I would log into the account in question and change my password/login immediately. I would also call the credit union and explain this to them. This could very well be fraud. See what they suggest. They may offer a new account number for security. Also, have them check for any pending authorizations that you did not make.

I'd also double check both emails and ensure they're legit, versus some kind of phishing attempt. 

---

@Traveler101 wrote:

I would log into the account in question and change my password/login immediately. I would also call the credit union and explain this to them. This could very well be fraud. See what they suggest. They may offer a new account number for security. Also, have them check for any pending authorizations that you did not make.

---

Thanks, @pizzadude and @Traveler101. I will do that.

---

@cr101 wrote:

I don't want to say the company's name in case it's nothing. But, I got an alert about an attempted login. A few hours later, I got an email from Microsoft. It was a login code. This was sent to my non-Microsoft email acct that is also used to log into that bank acct (you can have another email linked to Microsoft instead of using an actual Microsoft email). This credit union's cards got hacked once, so I was wondering if something else happened. Do you think that it's a coincidence? Anyone got any notice like that from a credit union in the past few days? I initially wrote it off as an accident bc I've accidentally tried logging in w the wrong username. But, to get multiple login codes for the same email address over the course of a few hrs is worrisome.

---

If by "login code", you mean the one one-time passcode they send in the mail when you've got two-factor authentication set up, that means someone has your userid AND password. Because you'll only get one of those AFTER someone was able to correctly enter your userid and password. If they failed, you might have gotten a notice of the failed login attempts. But if they succeeded, that means your password is out there. In that case, immediately change your password, and also change the password of all your other accounts that use the same password. In this case, it's probably you not the credit union. Hackers can steal userids/emails and passwords from anywhere, and then try them at many other sites. If you reuse passwords at different sites, then any other site where you use that email and password could have been hacked.

However, there are also login codes for things like "forgot my password". If you got one of those, you're probably safer. It means they have your userid/email, but not the password. But even in that case, I'd change the password, just to be safe.

A notification after a failed attempt at a login wouldn't have a login code attached. And if you type in the wrong userid, you'd never see that alert anyway (because it wouldn't be attached to your account).

I suggest with any suspicion whatsoever in electronic communication, use a known phone number and call if possible as a first response. If that is not available use a known and/or published email from the website for fraud reporting/security -- not anything within the electronic communication (email/SMS).

Criminals can be quite clever with HTML(like) and emails and other information.

I had a money request on paypal, was obvious phishing to me, but then it was cancelled and followed up by another money request I think, which has a subject and warning about the first request stating a phone number to call in the money request subject/description. Similar to a good cop/bad cop approach. First time I think that I have experienced remote social engineering.

I have zero experience with paypal and money requests so at first I thought the second was from paypal and legit but then realized the second was apparently another money request disguised as a hero.

This was all via the paypal website after an initial heads-up email from paypal that I got alerting me that I had a money request.

[2020-12-09]=[EQ8|786]-[TU8|746]-[EX8|772] .... gardening until I can't (again).
[2023-10-01]=[EQ8|797]-[TU8|776]-[EX8|775]

@cr101  I understand not wanting to name names, but if you dont, No one can be sure what you're describing.  The most concerning thing would be getting a security code from your bank, to the email you designated to that bank as your contact method.