
Become a UKFCU Member Today!
Joining UKFCU means you’re not just an account holder – you’re a valued member.
Trending Topics and Links
Become a UKFCU Member Today!
Joining UKFCU means you’re not just an account holder – you’re a valued member.
Earn as high as 4.00% APY* with the High Yield Savings Account!
You're going to need a bigger piggy bank.
Recent Scams & Alerts
Stay privy to the common tactics used by scammers and fraudsters.
The newest trend in cybercrime is a social engineering attack that uses cybercriminal-controlled call centers to trick you into providing your bank or credit card information. Cybercriminals try to use real people in fake call centers to convince you that a scam is legitimate.
A typical call center scam starts with an email that appears to be an invoice for a very large purchase. It's not clear what company this invoice is from or what was purchased, but the payment amount is listed six times. The email also starts and ends with a line directing you to call their number if you did not authorize the transaction. If you call the number provided, a representative happily offers to refund you. But first, they’ll need your bank or credit card information. Unfortunately, the representative is actually a cybercriminal who plans to use your payment information for their own devious purposes.
3 Tips to Avoid Falling Victim to Social Engineering Attacks
Content provided by KnowBe4.com | 11.4.21
WhatsApp is an application that allows you to message and call your friends and family worldwide. However, due to a new scam, the next WhatsApp message you receive may come from a cybercriminal instead of a trusted contact.
To start the scam, a cybercriminal will send you innocent WhatsApp messages to earn your trust. After you start talking to the cybercriminal, they will try to convince you to call a phone number that begins with a **67* prefix. If you call this phone number, your mobile carrier will forward your personal phone number to the cybercriminal’s phone.
Then, the cybercriminal can use your phone number to get a temporary WhatsApp password, reset your existing password, and lock you out of your account. Once the cybercriminal has access to your WhatsApp account, they can impersonate you and convince your contacts to send them money. Don’t fall for this scam!
Follow the tips below to keep your WhatsApp account secure:
Content provided by KnowBe4.com | 7.14.22
Cybercriminals continue to find new ways to trick users and steal their credentials. Sometimes, they even recycle decades-old tools that were never intended to be malicious.
For example, in a new scam, cybercriminals attack Microsoft 365 users with malicious files disguised as voicemails. The scam works by sending an email with a voicemail file attached. The filename ends in “mth.mp3”, appearing to be a legitimate MP3 file. However, the file is actually a malicious HTML file that has been disguised using right-to-left override (RLO) functionality.
RLO was created 20 years ago for languages that read from left-to-right instead of right-to-left. Unfortunately, cybercriminals now use this functionality to make malicious files look safe. For example, in this scam, cybercriminals use RLO to display “mp3.htm” as “mth.mp3”. If you open the file, you will be taken to a fake Microsoft 365 login page instead of a voicemail. Then, any credentials that you enter on the fake login page will go straight to the cybercriminals.
Follow these tips to stay safe from similar scams:
Content provided by KnowBe4.com | 3.9.22
It was recently discovered that job postings on LinkedIn aren’t as secure as you might expect. Anyone with a LinkedIn profile can anonymously create a job posting for nearly any small or medium-sized organization. The person creating the post does not have to prove whether or not they are associated with that organization. This means that a cybercriminal could post a job opening for a legitimate organization and then link applicants to a malicious website.
Worse still, cybercriminals could use LinkedIn’s “Easy Apply” option. This option allows applicants to send a resume to the email address associated with the job posting without leaving the LinkedIn platform. Since the email address is associated with the job posting and not necessarily the organization, cybercriminals can trick you into sending your resume directly to them. Resumes typically include both personal and professional information that you do not want to share with a cybercriminal.
Follow the tips below to stay safe from this unique threat:
Content provided by KnowBe4.com | 9.16.21
Once again, cybercriminals are impersonating the Financial Industry Regulatory Authority (FINRA), which is the largest brokerage regulation company in the US. Organizations strive to be compliant with regulations, which is why receiving an email that appears to be from FINRA can be quite startling.
In this FINRA-themed phishing email, the sender’s email address uses the domain gateway-finra.org. The email claims that your organization has received a 'compliance request' and it directs you to click on a link for more information. To add a sense of urgency, the message also states “Late submission may attract penalties”. The email even includes a case number, request ID, and a footer with legal jargon to make it feel legitimate. But if you click the link, you will be redirected to a malicious website. Don’t fall for it!
Use the tips below to stay safe from similar attacks:
Content provided by KnowBe4.com | 6.17.21
Cybercriminals don't only use the internet and email to gain access to sensitive information. They also use telephones to their unlawful advantage. Vishing is the term for criminal attempts to influence action or gain confidential information over the phone using social engineering.
How it Works:
Criminals have the ability to call from a blocked, “spoofed,” or private number. This makes it easier to pose as a fellow employee, an authority figure, or any person or organization that you would commonly interact with.
Any information regarding the processes or technologies a company uses would assist in a breach of an organization. Information that you may not consider very sensitive, such as employee names, titles, or ID numbers, could certainly help these criminals.
Don’t Fall for These Phony Attempts
Think twice about giving out personal information to someone unless you initiated the call yourself and you are certain the number called was valid. If someone contacts you requesting sensitive information, you can check the caller’s validity by asking to speak to their supervisor. You can also offer to call them back, which will buy you time to investigate the request.
Vishing is not limited to gaining data from your organization, as vishers are also known to prey on your personal information. Remember to stop, look, and think before answering unfamiliar numbers, or before calling phone numbers you see in emails, internet ads, or pop-ups.
