Security and Scam Updates

If you have been a target or are concerned you may have been a victim of one of these scams, please send an email to If you have been a victim of fraud or have had your data compromised, you can put a free fraud alert on your credit report. For more information about suspected fraudulent activity on your account, debit card or credit card, go to our frequently asked questions page.

Updated October 10, 2019

Targeting Suncoast Members
Other Financial Institutions
Global cyber crimes

What can you do to protect yourself?

  • Create strong passwords with a combination of capital letters, lowercase letters, numbers and special characters. Never reuse the same password or use easy to guess personal information as a password.
  • Learn the warning signs of a phishing email to help keep your private information safe.
  • Learn how tax scams work and how to protect yourself. Many scams have the same basic pattern. They use trickery to get you to share personal data or pay money based on a false threat or promise.
  • Take time to make sure that every family member is protected with security software, preferably set up so that it updates automatically.
  • Make sure that your kids, spouse or senior relatives all know how to avoid becoming a victim of online scams.
  • Even after your family learns how to stay safe online, don’t let your guard down. New scams are created all the time, so keep up-to-date on the latest threats.

Check out the Safety & Protection section of our blog for more ways to keep yourself protected!

Member Reported Scams

MEMBERS! Please be hyperaware of escalated fraudulent scams being experienced in our region.

October 4, 2019

If you receive a text message that purports to be from Suncoast related to transactions made with your debit card, please MAKE SURE the sender is NOT A PHONE NUMBER.

A legitimate text fraud alert will only be sent from this short code number: 236-18.

The FRAUDULENT notification will instruct you to text but PLEASE DO NOT TEXT ANY INFORMATION BACK. Do not engage in ANY way. And remember, Suncoast will never request passwords or PINs by text or outbound phone calls.

Instead, contact the Member Care Center at 800-999-5887, Monday - Friday from 7 a.m. to 8 p.m. and Saturday from 8 a.m. to 1 p.m. If after hours, PLEASE call 844-688-4725.

Your financial safety and security are our highest priority.

Other, Recent Text Message Scams

A text message asking members to contact Suncoast at 904.210.1511 has been reported. This is a scam and the phone number is not a legitimate Suncoast Credit Union number.

This scam is an attempt to gain access to your account. Fraudsters send these text messages to mass groups of people, including members and non-members, in hopes of frightening people into responding and sharing their account information.

Variations of the scam may include different phone numbers other than the one listed above. Some takeaways for this scam include:

  • Contact Suncoast directly through a secure message on SunNet Online Banking, the SunMobile app or call our Members Contact Center at 813.621.7511 or 800.999.5887 if you are unsure about the legitimacy of a phone call
  • Bookmark or print our full list of all the important Suncoast phone numbers for future reference
  • Do not give out your personal information to potential fraudsters

Please forward suspicious text or emails to

Phishing Scams Targeting Members

Suncoast members have recently reported several different phishing emails. The emails appear to be from Suncoast Credit Union but they are actually sent from various third-party domains such as Many of these emails are impersonating our domain,

The fake emails try to convince members to input their Suncoast online banking username and password into a phishing site that stores the information for the fraudsters.

Suncoast will never contact you through email for sensitive matters. If you’re unsure of any emails you receive claiming to be associated with your Suncoast account, you can call our Member Care Center directly at (800) 999-5887 to verify the message.

You can see examples of these phishing emails below:

Scam, phishing email targeting members

Scam, phishing email targeting members

Scam, phishing email targeting members

Fake Mystery Shopper Scam

A fake mystery shopper scam has been reported in counties that may impact our members. Fraudsters mail out checks that appear to be legitimate along with a letter that explains the “mystery shopper” program. The check will look like it is from a real financial institution and the mystery shop program will claim to be from a major retail store.

The letter may ask the “shopper” to cash or deposit the check and email a specific person when this is done. Next the “shopper” is meant to transfer part of the money to a specific person, keeping part of the funds as “commission” for their assignment.

