Security and Scam Updates
If you have been a target or are concerned you may have been a victim of one of these scams, please send an email to email@example.com. For more information about suspected fraudulent activity on your account, debit card or credit card, go to our frequently asked questions page.
Updated November 2018
What can you do to protect yourself?
- Create strong passwords with a combination of capital letters, lowercase letters, numbers and special characters. Never reuse the same password or use easy to guess personal information as a password.
- Learn the warning signs of a phishing email to help keep your private information safe.
- Learn how tax scams work and how to protect yourself. Many scams have the same basic pattern. They use trickery to get you to share personal data or pay money based on a false threat or promise.
- Take time to make sure that every family member is protected with security software, preferably set up so that it updates automatically.
- Make sure that your kids, spouse or senior relatives all know how to avoid becoming a victim of online scams.
- Even after your family learns how to stay safe online, don’t let your guard down. New scams are created all the time, so keep up-to-date on the latest threats.
Check out the Safety & Protection section of our blog for more ways to keep yourself protected!
Member Reported Scams
Phishing Scams Targeting Members
Several different phishing emails have been reported recently by Suncoast members. These emails claim to be from Suncoast Credit Union, but they are not. The emails were sent from a comcast.net email address.
The false emails were written to try to get members to click on a malicious link. Some of the messages claimed that members would have their accounts deactivated if they didn’t click on the link. Others claimed that there was a security breach or that the member needed to click to authorize a purchase. All of these messages are false.
Even if you didn’t get a phishing email, here are some things to keep in mind to stay safe:
- Suncoast will never contact you through email about sensitive matters
- Suncoast does not deactivate accounts
- Never click on links that you do not recognize
- Check who an email is from carefully to make sure the email address is legitimate
- Do not trust emails from unknown senders
- If you need to verify transactions, call our Member Care Center at (800) 999-5887
Text Message Scam
A text message asking members to contact Suncoast at 904.210.1511 has been reported. This is a scam and the phone number is not a legitimate Suncoast Credit Union number.
This scam is an attempt to gain access to your account. Fraudsters send these text messages to mass groups of people, including members and non-members, in hopes of frightening people into responding and sharing their account information.
Variations of the scam may include different phone numbers other than the one listed above. Some takeaways for this scam include:
- Contact Suncoast directly through a secure message on SunNet Online Banking, the SunMobile app or call our Members Contact Center at 813.621.7511 or 800.999.5887 if you are unsure about the legitimacy of a phone call
- Bookmark or print our full list of all the important Suncoast phone numbers for future reference
- Do not give out your personal information to potential fraudsters
Please forward suspicious text or emails to firstname.lastname@example.org.
Fake Mystery Shopper Scam
A fake mystery shopper scam has been reported in counties that may impact our members. Fraudsters mail out checks that appear to be legitimate along with a letter that explains the “mystery shopper” program. The check will look like it is from a real financial institution and the mystery shop program will claim to be from a major retail store.
The letter may ask the “shopper” to cash or deposit the check and email a specific person when this is done. Next the “shopper” is meant to transfer part of the money to a specific person, keeping part of the funds as “commission” for their assignment.
There are variations of this scam that may come through email, phone call or text. Some takeaways for this scam include:
- If you get an unsolicited communication about a “mystery shop” program, do not respond to the communication
- Never deposit an unexpected check that you receive in the mail
- Legitimate organizations do not pay in advance or ask you to return or transfer part of your payment
If you receive a “mystery shop” scam that claims to be affiliated with Suncoast Credit Union, email us at email@example.com and report it.
Official Scam Warnings
IRS, FTC and US-CERT Issue Scam Warnings
The Internal Revenue Service (IRS) has released an alert to warn taxpayers about various types of scams, including robocalls, private debt collection and scams that target taxpayers with limited proficiency in English.
The Federal Trade Commission (FTC) has released an alert about technical-support scams. These scammers pretend to be computer technicians from popular companies and offer to fix problems that don’t exist in order to trick people into giving access to their computers.
The United States Computer Emergency Readiness Team (US-CERT) has also released an alert about Petya ransomware, a form of malicious software that infects a computer and restricts access to the machine and demands a ransom to unlock it.
Takeaways for these updates include:
Cyber Crime Warnings
Stress Paint Malware is Stealing Facebook Credentials
Stress Paint, a new malware, is infecting thousands of computers each day. When attacked, the victim receives a phishing email, or Facebook message, with a link to download the free program called Relieve Stress Paint. After the program downloads, it initiates hidden processes that copy login data files and Facebook cookies from your internet browser. Retrieving all credentials stored in the browser, the attacker uses them with criminal intent.
Generally, stolen credentials may be used in the following ways:*
- Monetization: selling stolen credentials to malicious actors and cyber-criminals on the dark web.
- Ransom: extorting victims by threatening to reveal personal information.
