theft and/or account security |
Account Transaction Alerts AKA “Recurring” | 21398 | Notifications related to account transactions, including, but not limited to, account balance alerts or deposit confirmation alerts |
On-Demand Alerts | 73949 24149 | Delivering information you have requested via a one-time text message to your mobile phone |
Visit Notifications | 36428 | Notifications about your visit to a Navy Federal Branch |
Account Servicing and Collection Alerts | 37531 62351 | Notifications to contact you for account servicing and collection purposes, including payment reminders |
Informational Alerts | 39227 | Delivering informational messages about Navy Federal |
Status Alerts | 68678 | Notifications related to account status updates, including, but not limited to, application and appointment updates |
Visa® Consumer Authentication Service (VCAS) | 833 738 4591 | Notifications containing a one-time passcode for security verification of certain transactions |
Navy Federal will never solicit your personal information over the phone or through text, email or social media.
If Something Looks Suspicious
If a message looks suspicious or is from an unknown source, don’t provide any information, open any attachments or click on any links, even if the sender threatens to close or suspend your account or states your account has been compromised. Opening attachments or clicking links could download spyware to your computer or mobile device.
Instead, research and contact the organizations using trusted contact information before responding or disclosing any information. Use an alternative method like calling the phone number listed on the official website. If the communication proposes to come from your insurance or bank, for example, call the number listed on your card.