There are variations of this scam that may come through email, phone call or text. Some takeaways for this scam include:

  • If you get an unsolicited communication about a “mystery shop” program, do not respond to the communication
  • Never deposit an unexpected check that you receive in the mail
  • Legitimate organizations do not pay in advance or ask you to return or transfer part of your payment

If you receive a “mystery shop” scam that claims to be affiliated with Suncoast Credit Union, email us at and report it.

Official Scam Warnings

Scam Warning from Florida Attorney General

Florida Attorney General Ashley Moody has released a Consumer Alert to warn citizens about a new scam being used to steal financial information.

Here’s how it works:

  • Scammers place a skimmer on card readers to steal information from credit or debit cards
  • Then they use call spoofing to contact the cardholder, pretending to be from the cardholder’s financial institution
  • They claim the card is compromised and tell the cardholder that the CV2 code is needed in order to freeze the account
  • Once the scammer has the CV2 code, they steal money, make purchases or sell the account information

Takeaways to protect yourself from scams like this:

  • Inspect all card readers before use and do not use if you see skimming device or broken security seal
  • Monitor your accounts regularly and report any unauthorized activity
  • Never give out your personal information
  • Don’t automatically trust caller ID information
  • Call your financial institution or credit card provider directly with the number on the back of your card if you get a suspicious phone call 

Cyber Crime Warnings

Stress Paint Malware is Stealing Facebook Credentials

RSP Malware Image ExampleStress Paint, a new malware, is infecting thousands of computers each day. When attacked, the victim receives a phishing email, or Facebook message, with a link to download the free program called Relieve Stress Paint. After the program downloads, it initiates hidden processes that copy login data files and Facebook cookies from your internet browser. Retrieving all credentials stored in the browser, the attacker uses them with criminal intent.

Generally, stolen credentials may be used in the following ways:*

  • Monetization: selling stolen credentials to malicious actors and cyber-criminals on the dark web.
  • Ransom: extorting victims by threatening to reveal personal information.
  • Espionage: tracking specific activity, network and conversations.
  • Profit: using stolen credentials and payment information to shop on eCommerce sites and services.
  • Identity Theft: reusing credentials to log into other accounts or services, via Facebook.

Here are some takeaways from the RSP attack:

  • Use an up-to-date anti-virus program
  • Watch for scam email, paying close attention to URL’s and verify the sender’s legitimacy.
  • Do not download unexpected programs.
  • For all accounts offering it, use multi-factor authentication.


WannaCry Ransomware Global Outbreak

A global malware attack called WannaCry has recently spread to hundreds of thousands of computers around the world. Though security experts have slowed down the spread of the malware, it is still possible for computers to become infected.

WannaCry is a form of malware known as ransomware. This means that once a computer has been corrupted by WannaCry, the malware can block people from accessing files on their computer. The malware demands a ransom to be paid before it will unlock the files.

This attack takes advantage of a security vulnerability within systems that use Windows, especially older versions. Here are some takeaways for the WannaCry ransomware attack:

  • If you or your company uses Windows, install Microsoft’s latest security update right away
  • Always keep your operating system, antivirus software and security programs updated with the newest versions to help protect from emerging threats
  • Back up your files in a drive that is disconnected from your network to protect them if your computer gets infected by ransomware
  • Do not open email attachments or click on links from unknown or suspicious sources, as this can open your computer up to ransomware

Fraudsters have even created emails that claim to help protect your computer from the WannaCry malware, but the emails actually include the ransomware. Make sure that your antivirus software and security updates are from a legitimate source.

Always remember to STOP and THINK before you CONNECT!

Previously Posted

October 6, 2017. What You Need to Know About the Equifax Breach →

August 27, 2018. Equifax Breach Update: What You Need to Know Now →

February 12, 2018. Don’t Fall for These Common Tax Scams →