- Espionage: tracking specific activity, network and conversations.
- Profit: using stolen credentials and payment information to shop on eCommerce sites and services.
- Identity Theft: reusing credentials to log into other accounts or services, via Facebook.
Here are some takeaways from the RSP attack:
- Use an up-to-date anti-virus program
- Watch for scam email, paying close attention to URL’s and verify the sender’s legitimacy.
- Do not download unexpected programs.
- For all accounts offering it, use multi-factor authentication.
WannaCry Ransomware Global Outbreak
A global malware attack called WannaCry has recently spread to hundreds of thousands of computers around the world. Though security experts have slowed down the spread of the malware, it is still possible for computers to become infected.
WannaCry is a form of malware known as ransomware. This means that once a computer has been corrupted by WannaCry, the malware can block people from accessing files on their computer. The malware demands a ransom to be paid before it will unlock the files.
This attack takes advantage of a security vulnerability within systems that use Windows, especially older versions. Here are some takeaways for the WannaCry ransomware attack:
- If you or your company uses Windows, install Microsoft’s latest security update right away
- Always keep your operating system, antivirus software and security programs updated with the newest versions to help protect from emerging threats
- Back up your files in a drive that is disconnected from your network to protect them if your computer gets infected by ransomware
- Do not open email attachments or click on links from unknown or suspicious sources, as this can open your computer up to ransomware
Fraudsters have even created emails that claim to help protect your computer from the WannaCry malware, but the emails actually include the ransomware. Make sure that your antivirus software and security updates are from a legitimate source.
Always remember to STOP and THINK before you CONNECT!
Browser Security Update — TLS 1.2
May 17, 2018
Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. It's the most widely deployed security protocol used today, and is used for Web browsers and other applications that require data to be securely exchanged over a network. TLS 1.2 is a security upgrade which will continue to allow digital devices (such as computers and phones) to communicate over the internet securely without the transmission being vulnerable to an outside audience.
Ensure your browser meets the latest TLS 1.2 security requirements by October 16, 2018. After this date, browsers that do not meet the new standard requirements will be unable to access our website or SunNet Online Banking from your computer or phone.
To determine whether your browser meets TLS 1.2 security requirements, access the links below:
A recent data breach from the credit-reporting company, Equifax, has impacted 143 million Americans. The exposed data could include personal information like Social Security numbers, credit card numbers, birthdays, addresses and more.
At Suncoast Credit Union, the privacy and security of your accounts and personal data will always be a top priority. We promise to always do our part to keep your information safe and secure, especially against fraud.
That’s why we want to make sure you know about the Equifax breach and offer proactive steps you can take to secure your data. Since this breach was from an outside organization, it is important that you pay attention to your personal data and protect yourself.
This is a serious breach that could impact millions of Americans and put them at risk for identity theft. Here are steps you can take to understand if you might be affected and how to help protect yourself:
1. Find out if you were affected
- Go to www.equifaxsecurity2017.com to find out if you potentially affected by the breach or call 866.447.7559 for more information
- Click on the “Potential Impact” link in the top navigation
- Click on the “Check Potential Impact” button, and follow the prompts
- Please note, you will need to enter the last 6 digits of your Social Security number and last name
2. Monitor your credit
Check your free credit report annually from Equifax, Experian, and TransUnion.
Go to www.annualcreditreport.com. Set alerts with each credit bureau to receive fraud notifications.
If impacted by the breach, you may want to consider enrolling in TrustedID Premier, a free service provided by Equifax. TrustedID Premier provides:
- Equifax credit report
- 3 bureau credit file monitoring
- Equifax credit report lock
- Social Security number monitoring
- Up to $1M identity theft insurance
3. Consider placing a freeze on your credit
For added protection, a freeze can be placed on your files with each of the three credit agencies. This blocks anyone from pulling your credit information unless you unfreeze your account with a PIN. Please keep in mind:
- You have to put a freeze on each major credit bureau: Equifax, Experian and TransUnion
- There may be fees associated with each credit freeze and possibly fees to unfreeze your credit as well
- If you plan on taking out a loan, applying for a new apartment, applying for a mortgage or any other activity that pulls your credit, you will need to unfreeze your information before you apply
- There may be a waiting period to unfreeze credit information
- A credit freeze can block people from opening new accounts, but does not stop them from charging your existing accounts
For more information, go to the FTC’s Credit Freeze FAQs.
4. Closely monitor your accounts
Stay vigilant in reviewing your account statements, credit card activity and other financial data.
Check for any changes in personal information or unusual activity.
For more information about Suncoast’s fraud prevention services, please go to our Fraud Prevention FAQs.
5. Member Security Center available
Suncoast has an additional option available to our members through our Member Security Center to assist you with any data breach concerns.You can enroll in this identity protection service at www.membersecuritycenter.com