STCU credit union members and non-members are receiving bogus emails asking them to log into their STCU accounts.

STCU credit union members and non-members are receiving bogus emails asking them to log into their STCU accounts.

STCU said members and non-members received similar emails earlier in December.

According to STCU, the scam artists appears to be sending the emails to random email addresses without any knowledge of whether the owner of that address banks at the financial institution mentioned. STCU said similar phishing attempts have targeted members of other financial institutions, too.

The emails ask the recipient to log into their credit union accounts by clicking a link that takes them to an unsecure website that mimics the financial institution’s official website. The consumer is then prompted to enter their banking information.

STCU wants to remind consumers that financial institutions already have your banking information and there is no reason to request that information. Consumers who are uncertain whether an email is legitimate can call their financial institution for verification.

Phishing emails can often be identified by these tipoffs:

Poor grammar or spelling errors.

An excessively long or unlikely web address, which can be previewed by hovering over any links in the email without clicking them.

A supposedly secure website that is designated “http.” A secure website, such as those used by STCU and other financial institutions carry the designation “https.” Secure websites also show an image of a padlock after the URL address.

An email from a credit union that mentions “customers” is most likely fraudulent. We have members, not customers, and tend to be adamant about that language.

An email from STCU that says “Spokane Teachers Credit Union.” We have stopped using our full name in nearly all instances, except where required under state or federal law.

Phishing emails masked as coming from STCU can be forwarded to abuse@stcu.org, which will help the credit union track whether the fraudsters have changed tactics. Otherwise, these emails should be deleted without clicking links.

STCU said those who already clicked the links and provided banking credentials should contact their financial institutions as soon as possible.