Security and Scam Updates
If you have been a target or are concerned you may have been a victim of one of these scams, please send an email to email@example.com. For more information about suspected fraudulent activity on your account, debit card or credit card, go to our frequently asked questions page.
Updated July 31, 2019
What can you do to protect yourself?
- Create strong passwords with a combination of capital letters, lowercase letters, numbers and special characters. Never reuse the same password or use easy to guess personal information as a password.
- Learn the warning signs of a phishing email to help keep your private information safe.
- Learn how tax scams work and how to protect yourself. Many scams have the same basic pattern. They use trickery to get you to share personal data or pay money based on a false threat or promise.
- Take time to make sure that every family member is protected with security software, preferably set up so that it updates automatically.
- Make sure that your kids, spouse or senior relatives all know how to avoid becoming a victim of online scams.
- Even after your family learns how to stay safe online, don’t let your guard down. New scams are created all the time, so keep up-to-date on the latest threats.
Check out the Safety & Protection section of our blog for more ways to keep yourself protected!
Member Reported Scams
MEMBERS! Please be hyperaware of escalated fraudulent scams being experienced in our region.
July 18, 2019
If you receive a text message that purports to be from Suncoast related to transactions made with your debit card, please MAKE SURE the sender is NOT A PHONE NUMBER.
A legitimate text fraud alert will only be sent from this short code number: 236-18.
The FRAUDULENT notification will instruct you to text but PLEASE DO NOT TEXT ANY INFORMATION BACK. Do not engage in ANY way. And remember, Suncoast will never request passwords or PINs by text or outbound phone calls.
Instead, contact the Member Care Center at 800-999-5887, Monday - Friday from 7 a.m. to 8 p.m. and Saturday from 8 a.m. to 1 p.m. If after hours, PLEASE call 844-688-4725.
Your financial safety and security are our highest priority.
Other, Recent Text Message Scams
A text message asking members to contact Suncoast at 904.210.1511 has been reported. This is a scam and the phone number is not a legitimate Suncoast Credit Union number.
This scam is an attempt to gain access to your account. Fraudsters send these text messages to mass groups of people, including members and non-members, in hopes of frightening people into responding and sharing their account information.
Variations of the scam may include different phone numbers other than the one listed above. Some takeaways for this scam include:
- Contact Suncoast directly through a secure message on SunNet Online Banking, the SunMobile app or call our Members Contact Center at 813.621.7511 or 800.999.5887 if you are unsure about the legitimacy of a phone call
- Bookmark or print our full list of all the important Suncoast phone numbers for future reference
- Do not give out your personal information to potential fraudsters
Please forward suspicious text or emails to firstname.lastname@example.org.
Phishing Scams Targeting Members
Several different phishing emails have been reported recently by Suncoast members. These emails claim to be from Suncoast Credit Union, but they are not. The emails were sent from a comcast.net email address.
The false emails were written to try to get members to click on a malicious link. Some of the messages claimed that members would have their accounts deactivated if they didn’t click on the link. Others claimed that there was a security breach or that the member needed to click to authorize a purchase. All of these messages are false.
Even if you didn’t get a phishing email, here are some things to keep in mind to stay safe:
- Suncoast will never contact you through email about sensitive matters
- Suncoast does not deactivate accounts
- Never click on links that you do not recognize
- Check who an email is from carefully to make sure the email address is legitimate
- Do not trust emails from unknown senders
- If you need to verify transactions, call our Member Care Center at (800) 999-5887
Fake Mystery Shopper Scam
A fake mystery shopper scam has been reported in counties that may impact our members. Fraudsters mail out checks that appear to be legitimate along with a letter that explains the “mystery shopper” program. The check will look like it is from a real financial institution and the mystery shop program will claim to be from a major retail store.
The letter may ask the “shopper” to cash or deposit the check and email a specific person when this is done. Next the “shopper” is meant to transfer part of the money to a specific person, keeping part of the funds as “commission” for their assignment.
There are variations of this scam that may come through email, phone call or text. Some takeaways for this scam include:
- If you get an unsolicited communication about a “mystery shop” program, do not respond to the communication
- Never deposit an unexpected check that you receive in the mail
- Legitimate organizations do not pay in advance or ask you to return or transfer part of your payment
If you receive a “mystery shop” scam that claims to be affiliated with Suncoast Credit Union, email us at email@example.com and report it.
Official Scam Warnings
Scam Warning from Florida Attorney General
Florida Attorney General Ashley Moody has released a Consumer Alert to warn citizens about a new scam being used to steal financial information.
Here’s how it works:
- Scammers place a skimmer on card readers to steal information from credit or debit cards
- Then they use call spoofing to contact the cardholder, pretending to be from the cardholder’s financial institution
- They claim the card is compromised and tell the cardholder that the CV2 code is needed in order to freeze the account
- Once the scammer has the CV2 code, they steal money, make purchases or sell the account information
Takeaways to protect yourself from scams like this:
- Inspect all card readers before use and do not use if you see skimming device or broken security seal
- Monitor your accounts regularly and report any unauthorized activity
- Never give out your personal information
- Don’t automatically trust caller ID information
- Call your financial institution or credit card provider directly with the number on the back of your card if you get a suspicious phone call
Cyber Crime Warnings
Stress Paint Malware is Stealing Facebook Credentials
Stress Paint, a new malware, is infecting thousands of computers each day. When attacked, the victim receives a phishing email, or Facebook message, with a link to download the free program called Relieve Stress Paint. After the program downloads, it initiates hidden processes that copy login data files and Facebook cookies from your internet browser. Retrieving all credentials stored in the browser, the attacker uses them with criminal intent.
Generally, stolen credentials may be used in the following ways:*
- Monetization: selling stolen credentials to malicious actors and cyber-criminals on the dark web.
- Ransom: extorting victims by threatening to reveal personal information.
- Espionage: tracking specific activity, network and conversations.
- Profit: using stolen credentials and payment information to shop on eCommerce sites and services.
- Identity Theft: reusing credentials to log into other accounts or services, via Facebook.
Here are some takeaways from the RSP attack:
- Use an up-to-date anti-virus program
- Watch for scam email, paying close attention to URL’s and verify the sender’s legitimacy.
- Do not download unexpected programs.
- For all accounts offering it, use multi-factor authentication.
WannaCry Ransomware Global Outbreak
A global malware attack called WannaCry has recently spread to hundreds of thousands of computers around the world. Though security experts have slowed down the spread of the malware, it is still possible for computers to become infected.
WannaCry is a form of malware known as ransomware. This means that once a computer has been corrupted by WannaCry, the malware can block people from accessing files on their computer. The malware demands a ransom to be paid before it will unlock the files.
This attack takes advantage of a security vulnerability within systems that use Windows, especially older versions. Here are some takeaways for the WannaCry ransomware attack:
- If you or your company uses Windows, install Microsoft’s latest security update right away
- Always keep your operating system, antivirus software and security programs updated with the newest versions to help protect from emerging threats
- Back up your files in a drive that is disconnected from your network to protect them if your computer gets infected by ransomware
- Do not open email attachments or click on links from unknown or suspicious sources, as this can open your computer up to ransomware
Fraudsters have even created emails that claim to help protect your computer from the WannaCry malware, but the emails actually include the ransomware. Make sure that your antivirus software and security updates are from a legitimate source.
Always remember to STOP and THINK before you CONNECT!
October 6, 2017. What You Need to Know About the Equifax Breach →
August 27, 2018. Equifax Breach Update: What You Need to Know Now →
February 12, 2018. Don’t Fall for These Common Tax Scams →