Identity Theft & Fraud

Explore best practices to protect yourself.

  • Spotting suspicious activity and avoid common scams
  • Helpful resources to stay secure
Contact Us Visit a Branch

Vigilance and quick action pay off

When it comes to identity theft protection and fraud prevention, everyone needs to be on alert. We're committed to implementing the most sophisticated technology to ensure your information is safeguarded when you use our digital services. We also want you to know more about the threats and what best practices to take so you can protect yourself.

Red Flags of Scams That Ask for Payment via P2P Apps

Peer-to-peer (P2P) payment platforms—such as Venmo, Cash App, PayPal, and Zelle—make sending money fast and convenient. Unfortunately, they’ve also become a favorite tool for scammers. Because most P2P transactions are instant and irreversible, criminals exploit them to move stolen funds quickly. Recognizing the warning signs can help you avoid costly losses.

Why Scammers Love P2P Payments

  • Instant, irreversible transfers: Once you send money, it’s usually gone for good.
  • No chargeback protection: Unlike credit cards, there is minimal dispute or fraud protection.
  • Ease of impersonation: Scammers can easily create convincing profiles or fake business pages.

Red Flags to Watch For

1. Pressure to Pay Immediately

Scammers rely on urgency, so you don’t have time to think.

  • “Send it now or the deal is gone.”
  • “Your account will be locked if you don’t pay.”
  • “You must act within minutes.”

Legitimate organizations rarely make sudden, high-pressure demands.

2. Requests from Strangers or Unverified Contacts

If you receive a payment request from someone you don’t know—or only know casually—it’s a major warning sign. Common examples:

  • Marketplace “buyers” or “sellers” who insist on P2P only.
  • “Coworkers” contacting you from unfamiliar numbers.

3. You’re Asked to Pay Fees, Taxes, or Deposits Upfront

Scams often involve paying before receiving anything:

  • “Processing fee”
  • “Security deposit”
  • “Shipping charge”
  • “Verification fee”

Real companies do not ask for fees via P2P apps.

4. Someone Pretends to Be Your Bank or a Company

A common scam: A criminal contacts you claiming to be from your bank, warning of “fraud on your account,” and instructing you to send money to yourself—or to a “secure account”—via P2P.

Banks will never ask you to move money to protect it.

5. You’re Told to “Refund” an Overpayment

This happens often on selling platforms:

  • Scammer “overpays” you.
  • Claims it was a mistake.
  • Demands you refund the difference via P2P.

The original payment is usually stolen or reversed, leaving you responsible for the loss.

6. The Account Name Doesn’t Match the Person or Business

Signs of impersonation:

  • Misspelled names
  • Slight variations in business titles
  • No profile photo or an obviously fake one

Always verify before sending money, especially for large transactions.

7. The Deal Seems Too Good to Be True

Common in online marketplaces, rental listings, and social media sales:

  • Extremely low prices
  • Hard-to-believe discounts
  • “Limited time” insider deals
If the price is unrealistic, it's probably a scam.

 


How to Protect Yourself

  • Verify the person before sending money.
    • Call them or confirm through an independent source.
  • Use P2P apps only with people you know and trust.
    • Treat it like giving someone cash.
  • Never send money to resolve account issues.
    • Financial Institutions and customer support teams do not use P2P apps for troubleshooting.
  • Slow down and think.
    • Scammers win when you rush.

Common Scams

Here are some of the scams we’ve seen.

Job Scams

Fraudsters post bogus ads for jobs online. They might use names of actual companies and can even post the job on a legitimate site like Indeed.

Here’s the scam. They:

  • Ask for your online banking username/password
  • Deposit a fake check, then ask you to send money back through Cashapp or Venmo
  • When the check bounces, you end up responsible

There are variations on this scam. Sometimes the bogus check is sent by mail and you are instructed to deposit it to your account. The end result is the same—if you send the money out, you are responsible. If anyone asks for your username and password, don’t give it. If someone asks you to return a portion of a check to them, don’t do it.

Online Loan Scams

Bogus lenders request your online banking credentials to “deposit” loan funds. You just need to provide them with your account information. Don’t do it. They deposit a bad check and have you send money out via transfers or gift cards. When the check is returned unpaid, you’re out the money.

Fraud Employee Impersonation Scams

Fraudsters text or call pretending to work at your financial institution. They’ll try to verify a made-up debit or credit card transaction. Then they’ll explain how they can reimburse your account for that charge after you provide them with your full card number or your username and password. A legitimate employee will never ask for that information. If you see a transaction on your history that you don’t recognize, stop at a branch or call us at 1-800-775-7741.

Family Emergency Scams

The scammer poses as a family member, stating they’re in trouble and need help immediately. They ask you to keep it a secret and tell you to act fast, usually invoking a fake lawyer, police officer or doctor.

What to do:

  • Hang up
  • Call the real family member, or other relatives
  • Don’t send funds
 

Fraud Employee Impersonation Scams

Fraudsters text or call pretending to work at your financial institution. They’ll try to verify a made-up debit or credit card transaction. Then they’ll explain how they can reimburse your account for that charge after you provide them with your full card number or your username and password. A legitimate employee will never ask for that information. If you see a transaction on your history that you don’t recognize, stop at a branch or call us at 1-800-775-7741.

