Identified Scam:

Genuine Navy Federal Email Or a Fake? 6 Ways to Spot a Scam

Be careful before clicking on links in Navy Federal emails—scammers impersonate the popular credit union in an attempt to steal your information.


Verified.org
Updated 5 January 2022
Genuine Navy Federal Email Or a Fake? 6 Ways to Spot a Scam
Identified Scam:
Key Finding

Fake Navy Federal emails are being sent to try and steal information from members.


Key Risk

Your Navy Federal account could be compromised and you could have your identity stolen.

Sections on this page
  1. What Are Fake Navy Federal Emails?
  2. 6 Ways to Identify Fake Navy Federal Emails
  3. How to Beat and Avoid Navy Federal Phishing Emails
  4. Fallen for This Scam?
  5. Frequently Asked Questions

Scammers commonly use Navy Federal Credit Union in phishing scams to steal account details, personal information, and money from their victims. This credit union is so popular with scammers that many different fake Navy Federal emails have been reported. However, there are ways to identify these scams before you fall victim and protect yourself if scammers target you.

What Are Fake Navy Federal Emails?

In a phishing attack, a scammer sends an email to the victim that contains a link to a website that may look like the official Navy Federal website but is a fake site designed to steal personal information or login credentials. Here's how the scam works.

You Receive an Email 

You open your inbox and see an email that looks like it's from Navy Federal. The subject line may notify you of a problem with your account to convince you to open it. Once you do so, the email will look genuine. It may even have the same graphics as an official Navy Federal email.

It will say that there are issues with your account and they need more personal information to unlock your account or some other problem to convince you to click the link in the email.

There are several different versions of this scam, such as:

  • Fake emails claiming your identity has been compromised: These emails urgently request that you click a button to restore access to your account. The email will look official. But notice that it starts with a generic greeting, "Dear Member." A genuine Navy Federal will show your name may include the last few digits of your account number. Also, notice that the first sentence is not using correct grammar and the last sentence has a spelling mistake.

Example of a fake Navy Federal email.
Fake Navy Federal emails may contain spelling errors and bad grammar.

  • Emails saying there has been unusual activity on your account: This type of Navy Federal scam email doesn't put the link to the phishing site in the email itself (possibly to stop the email from landing in your spam folder). This one claims that there were unusual activities on your Navy Federal Credit Union account and has an attached PDF with a link that claims to take you to the Navy Federal site but actually links to a phishing site.

Fake Navy Federal email.
Example of a fake Navy Federal email sent by scammers.

  • Emails asking for you to confirm your information: This version of Navy Federal phishing emails claim that regulations require that you provide more information about yourself. This could be an attempt to get not only your account details but also personal information, such as your Social Security number (SSN), to steal your identity

Example of a fake Navy Federal Email.
Scammers will say you need to provide information to comply with federal law. This is simply a tactic they use to scare you.

  • Emails saying your account is suspended: This type of Navy Federal phishing email claims that your account is already suspended. To reactivate it, you have to download a form, which most likely will contain a link to a phishing site.

Example of a fake Navy Federal email.
Always look for signs of a scam, such as the sender's email not coming from an official @navyfederal.org address.

You Click on the Link in the Fake Navy Federal Email

Because you are afraid of losing access to your account, concerned fraudulent charges have been posted to your account, or some other scary emergency the scammer dreamed up, you click on the link in the email. Several things may happen when you do, such as:

  • You're taken to a fake Navy Federal website. There you are asked to either log in or provide personal information, such as your Social Security number (SSN).
  • A file is downloaded that installs spyware or malware on your computer.
  • A file is downloaded that contains a link to the fake phishing site or to malware that gets installed on your computer.

The Scammer Steals Your Information

The fake Navy Federal website will send the data you enter directly to the scammer. If it is a login form, the scammer will now be able to go to the official Navy Federal site and access your account. If it asks for sensitive information, such as your Social Security number, the scammer can now try to steal your identity.

If malware was installed onto your device, the scammer can now steal your sensitive data. 

6 Ways to Identify Fake Navy Federal Emails

Navy Federal Credit Union will send you emails periodically with notices about your account, so you can't ignore every email that seems to come from them. However, you need to be aware that some of these emails could be phishing scams. Although Navy Federal does offer some protection against scams, it's up to you to identify fake emails.

