Security & Fraud Center

Know what to look for and stay vigilant in the fight against fraud.
Online security and fraud prevention are vitally important issues to us at Empower Federal Credit Union. We want to share the latest information about online scams as well as general information you can use to protect your personal information, accounts and identity. Check back often for updates.

Text Alert Scam

ALERT: If you are in any doubt about ANY Empower-related message that you receive, stop, close the message, and call us. Legitimate text alerts always come from the Short Code number 86975, so any other number means the text is definitely a scam. If you clicked on a suspicious link, call us directly at 800.462.5000 immediately for assistance.

NEVER respond to an alert or email using the contact information or instructions in the alert itself. Always go to the company’s trusted website or phone number. You can always call Empower directly at 315.477.2200 or 800.462.5000 or use the Message Center through the Empower mobile app. We are always delighted to speak to you and to have the opportunity to serve you better.

Two-Factor Authentication Within Account Settings

The Security tab is only available via online banking through our website. It is not currently included in the mobile app.

Empower Federal Credit Union’s Online Banking requires Two-Factor Authentication for online banking users as a security measure to further protect your account. This extra layer of security will require you to complete some extra verification steps before the transaction will process.

You may select the Two-Factor Authentication options that best meets your needs:
  • Sending an authentication code via email
  • Sending an authentication code via SMS/ Text (cell phone # must be confirmed for codes to be sent via text)
  • 2FA App
Where do I find the Two-Factor Authentication Settings?

Two-Factor Authentication options can be found on the Security tab (under settings) in Online Banking. At least one option must be enabled.

Two-Factor Authentication with a 2FA App:

To set up authentication with a 2FA app, first install the Authenticator App of your choice (e.g. Google Authenticator, Authy or Duo) to your mobile device, then log into your account settings. You may find it easier to do that on a separate device like a laptop for the initial setup. In your account settings turn the 2FA APP setting to “On” and follow the instructions on the screen. Once the 2FA APP is set up and working, mark it as “preferred” and disable both SMS and email for maximum protection!

Trustworthy Authenticator Applications

These apps are free to use. There are no “in-app purchases” and no adverts. Before using the app, verify that its icon matches the one you intended to download: gray for Google Authenticator, green for Duo, red for Authy. DO NOT ever download the app that shows up at the top of the search as an Ad listing. NEVER trust these, even when you searched for exactly the right thing.

A regular email is just like a postcard. You can write whatever you want, but anyone who gets access to it between you and the recipient can read the whole thing.
 In contrast, a secure email is like a private and confidential envelope with an address window, only even better. Everyone can see who it is addressed to, but only the recipient can open it to see what it contains.


Because the message is secured, you may need to take a few easy steps to prove that you are the intended recipient. Two scenarios are possible:

Decryption (opening the envelope) happens automatically for you because your system uses the same email encryption system that we do. It was sent securely, yet you can read it just like any other email.

You get a message that looks like this:

This is not the email that the sender sent. This is a message telling you that a secure message is waiting for you.

Here are the steps you need to follow:

1. Click on the blue “Read the message” button. You will be sent to a website asking you to sign in using a Microsoft account (if you have one), or a one-time password. If you have a Microsoft account associated with the email address this message went to, simply sign in and you’ll see the secure email.

If you do not, or if you’re not sure, or if you have any difficulties, pick the one-time password option instead.
 2. After you click on “Or, sign in with a one-time passcode” you will get to a page asking for a passcode. The passcode is sent to the same email account that the secure email was sent to, so check your inbox.

It will look something like this.

3. Type in the code and click “Continue.”

4. That is it. The email and any attached documents that were sent to you can now be accessed. 

  1. Isn’t there a simpler way? Actually once you try this you’ll probably find that it’s very easy. Click the button to see the mail, click for a one-time passcode, type it in and you’re done. And if you have problems you can always call Empower and we’ll help you through it.
  2. Does this work on a mobile phone? Absolutely. In fact, most of these screenshots are from a cell phone.
  3. Can I reply securely? Yes you can, from the same webpage where you opened the secure email that was sent to you.


Phishing sites ask for personal information such as your credit card number and expiration date. The site appears to be a legitimate company, but thieves link to a fraudulent site interested in only stealing your information. No legitimate company will ask for your personal information online.


More online thieves are moving from phishing to pharming because it does not require a response from the customer. Experts warn that pharming may be more sinister than phishing because it's more difficult to detect.

Unlike phishing, which uses email spam to deliver fraudulent messages, pharming operates through phony websites. The user is automatically directed from a legitimate website to a copy of that website, with no warning signs. Once the victim is transferred to the bogus site, passwords, card numbers and other private information is collected by thieves to commit identity theft.

Online users are urged to watch for uncommon log-in processes that don't look the same as the legitimate site. Some pharming sites will ask users for information such as Social Security numbers, which are not typically required.

Identity Theft

The Federal Trade Commission has launched a nationwide identity theft education campaign to encourage consumers to keep close watch on their personal information and respond quickly when they think their data has been accessed without authorization. An education kit includes a victim recovery guide "Take Charge: Fighting Back Against Identity Theft", a training booklet "Talking About Identity Theft: A How - to Guide", and a 10-minute video on ID theft. The materials are available in English and Spanish. To talk to a counselor, or if you think your personal information has been stolen, call 1-877-IDTHEFT.
Empower Federal Credit Union is a full-service financial institution serving members throughout New York State.