Security and Scam Updates
Watch Out For These Scams
Updated March 31, 2020
Cyber criminals are using the latest coronavirus (COVID-19) health concerns to their advantage to deceive consumers. Many scams involve the use of phishing emails, social media platforms, text messages, faxes, and phony websites with false information.
The phishing emails are said to contain malicious links or attachments impersonating government agencies such as Centers of Disease Control (CDC), World Health Organization (WHO), and John Hopkins University. Many of these communications may be prompting false information about the virus, asking for donations, or selling a product to prevent the virus.
There are also fake websites by non-government entities with names like “U.S. Emergency Grant Federation” that ask individuals to share their social security numbers or pay a “processing fee” to receive a grant. These fraudulent websites steal personal information or steal money from innocent people. They may claim to offer help with medical bills or other costs.
Below are some examples of the types of scams you should be on the lookout for:
Emails that appear to be from organizations such as the CDC or the WHO. The scammers have crafted emails that appear to come from these sources, but they actually contain malicious phishing links or dangerous attachments.
Emails that claim to have a "new" or "updated" list of coronavirus cases in your area. These emails could contain dangerous links and information designed to scare you into clicking on the link.
Emails that ask for charity donations for studies, doctors or victims that have been affected by the coronavirus. Scammers often create fake charity emails after global phenomenon occur, like pandemics or natural disasters.
Stimulus Check Scams
Emails requesting you to confirm any personal information in order to mail you a stimulus check for short-term financial relief. Government agencies are not sending unsolicited emails seeking your private information or requiring an upfront fee in order to send money.
Emails, social media posts or websites that claim to offer grants or stimulus payments that are not from government agencies or legitimate organizations. These fraudsters may also try to scam you into providing your account number in order to direct deposit a stimulus payment into your account.
Phone Calls Pretending to be from Suncoast Credit Union
Phone calls posing as support personnel from Suncoast. Cyber criminals will try to gain your trust by a stating a job title, email address and any other information that they may have found online. The caller could claim to be verifying activity on your account
Fake Coronavirus Maps
Here is an example of a fake map created by scammers claiming to have the latest COVID-19 updates similar to John Hopkins University’s website. The fraudulent map contains spyware (corona.exe) that steals usernames, passwords, credit card numbers and other data from user’s browser.
Additionally, the FBI has advised the public to be cautious and protect themselves from emerging scams related to COVID-19. The latest talk in the news has revolved around stimulus checks and scammers are leveraging the topic to obtain personal information to send “money”, but instead they are using the personal information to commit other crimes.
Keep in mind, these are only a couple examples and cyber criminals are constantly coming up with new ways to deceive you.
How to Protect Yourself from These Scams
- Never click on links or download attachments from an email that you weren't expecting.
- Hover over email links and verify the URL is legitimate.
- If you receive a suspicious email that appears to come from Suncoast Credit Union, report the email to firstname.lastname@example.org.
- If you want to make a charity donation, go to the charity website of your choice to submit your payment. Type the charity's web address in your browser instead of clicking on any links in emails, or other messages.
- Always purchase items from a legitimate stores or website
- Report any scams. Companies encourage consumers to report scams to them in order to take action.
- Remember that scammers can spoof any number they'd like. Therefore, even if a call looks like it's coming from a legitimate source, it could be a scam.
- Do not provide personal information to unknown sources. Never provide your personal information or account information over the phone unless you're the one who initiated the communication.
- Look over emails carefully for any misspellings.
For up-to-date information on the Coronavirus visit the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).
If you have been a target or are concerned you may have been a victim of one of these scams, please send an email to email@example.com. If you have been a victim of fraud or have had your data compromised, you can put a free fraud alert on your credit report. For more information about suspected fraudulent activity on your account, debit card or credit card, go to our frequently asked questions page.
Updated October 10, 2019
What can you do to protect yourself?
- Create strong passwords with a combination of capital letters, lowercase letters, numbers and special characters. Never reuse the same password or use easy to guess personal information as a password.
- Learn the warning signs of a phishing email to help keep your private information safe.
- Learn how tax scams work and how to protect yourself. Many scams have the same basic pattern. They use trickery to get you to share personal data or pay money based on a false threat or promise.
- Take time to make sure that every family member is protected with security software, preferably set up so that it updates automatically.
- Make sure that your kids, spouse or senior relatives all know how to avoid becoming a victim of online scams.
- Even after your family learns how to stay safe online, don’t let your guard down. New scams are created all the time, so keep up-to-date on the latest threats.
Check out the Safety & Protection section of our blog for more ways to keep yourself protected!
Member Reported Scams
MEMBERS! Please be hyperaware of escalated fraudulent scams being experienced in our region.
October 4, 2019
If you receive a text message that purports to be from Suncoast related to transactions made with your debit card, please MAKE SURE the sender is NOT A PHONE NUMBER.