Here are some ways to vet these emails and determine if they are fake:

  1. Check the sender's email address: If the sender's email is not an official @navyfederal.org address, it is a phishing email. Sometimes you have to click on the email in your email software to expose the sender's address.
  2. Look for spelling, punctuation, and grammar mistakes: Official Navy Federal emails should be free of common errors. Also, be suspicious if the phrasing in the email is awkward because many phishing scammers know English as a second language.
  3. Check links before clicking on them: Scammers will link to a phishing website with a domain that may look like navyfederal.org, but one of the characters will be switched out, like navyfedera1.org. Hover over the links before clicking to verify they are actually going to the genuine Navy Federal website.
  4. Think about what the email asks for: Navy Federal will never request your Social Security number or your account details via email.
  5. Look at the greeting: If the email is legitimate, you will be greeted by your name and not by something generic like "Dear Member" or "Dear User."
  6. Take a close look at any images used: Scammers may spend some time on making the emails look right but may not have the graphic design skills to recreate the official images correctly. As a result, images in fake Navy Federal emails (including logos) may look blurry, skewed, or just not right.
Contact Details

Navy Federal Credit Union



Verified.org

Verified Contact Details

It's important to verify links and contact details to beat imposters.

How to Beat and Avoid Navy Federal Phishing Emails

Scammers never stop trying new tactics and techniques to convince you to give them your personal information. However, there are a few things you can do to protect yourself. Here are some steps you can take:

  • Use multifactor authentication on your Navy Federal Credit Union account so that scammers can't access your account even if they have both your username and your password.
  • Check your account statements each month for any transactions you don't remember.
  • Use a strong and unique password on your Navy Federal account to prevent unauthorized access.
  • Be suspicious of links in emails and check your account using either the Navy Federal mobile app or the official website instead of clicking the link.
  • Don't use public WiFi to login into your Navy Federal account because scammers can easily hijack public connections.
  • Keep antivirus and antimalware software up to date and run frequent scans of your computer.
  • Keep track of your credit report either through the credit bureaus or one of the free credit report apps. 

Don't Click on Any Links

Unless you're absolutely sure the email is legitimate, don't click on any links or download any attachments. If you want to check the status of your Navy Federal account, log in from your mobile app or via www.navyfederal.org directly.

Fallen for This Scam?

If you have fallen for a Navy Federal phishing scam, don't panic or beat yourself up about it, but do act quickly to prevent any damage to your finances or identity. Here are the steps you should take if you have entered any information on a fake Navy Federal website:

  • Enable Touch ID and change your password on the Navy Federal mobile app if you click on the phishing link from your phone.
  • Change your username and password for your online Navy Federal account from a device that wasn't affected by the phishing email.
  • Scan your computer with antivirus software after making sure it is up to date with the latest virus definitions. Then, remove any viruses, Trojans, and spyware the software finds.
  • Call Navy Federal and tell them what happened. They can help you check if there is any malicious activity in your account, reverse any fraudulent charges, and help you prevent any more damage to your finances.
  • Set up a fraud alert with one of the credit bureaus, so you're notified if someone tries to apply for credit using your identity.
  • Check your credit report regularly, look for inaccuracies, and report them immediately to the credit bureaus to protect your finances.
  • Report it to the authorities.

Frequently Asked Questions

How can I identify a fake Navy Federal email?

Scammers work hard to make their fake emails look like official Navy Federal emails, but they usually miss some details. Here are some ways to detect a Navy Federal phishing email:

  • The email starts with a generic greeting instead of using your name.
  • The graphics in the email seem right but are blurry or misaligned.
  • The email has grammar or spelling errors.
  • The link in the email doesn’t go to https://www.navyfederal.org/.
  • The sender’s displayed email address domain is navyfederal.org, but when you click on it to determine the actual email address, it is something else.
  • The language or wording in the email seems suspicious.

What happens after I click on a link in a phishing email?

A few things can happen after you click on a link in a phishing email. Most of the time, the link will take you to a website that looks like the official Navy Federal Credit Union site, and it may have a domain name similar to https://www.navyfederal.org/ until you look at it closely.

The website may present a login form to steal your Navy Federal account credentials. Or it may ask for personal information to verify your account to steal sensitive information, like your Social Security number. Sometimes the link will be to an attached PDF file that links to a phishing site. 

Other times, the link could be to an attached executable file that will install malware on your device.

What do I do if I entered my information on a fake Navy Federal website?

If you have entered any information on a Navy Federal phishing site, here are the steps you need to take to protect yourself, your account, and your identity.

  • Ensure that the firewall, antivirus, and anti-malware software programs on your computer are running and up to date.
  • Use your antivirus software to scan your computer and remove any malware, Trojans, or viruses it finds.
  • Change the password or enable Touch ID on your Navy Federal mobile app.
  • Change the username and password for your online Navy Federal account on a device other than the one you received the phishing email on.
  • Collect as much information as you can about the incident, including the email itself, the URL of the phishing site, and a screenshot of the phishing site if you can, just in case the scammers take it down.
  • Call Navy Federal at 1-888-842-6328 to report the incident and identity any signs of fraud on your account.
  • Report the phishing scam to the FTC.

Comments