Account Takeovers: What Credit Cardholders Should Know

In today’s digital world, fraudsters are becoming increasingly sophisticated in their methods of gaining access to personal financial information. One alarming trend we’ve observed is account takeovers, where criminals pose as legitimate cardholders and gain control of their credit card accounts. Understanding how this happens—and how to prevent it—is critical to protecting your financial security. 

How account takeovers happen 

Fraudsters typically begin by acquiring a cardholder’s credentials or personal information through phishing, data breaches, or social engineering. Once they have enough details, they impersonate the cardholder and initiate changes to the account. 

How the takeover unfolds 

Step 1: Change contact information 

The fraudster updates the phone number, email address, and/or physical address on file. This is the most critical step—once the phone number is changed, the fraudster controls the flow of communication. 

Step 2: Bypass verification methods 

With the new phone number in place, One-Time Passcodes (OTP) and other security PINs are sent directly to the fraudster. This allows them to authenticate transactions and gain full access to the account. 

Step 3: Authorize fraudulent transactions 

Any transaction verification messages—such as “Did you make a $12,000 purchase at BESTBUY? Reply Y or N”—are now sent to the fraudster’s phone. They simply reply “Y,” and the transaction is approved. 

Why this matters 

Once a fraudster controls your contact information, they essentially become you in the eyes of the financial institution. This not only puts your funds at risk but also undermines the trust and security of the entire system. 

What you can do to stay safe 

Here are some proactive steps to help protect your account: 

• Monitor your account regularly. Check for any unauthorized changes to your contact information or suspicious transactions. General Electric Credit Union (GECU) members can access their accounts 24/7/365 through Online Banking and mobile app.¹  
• Enable alerts. Set up email and SMS alerts for changes to your account profile and large purchases.  
• Use strong, unique passwords. Avoid reusing passwords across multiple platforms and consider using a password manager. 
• Be wary of phishing attempts. Never click on suspicious links or provide personal information via email or text. 
• Report suspicious activity immediately. If you notice anything unusual, contact your bank or credit union right away. 

How GECU is responding 

At GECU, we take account security seriously. If you suspect your account has been compromised, please reach out to us immediately so we can take swift action to protect your information. For more fraud tips, visit our Money Minutes blog.