A legitimate text fraud alert will only be sent from this short code number: 236-18.
The FRAUDULENT notification will instruct you to text but PLEASE DO NOT TEXT ANY INFORMATION BACK. Do not engage in ANY way. And remember, Suncoast will never request passwords or PINs by text or outbound phone calls.
Instead, contact the Member Care Center at 800-999-5887, Monday - Friday from 7 a.m. to 8 p.m. and Saturday from 8 a.m. to 1 p.m. If after hours, PLEASE call 844-688-4725.
Your financial safety and security are our highest priority.
Other, Recent Text Message Scams
A text message asking members to contact Suncoast at 904.210.1511 has been reported. This is a scam and the phone number is not a legitimate Suncoast Credit Union number.
This scam is an attempt to gain access to your account. Fraudsters send these text messages to mass groups of people, including members and non-members, in hopes of frightening people into responding and sharing their account information.
Variations of the scam may include different phone numbers other than the one listed above. Some takeaways for this scam include:
- Contact Suncoast directly through a secure message on SunNet Online Banking, the SunMobile app or call our Members Contact Center at 813.621.7511 or 800.999.5887 if you are unsure about the legitimacy of a phone call
- Bookmark or print our full list of all the important Suncoast phone numbers for future reference
- Do not give out your personal information to potential fraudsters
Please forward suspicious text or emails to firstname.lastname@example.org.
Phishing Scams Targeting Members
Suncoast members have recently reported several different phishing emails. The emails appear to be from Suncoast Credit Union but they are actually sent from various third-party domains such as @t-online.de. Many of these emails are impersonating our domain, @suncoastcreditunion.com.
The fake emails try to convince members to input their Suncoast online banking username and password into a phishing site that stores the information for the fraudsters.
Suncoast will never contact you through email for sensitive matters. If you’re unsure of any emails you receive claiming to be associated with your Suncoast account, you can call our Member Care Center directly at (800) 999-5887 to verify the message.
You can see examples of these phishing emails below:
Fake Mystery Shopper Scam
A fake mystery shopper scam has been reported in counties that may impact our members. Fraudsters mail out checks that appear to be legitimate along with a letter that explains the “mystery shopper” program. The check will look like it is from a real financial institution and the mystery shop program will claim to be from a major retail store.
The letter may ask the “shopper” to cash or deposit the check and email a specific person when this is done. Next the “shopper” is meant to transfer part of the money to a specific person, keeping part of the funds as “commission” for their assignment.
There are variations of this scam that may come through email, phone call or text. Some takeaways for this scam include:
- If you get an unsolicited communication about a “mystery shop” program, do not respond to the communication
- Never deposit an unexpected check that you receive in the mail
- Legitimate organizations do not pay in advance or ask you to return or transfer part of your payment
If you receive a “mystery shop” scam that claims to be affiliated with Suncoast Credit Union, email us at email@example.com and report it.
Official Scam Warnings
Scam Warning from Florida Attorney General
Florida Attorney General Ashley Moody has released a Consumer Alert to warn citizens about a new scam being used to steal financial information.
Here’s how it works:
- Scammers place a skimmer on card readers to steal information from credit or debit cards
- Then they use call spoofing to contact the cardholder, pretending to be from the cardholder’s financial institution
- They claim the card is compromised and tell the cardholder that the CV2 code is needed in order to freeze the account
- Once the scammer has the CV2 code, they steal money, make purchases or sell the account information
Takeaways to protect yourself from scams like this:
- Inspect all card readers before use and do not use if you see skimming device or broken security seal
- Monitor your accounts regularly and report any unauthorized activity
- Never give out your personal information
- Don’t automatically trust caller ID information
- Call your financial institution or credit card provider directly with the number on the back of your card if you get a suspicious phone call
Cyber Crime Warnings
Visa Security Alert: Cyber Attacks at Gas Stations
Visa reported a new way that cyber criminals are stealing credit card information from gas station customers. These attacks target merchants who operate gas stations to deploy point-of-sale (POS) malware on their networks.
Visa’s Payment Fraud Disruption team says cybercrime groups found that while the in-store POS terminals of some merchants support chip transactions, most of the card readers installed on gas pumps do not.
These gas pump card readers still operate on older technology that can only read payment data from the card's magnetic stripe. Data from these outdated card readers is sent unencrypted to the gas station's main network, where cyber criminals can intercept it.
Gas stations have until October 2020 to deploy chip compatible card readers on their gas pumps. After that, Visa said liability for any card fraud would shift from card issuers to the merchants.
Customers should be aware that gas stations without chip readers might be more vulnerable to these attacks. Paying with cash or going to gas stations with chip readers can help you stay safe.
October 6, 2017. What You Need to Know About the Equifax Breach →
August 27, 2018. Equifax Breach Update: What You Need to Know Now →
February 12, 2018. Don’t Fall for These Common Tax Scams →