13 July 2026
Members' Fraud Awareness
Members, please be aware that no credit union or bank employee will ever ask you to disclose One-Time Passwords (OTPs), verification codes or their full online banking credentials over the telephone or by email.
As fraud tactics continue to evolve, ongoing member education remains one of the strongest defences against financial crime.
A member in another credit union, who was expecting an online delivery, received a fraudulent customs SMS and clicked the link provided. They were subsequently contacted by individuals claiming to represent both their bank and their credit union, who convinced the member to disclose online banking credentials and multiple One-Time Passwords (OTPs) received by SMS.
Using this information, the fraudsters successfully added new payees and carried out a number of unauthorised online withdrawals from the member's account.
This incident demonstrates how fraudsters are increasingly combining several attack methods into a single scam, including:
- Smishing (fraudulent SMS messages)
- Vishing (telephone impersonation)
- Spoofed or misleading email addresses
- Social engineering techniques designed to create urgency and build trust
As fraud tactics continue to evolve, ongoing member education remains one of the strongest defences against financial crime.


