Debit/ATM Card Fraud

If you are a City of Boston Credit Union Debit/ATM Card holder and you suspect fraudulent activity on your account you should contact us immediately.

Debit/ATM Department:  
   Business Hours: Monday-Friday (9:00 am - 4:00 pm) 617-635-3899
Contact Any Branch During Regular Business Hours  
Non-Business Hours 833-337-6075

For your convenience you can begin the process of reporting suspected fraud by downloading and completing this form.  You may fill it in by hand and return to any branch or you may fill it in electronically, save it and email it to our Debit/ATM department at

As an added safety feature, if you are a registered City of Boston Credit Union Home Banking user you can log into your account via our home page and immediately deactivate your card.  Simply log into your Home Banking account, go to the Service Center tab and click on the Deactivate/Reactivate My Card feature under Electronic Services.

Elder Financial Exploitation 

Over the past several years financial abuses against elders has grown dramatically, according to National Adult Protective Services, 1 out of 9 seniors have or will experience financial exploitation.  We encourage you to educate yourself on how to identify elder financial exploitation by taking part in this online training from our partners at the Cooperative Credit Union Association - CU Senior Safeguard is free to all.  Please click here to get started!

You may also find more information about elder financial abuse by the visiting the Massachusetts Attorney General website, please click here.

ID Theft

Identity theft has become an alarming problem which no one should ignore.  To learn more about identity theft fraud safety visit  If you think you've been a victim of identity theft contact the Federal Trade Commission (FTC) at 877-IDTHEFT (438-4338) or visit  If you believe your Social Security Number is being used fraudulently contact the Social Security Administration at 800-772-1213.

It's a good idea to get a copy of your credit report each year from each credit-reporting agency.  The three major agencies are:

Experian:; credit report copy - 888-397-3742; fraud unit - 888-397-3742
Equifax:; credit report copy - 800-685-1111; fraud unit - 800-525-6285
TransUnion:; credit report copy - 800-888-4213; fraud unit - 800-680-7289


Cyber criminals target everyone; they target vulnerable computer systems regardless of whether they are part of a large corporation, a small business, or belong to a home user. Please become familiar with the different tactics of these criminals and how you can protect yourself by reading the Department of Homeland Security's STOP. THINK. CONNECT. ™ Toolkit which provides resources for all segments of the community.


Skimming is a method by which thieves steal your credit card information. These devices read the information obtained on the magnetic strip of your credit/debit card. This information is then sold and counterfeit cards are made. Thieves then use these "cloned" credit cards to make purchases. Often times, victims are unaware of these purchases until a statement arrives in the mail (or you're denied purchases) and the cardholder notices the fraudulent charges/withdrawals. Skimming devices placed on ATM skimming machines often involve the "skimmer" itself and a camera strategically placed to record the four digit PIN number that the cardholder uses. This way, once cloned debit cards are produced, thieves have the corresponding 4-digit PIN to withdraw cash. You never lose possession of your card!

What to look for (ATM skimming):

  1. Inspect the door access device prior to opening the lobby doors (Most counterfeit devices are installed with double sided tape and are installed over the original door access device)
  2. Inspect the machine for items that were installed over or around the PIN pad of the ATM. Customers should be looking for an attachment on the ATM that contains a small hole (camera) that is pointed in the direction of the PIN pad. If possible, use your other hand to block the numbers you are entering on the PIN pad.
  3. Card slot of the ATM is loose or has fallen off, or other parts of the ATM machine have dislodged from the ATM.
  4. Pay attention to person(s) attaching, removing or tampering with parts of the ATM machine.

You should also note:

  1. Most skimmers are installed on Saturdays and Sundays when the thieves know the banks are closed.
  2. Thieves who install these devices are very often lurking somewhere nearby to keep an eye on their investment.

What to do if you are the victim:

  1. Call the local police and file a report
  2. Contact your credit union/bank or credit card issuer immediately and tell them your card data has been stolen.
  3. Contact the three major credit bureaus to request a security freeze, which prevents new credit authorizations without your consent.; credit report copy - 888-397-3742; fraud unit - 888-397-3742
        Equifax:; credit report copy - 800-685-1111; fraud unit - 800-525-6285
        TransUnion:; credit report copy - 800-888-4213; fraud unit - 800-680-7289
  4. Visit the website for a free credit report (Please note: one free credit report per year).

DO NOT remove a skimming device if detected, contact local police.


Phishing is when someone fraudulently attempts to get your personal information posing as a legitimate financial institution, retailer or government agency.  An example and the most common form of phishing would be via email.  However, text and voice message attempts have become more common, as well.  A "spammer" (a term used for these offenders) will send out an email which they create to look almost identical to a legitimate organizations.  They may use the company logo and create an email address very close to that organizations.  Most of these fraudulent emails will ask you to click on a link to a website that would be almost identical to the organizations, once you've reached that website, they may ask you to login using your user name and password.  Once you've done that, they have your information and will be able to access your accounts by creating cards with your information.


Vishing is another form of a scammer fraudulently attempting to acquire your confidential bank or credit union account information. This happens when you receive a call on your home or mobile phone from someone pretending to be from your bank or credit union. These calls are typically an automated system that leaves a message stating there is a problem with your account and asks that you call back a phone number or visit a website, then asks for your personal account information.  As in a phishing scam, if you offer your information, they will be able to access your accounts by creating cards with your information.

Other forms of scams are via text messaging on your cell phone.

It is important to note that if you do relinquish your information by responding to any of these types of scams you may be liable for any losses incurred to your accounts.

How can we prevent this from happening?

  • The problem with phishing and vishing is that financial institutions, retailers and government agencies cannot directly control it.  Scammers are setting up fake sites and emails, and sending them out to thousands (in some cases millions) of consumers.  There's really no way to address this problem without implementing new standards and software throughout the Internet.  It is important to understand that data security at a financial institution or other organization is not compromised when these attempts to gain personal information from individuals are made.  The only way information becomes compromised is if the individual falls prey to the scam and actually gives out their personal information.
  • Since we can't prevent it from happening, the best way to minimize the impact is through education.  If you ever receive an email like this, DO NOT CLICK ON ANY OF THE LINKS PROVIDED IN THE TEXT OF THE EMAIL MESSAGE.  If possible, don't even open the email message - simply delete it, or add the sender to your blocked list - because it is obviously spam.
  • DO NOT FORWARD CHAIN EMAILS. Often, chain emails are sent as a ploy for spammers to gather email addresses (they are sitting on the back end, collecting the email addresses of everyone you forward chain emails to). They then turn around and sell those email addresses to spammers who intend to launch phishing attacks, and other tactics of identity theft. When you receive chain emails, you should delete them and not forward them to anyone. By forwarding them to others, you are potentially exposing their email addresses to criminals, and opening them up to future attacks.
  • For even more information about phishing scams and how they work, this link is a good place to start

If you have received an email message, text message or voice message claiming to be from City of Boston Credit Union and asking for you to give out personal, confidential information, it is fraudulent and you should delete it immediately.  City of Boston Credit Union, would never ask you to give your personal and confidential information through an email message, text message or voice message.  If we initiate contact with you, then we already have this information on record and would have no need to ask. 


Credit Union Members: If you are a City of Boston Credit Union member and you have received one of these fraudulent messages and DID give out your personal information please contact the Credit Union immediately at 617-635-4545.  If after non-business hours call 1-800-264-5578.

Non-Members: If you are not a City of Boston Credit Union member, and received one of these messages and gave out your personal information, you should contact your Financial Institution immediately.