Credit union warns of spike in phishing scam targeting local customers

Randolph-Brooks FCU believes an outside data breach and credential stuffing attacks could be behind spike

San Antonio – Randolph-Brooks Federal Credit Union says it has seen an explosion in phishing attempts seemingly targeted at local customers since the beginning of February.

The Live Oak-based credit union has had nearly $1 million in fraud attempts in just the past two weeks, said Brian Munsterteiger, vice president of enterprise fraud.

From what Munsterteiger has seen, most of the targets have 210 area codes.

“We’ve had thousands of members that have been affected, which is probably, you know, 10, 20, 30 times more than typical in the last couple of weeks,” Munsterteiger said.

The credit union serves Texas residents and has over 1 million members. The majority of its members are from the Austin and San Antonio areas.

The credit union has been able to catch most of the fraud, Munsterteiger said, and the members who fall victim are made whole. Some of the people targeted aren’t even RBFCU customers, he said.

The scale of the fraud attempts may be new, but the scam itself is not.

It starts with a text message asking for validation of some kind of fake activity, like a wire transfer or debit card purchase.

After the customer responds to the text, a scammer calls the customer under a spoofed number to imitate the credit union.

Munsterteiger said the scammer typically has some kind of personal information on the customer already. In some instances, they have customers’ log-in usernames. While in others, they’re still trying to get that information from them.

While the scammer is on the phone with their target, they may try to log in to the customer’s account or reset their password, which prompts the RBFCU to send the customer a one-time passcode as a security measure.

The scammer’s goal is to persuade the customer to give them that passcode over the phone, which they can then use to get control of the account.

“And so they make it seem like that’s part of the validation process, like when they’re on the phone with the member. That’s actually there for their protection. And then the member is giving it over to the fraudster unknowingly because they think that they’re talking to an (RBFCU) representative,” Munsterteiger said.

Munsterteiger suspects a data breach and the subsequent use of credential stuffing attacks -- a type of cyber attack in which bots are used to try to guess the username and password combinations -- could be behind the spike in fraud attempts they are seeing.

Though he does not know the exact source of any such breach, Munsterteiger said he does not believe it came from the credit union itself.

“I think just because of the nature of it, and just because they’re still phishing for information, from -- you know if it was a complete breach, I mean, I think the effects will be much worse than they even are now,” he said.


Since the RBFCU also texts and calls its customers with legitimate fraud alerts, how do you know if the call you’re getting is legitimate?

Munsterteiger says you should never give out personal information on a call that you didn’t initiate. If your bank or credit union is calling you, they already have your information. One-time passcodes should never be given out, for any reason.

If you get suspicious during a call like this, you can hang up and look up the number for the bank or financial institution yourself. Then, you can call them directly, so you know with whom you’re speaking.


If you think you’ve been a victim of financial fraud, you should call your bank or financial institution immediately.

The main number for RBFCU members is 210-945-3300.

About the Authors

Garrett Brnger is a reporter with KSAT 12.

Recommended Videos