Romance Scams

Love is great. Fake love is awful. Don’t give any account information to someone who is not joint on your account. Don’t deposit any checks this romantic interest sends you. Fraudsters involved in romance scams are good at what they do. They are patient as they play on your emotions. Here are some red flags:

  • Quick declarations of love
  • Moving off dating sites quickly
  • Only using texting apps, like WhatsApp
  • Urgent money requests for emergencies, claiming to be in danger or is stuck traveling
  • Asking for wire transfers, gift cards, Bitcoin deposits
  • Asking you to open an account or sending you a check “in your name”

Don’t fall for this scam! The checks contain stolen account information and will be returned unpaid.

Debit Card Scams

Sometimes what the fraudster wants is your debit card and your PIN. They use your card to deposit a fake check at an ATM, withdraw cash, and leave you with the negative balance.

Gift Card Scams

Buying a gift card to pay someone? STOP!

Never use gift cards to pay: IRS, tech support, bail, ransom, or to avoid arrest.

  • Only purchase gift cards as a gift
  • Be aware that no business or government official will ask to be paid in gift cards
  • Don’t act in haste; stop and think
  • Confide in family and friends if someone you don’t know is telling you to buy gift cards
 

Phishing Scams

Phishing is when attackers send malicious and fake emails designed to steal your personal or financial information.

Protect yourself:

  • Never click on unknown links or files
  • Treat unexpected emails with suspicion
  • Never share passwords
  • Beware of emails asking you for login or payment information
  • Look for spelling errors
  • Hover over links to verify legitimacy
  • Don’t provide personal information in response to an email request
 

If You Think You’re a Victim

Call 7 17 Credit Union immediately: 1-800-775-7741

Helpful Links

FTC.gov (report scams & learn)
Ic3.gov (to report online scams)
Tineye.com (reverse image look-up)
scamspotter.org (videos & quiz)
annualcreditreport.com (free yearly report)
staysafeonline.org (NCA)
consumerfinance.gov (learn about scams)

7 17 will never email, text or call you asking for your online banking username or password. If you get such a request, change your username and password and notify 7 17 credit union you may be a victim of fraud or malware.

Send a secure email through Online Banking or call us at 800-775-7741.

We also suggest the following:

  • Keep your computer protected with updated antivirus.
  • Never share your Username or Password. You are responsible for all activity under your login.
  • For stronger security, click the “Public” setting on your computer so two-factor authentication is enabled, giving you a one-time passcode via voice call, text or email each time you log into your account.
  • If you clear cookies, you may be required to enter an OTP each time.
  • Always log out when finished; Online Banking logs out automatically after 10 minutes.

Mobile Banking

Phone Security:

  • Lock your phone with a password/PIN; don’t leave it unattended.
  • Don’t store your username or password on your phone.
  • If your phone is lost, disable it with your carrier and change your Online Banking password.
  • 7 17 will never request your login info by text or email.
  • Use secure browsers, secure Bluetooth settings, and run antivirus/antispyware.
  • Beware of malware on used or refurbished phones.

 

Access Security:

  • Do not share your Username/Password.
  • Avoid selecting “Remember this phone” because it reduces security.
  • To reverse that option, remove extra security under the Accounts tab.
  • If Touch ID is enabled, all stored fingerprints can access your account—remove any unauthorized fingerprints.
  • Clearing cookies may trigger OTP each login.
  • Mobile Banking logs out automatically after 5 minutes.

Learn more about our Mobile Banking service.

Mobile Device Management

Mobile devices have the potential to store large amounts of private user information as well as sensitive data, including personal account information, website login IDs and passwords, email, and location information. Consequently, mobile device malware is on the rise.

The Federal Communications Commission (FCC) recommended the following steps to reduce your exposure to mobile threats:

  1. Set PINs and PasswordsThe first line of defense is setting a password or PIN to access your device, then configure it to lock after being idle for two minutes or less.
  2. Do Not Modify Built-In Security FeaturesJailbreaking, rooting or tampering with your device’s factory settings increases the risk of compromise.
  3. Back up and Secure DataFrequently back up your device’s stored data to enable its recovery if your device were lost, stolen or erased.
  4. Only Install Apps from Trusted SourcesResearch apps prior to installing them to ensure they are legitimate. You can do this by checking reviews and the app store, and comparing the app developer’s official website to confirm they are consistent.
  5. Understand App Permissions Before AcceptingThink twice before granting an app access to data or functions on your device. Also, always check the privacy settings for each app prior to installation.
  6. Install Security Apps that Enable Remote Location and WipingMost devices, either as an app or system function, have the ability to remotely locate and erase all settings and data.
  7. Install System Updates when ReleasedDoing so when prompted will reduce the risk of exposure to known malware and cyber threats.
  8. Beware of Open Wi-Fi NetworksData transmitted on unencrypted Wi-Fi networks can be viewed by anyone connected to the same network. If you are not asked to enter a key when attempting to connect to the network, it is not secure, so use your company’s VPN when appropriate.
  9. Wipe Data Prior to Donating, Selling or Recycling Old DevicesIn order to keep sensitive information private, data should be completely erased, and the device reset to its initial factory settings, prior to disposal.
  10. Report Stolen DevicesThe major wireless service providers established a stolen phone database, in coordination with the FCC. You should report your phone as stolen to your local law enforcement and inform your wireless provider. This will prevent your stolen phone from being activated on any wireless network.

Passwords

Learn how to choose and protect your passwords.

Email

  • Don't open emails or attachments from people you don't know or are not expecting email from. If you’re unsure – delete it.
  • Do NOT unsubscribe to spam email. While this seems like a way to stop a spammer from sending more mail to you, it only serves to validate that the spammer has a legitimate email address for you. This is not to say that 'unsubscribe' links on legitimate vendor emails are not valid ways to stop their emails.
  • Use anti-spam/anti-virus tools if available.
  • Legitimate institutions (including 7 17) will not request personal info via email.
  • If you are even the slightest bit hesitant about the sender of the email you received, you may not want to click on any links included within the email and you may want to call the sender to confirm the message.
  • Fraudsters are experts in deceit. Use caution if something doesn’t appear legitimate. Remember, even legitimate looking emails you receive from family, friends, and organizations could be fraudulent.

Online Fraud Prevention Tips

Email and online schemes are being perpetrated with increasing frequency, creativity and intensity. The best line of defense is to be vigilant and to protect yourself. To learn how to stay safe online, visit Email and online schemes are being perpetrated with increasing frequency, creativity and intensity. The best line of defense is to be vigilant and to protect yourself.  To learn how to stay safe online, visit www.usa.gov/scams-and-fraud.

Identity theft is a growing concern and costs consumers and their creditors hundreds of millions of dollars each year. Someone can use your name for years before you find out, and once you find out you face the lengthy and expensive task of reclaiming your good name. According to the FTC, the average consumer spends more than $1,500 to clean up the damage done by identity thieves.

What should you do?

  • If you have 7 17's Benefits Plus Checking, you can take advantage of their protection services available through Ultimate ID® Plus.
     
  • Contact the three major credit bureaus. Explain your situation and ask that they put a fraud alert in your file. This notice, which informs the credit reporting agencies of identity theft or suspicious activity on your accounts, instructs prospective lenders to take extra measures to confirm the identity of any person claiming to be you when opening or changing an account. Order copies of your credit report, which credit bureaus must give you free if your report is inaccurate because of fraud. The bureaus worked with the FTC to design an "ID Theft Affidavit" that they will send you, or you can get by calling the FTC at 877-IDTHEFT or going to the FTC website.

    Once you get the reports, look carefully at three sections, says Jay Foley, director, Identity Theft Resource Center in San Diego. "First, check the information listed in the header. If it shows you working for a company you've never worked for, or lists other addresses or P.O. boxes, that's a red flag."

    Next, check the primary section of the report, which contains information about open accounts or accounts opened in the past seven years. Make note of any unfamiliar accounts. Then check the inquiries section, which lists companies that are checking your report because they've received applications, says Foley. Request that these inquiries be removed from your file and that any misinformation in the header be corrected.

    Sadly, you might find a familiar address listed on your credit report. Foley says that in 12 to 17 percent of identity theft cases, the victim knows the suspect, and of this group, 65 percent are estimated to be family members. Victims then face the hard choice of turning a family member over to the police, or trying to work things out without outside intervention.
  • Contact creditors about fraudulent accounts. If you find you are the victim of identity theft, contact the fraud department of your creditors. The FTC advises consumers to follow up with a letter—the procedure required by law—to resolve errors on credit card billing statements. Close any suspicious accounts and open new ones using new passwords and PINs (personal identification numbers). Don't use easily available information like your mother's maiden name, your birth date, the last four digits of your Social Security number, your phone number, or a series of consecutive numbers.

    Ask your creditors if they’ll accept the FTC affidavit and if they need a copy of your police report. Expect to put in a lot of effort to get things straightened out. Some consumers run up huge bills, and then create an identity thief to take the rap—so creditors’ caution is not always misplaced.
  • File a police report. Call your local police or sheriff's department to file a report. Ask them to give you the report number and a copy of the report, which you'll need in order to get help from creditors.

Report identity theft and get a recovery plan by visiting the FTC’s website at www.identitytheft.gov.

Order your free annual credit report online or through this address:

Annual Credit Report Request Service
PO Box 105281
Atlanta, GA 30348–5281
877-322-8228

If you need to dispute inaccuracies on your credit report, visit the Federal Trade Commission's website.

If you accounts have been compromised, contact the three major credit bureaus:

Equifax 
P.O. Box 740241
Atlanta, GA 30374-0241
800-685-1111

Experian 
P.O. Box 2104
Allen, TX 75013
888-EXPERIAN (888-397-3742)

TransUnion
P.O. Box 1000
Chester, PA 19022
800-916-8800