Content provided by KnowBe4.com | 3.29.21
Bad guys continue to target struggling organizations with phony loan offers. Impersonating a bank, the sender offers loans through the Paycheck Protection Program (PPP). The PPP is a real relief fund that is backed by the United States Small Business Administration (SBA), but the email is nothing short of a scam.
The phishing email directs you to click a link to register for a PPP loan. When clicked, the link takes you to a form with an official-looking header that reads, “World Trade Finance PPP 2021 Data Collection.” The form requests a lot of personal information, such as your organization’s name, your business email, and your social security number. Any of the information submitted on this form goes straight to the cybercriminals.
Here’s how you can stay safe from scams like this:
Content provided by KnowBe4.com
We continue to see an increase in scams and phishing attacks in the form of phone calls, texts and emails. We want to remind our members to be diligent when it comes to their account information. These fraudsters are very sophisticated, and it can appear as if they are calling or messaging from UKFCU.
Please remember, UKFCU employees will not call, text or email you asking for:
*When a member calls into our Call Center, we may ask for your Social Security number for identity verification purposes.
Many streaming services such as Netflix, Spotify and Disney+ are reporting an increase in phishing attacks targeted towards their customers. These attacks range from phony email alerts accusing you of non-payment to offering you free streaming services during the pandemic. Both of these strategies include a link that takes you to a page designed to gather your information and deliver it to the fraudsters.
Remember the following tips to stay safe:
Content provided by KnowBe4.com
Some of our members are being targeted with fraudulent text messages. Currently, the scammer indicates they are from our 'Fraud Department' and asks the member if they authorized a certain debit card purchase. If the member replies in any way, they will receive a call which appears to come our call center, 859-264-4200. They will ask if the member made this transaction or not. Please do not respond to these messages. If you do, and you share any account or sensitive information with the scammer, please contact us directly and cancel your debit card. Or you may need to close your account depending on which account information was given out.
Please remember, UKFCU employees will not text or call you asking for:
*When a member calls into our Call Center, we may ask for your social security number for identity verification purposes.
Please also be on high alert to potential scams based around the government stimulus checks that could be coming in the future. The government will not ask you for your account number nor will they ask you to return a portion of your stimulus check via gift cards or wires. If you receive a call that shows it's from UKFCU and they ask you for any of this information, hang up immediately and call us at 859-264-4200 or 800-234-8528 If you receive a text of email asking for you to verify this information, please call us.
Some of our members are being targeted with fraudulent text messages. The texts claim that the member's Visa card has been "locked", and instructs members to contact an unknown phone number and email. If you receive such a message, do not attempt to contact them and do not click any links that may be present in the communication.
Call us at 859-264-4200 or 800-234-8528 to verify any suspicious communications you may receive.
With the holiday season approaching, UKFCU wants to remind our members that we do everything possible to protect your information. There have been reports of fraudsters "spoofing" financial institution phone numbers so it will show up on your caller ID as UKFCU. We will never call you and ask for the following information:
*When a member calls into our Call Center, we may ask for your Social Security number for identity verification purposes.
If you receive a call that shows it's from UKFCU and they ask you for any of this information, hang up immediately and call us at 859-264-4200 or 800-234-8528. If you receive a text or email asking for you to verify this information, please call us.
Someone’s been naughty this year-and we’re not talking about you! Those awful scammers don’t take time off for the holidays, and if you don’t know what to expect you could be their next victim.
One of the oldest holiday scams is the letter-from-Santa scam. Here’s all you need to know about this Christmas-themed scheme:
How it plays out
In this ruse, scammers set up bogus websites where parents can order legitimate-looking letters from Santa for their children. The cost is less than $30. All they need to do is share some details about their child along with their credit card information, and the letter is supposedly as good as mailed.
Except that it’s not. Unfortunately, anyone who follows the instructions detailed on the site has just fallen prey to a scam. They’ll never see that promised letter, or the money they paid for the privilege of receiving a note from Santa. Worse, the ring of scammers now has the children’s information and their parent’s credit card details.
This set of circumstances can have all sorts of unhappy endings, from identity theft to emptied accounts. Sometimes, the scammers will go after the child’s credit, which will likely go unchecked for years. When the child is grown up and tries to open a credit card or loan, they may find that their credit score has been destroyed, all without their knowledge.
Some sites will even offer to send the letter at no cost. All you need to do is share some details about your child, like their full legal name, date of birth and home address. Of course, this is also the work of scammers looking to steal your child’s identity.
How can I tell it’s a scam?
There are legitimate websites where you can order a letter from Santa for your child at no risk of identity theft or a ruined credit history. But how can you weed out the phony sites from the authentic services?
Look for the following red flags, which should alert you to the fact that a site is created by scammers:
If you’ve recognized a company as a scam, be sure not to click on any links that are embedded in their emails. Flag their emails as spam, and delete every email, message and alert it sends you.
You can still send your child a letter from Santa. Try a legitimate site like Portable North Pole or better yet, create and send one yourself!
Be on the lookout for a popular robocall scam that is tricking people into believing their Social Security number (SSN) has been suspended. The robocall tells you to call the number provided to speak with a government agent about the issue. Some of the robocalls even threaten to issue an arrest warrant if the victim doesn’t respond.
When you call the number back, you are actually speaking with a fake government agent. This scammer will try to trick you into giving up sensitive personal information like your SSN, birth date and bank account number.
Always remember the following to stay safe from tricks like this:
If you get this type of call, hang up the phone immediately and report the call to the appropriate agency.
Quick Links
Getting you where you want to go.
Copyright 2025 University of Kentucky Federal Credit Union. Federally Insured by NCUA
Our website uses cookies to improve your website experience and provide more personalized products and services to you. By using our website, you agree to the use of cookies.
Login below using your online baking credentials to open an account
You will need the following information in order to complete the application: