Sick of Scams: The One with Patelco Credit Union

Exposing the Truth One Phish-y, Smish-y, Scummy Scam at a Time.

Heads up…these Smishing texts are circulating, purporting to be from Patelco Credit Union:

Signs it’s a SCAM: Company name and domain URL do not match.

While the message says Patelco at the top, the domain URL reads as Peticohelp.com, which is spelled differently than the company name. This is a solid indicator that it’s a scam.

What should you do (and not do)?

• Do not respond. Not even with “Stop” to end messages
• Do not click or tap on any links.
• Report suspicious scams to your wireless provider by forwarding it to 7726 or SPAM. If you have an iPhone, click and hold on the text message (just not where the link is), click on “more…”, select the radio dial next to the message, then click on the arrow on the bottom right and type in 7726.
• Now, delete and report the email as “junk.” Click on “Report Junk” and “Delete and Report Junk.
• Always use multi-factor authentication for your accounts.
• Continually update your OS and security apps to the latest version.

Digging Deeper

I do not recommend further inspecting scams. You don’t know if you will unknowingly download malware onto your device.

However, I wanted to explore this a bit further using protective measures. The Favicon and page title reflect Patelco Credit Union’s brand when going to the URL. The three dots on the upper right are inactive, as are the “Forgot User ID or Password?” and “Register a New Account” links. Again, the URL spelling does not correctly reflect the company’s name. Patelco’s domain is patelco.org.

The fuzzy image of the hero graphic is poor in quality and a good indicator that this is not Patelco’s site.

Checking the Domain Registry ID

So, who owns paticohelp.com? I did a domain lookup and found some interesting information. The nameservers are on Cloudflare, and they created the registry on April 29, 2024. Note that the date of the text was April 30, 2024.

Most contact information looks fake, with the primary contact name being “Ralph Laurent.” Truly and obviously not affiliated with Patelco Credit Union.

What do we know about the registrant’s email?

Entering “tomyholy93n@outlook.com took me to “scam-detector.com,” which associates that email to wellstocancel.com. This site has a malicious score of 14.6/100, ranking it as a scam.

scam detector score on wellstocancel.com

The email and telephone number match with what’s listed for Peticohelp.com. Here’s what scam-detector.com provides about Peticohelp.com.

Peticohelp.com results from scam-detector.com

In looking up the phone number of the domain registrant, we can see that another scam site called wfargoreverse.com was created using the same information (name, phone, email, address, etc.)

A Pattern of Malicious Sites to Facilitate Scams

There is a pattern with fake domains that sound or are spelled similarly to established financial institutions in hopes of tricking people into entering sensitive information, clicking on malware, etc.

Scams are going to continue to become more sophisticated. Be vigilant and safe, and protect your loved ones.