Notice Details

Spoofed Phone Scam Reported In Our Area

Update: 2/12/26

Several FCCU members notified us that they received a scam phone call from “FCCU” (on the caller ID) contacting them about a “fraud charge from California”. Below, we will detail how the scam works, what it affects, and what to do if you fall victim.

First and most importantly, FCCU has not been hacked. Scammers can pretend to be ANY person, business, or even financial institution using publicly available information and good acting skills. We are grateful for the individuals who noticed the red flags and contacted us quickly, which has allowed us to investigate the scam, identify patterns, and warn others.

How does the scam work?

Individuals are receiving a call from a spoofed phone number appearing to be from FCCU at (920) 563-7305 (FCCU’s real phone number).

Spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity.

The caller claims to be from “FCCU” or “FCCU’s Fraud Department”, notifying you that they identified a “fraud charge from California”. Before continuing, the caller asks to verify your personal information for security purposes, including your:

  • Last 6-8 digits of your debit card number
  • Email address
  • Social Security Number (SSN)
  • Date of birth
  • Verbal account password

During the entire phone call, the caller acts pleasant and helpful like a standard fraud alert phone call— raising little to no suspicion from the average person.

After the call, the scammer uses the information you provided, including the last 6-8 digits of your debit card, to add your card to a Google or Apple Wallet to make fraudulent purchases.

But, how can the scammer make purchases with only the last 6-8 digits of my debit card number? This is a scam called a Bank Identification Number (BIN) Attack.

A Bank Identification Number (BIN) is the FIRST 6-8 digits on a payment card identifying the card type, issuer, etc. and is often used to help prevent fraud and combat identity theft.

In a BIN Attack, scammers use publicly available BINs to attempt to reverse-engineer real card information. In this instance, the scammer directly asked the member to “verify the LAST 6-8 digits”. When the scammer combines the publicly available BIN with the information provided by the member, they end up with a complete, usable debit card number.

What does a real call sound like?

There are a few key details that separate a REAL and FAKE phone call from FCCU’s fraud services:

  • If we call you, you will not be asked to verify personal information. We take many steps to ensure that your contact information on file is correct and up to date to ensure that you are you, before we call you.
  • Typically, fraud services would not state it as a "charge from California"— they would list specific charges and amounts. They would also simply ask if you did the charge; they would not imply it was fraud prior to your confirmation.
  • Fraud services would not say they can “stop the charge”. Once a charge is pending, we cannot stop it from happening.

Should I be concerned? Should I contact FCCU?

If you gave out personal and/or financial information over the phone, please call FCCU as soon as possible at (920) 563-7305 between 9:00 am and 5:00 pm (Monday - Friday) or 9:00 am and 12:00 pm (Saturday). We will walk you through any necessary account security measures.

Do not call back the original spoofed phone number, please type in (920) 563-7305 manually.