Cal Coast Security Center

On August 2, 2024, the FBI published a Public Service Announcement of a recent fraudulent scheme where scammers are impersonating representatives from financial institutions to obtain customer's bank cards. This is an elevated safety concern since impersonators are going to, or hiring accomplices to, come to the customer's home.  Visit the FBI website to read the full PSA. 

Spoofing scams are when fraudsters manipulate or mask the number from which they are calling. We’ve been recently alerted of an increase in spoofing attempts where bad actors will falsely claim to be your Financial Intuition to obtain sensitive information about you or your banking information.

California Coast Credit Union will never:

• Contact you to ask you for your Online Banking User ID or Password.
• Contact you to ask you for a one-time passcode.
• Contact you and ask you for your card information or PIN.
• Contact you and ask for personal identifiable information.

The FTC's recommendations on how to avoid spoofing:

• Don't answer calls from unknown numbers. If you answer such a call, hang up immediately.
• If you answer the phone and the caller - or a recording - asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
• Do not respond to any questions, especially those that can be answered with "Yes" or "No."
• Never give out personal information such as account numbers, Social Security numbers, mother's maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
• If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company's or government agency's website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
• Use caution if you are being pressured for information immediately.
• If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
• Talk to your phone company about call blocking tools and check into apps that you can download to your mobile device. The FCC allows phone companies to block robocalls by default based on reasonable analytics. More information about robocall blocking is available on the FCC website. 

Please also be wary of other forms of fraud, like fraudulent emails (Phishing) or fraud text messages (Smishing) as these are other common tactics to attempt to gain your personal information for fraudulent purposes. 

Juice jacking is in the news again. It has been around since 2021, but the FBI and FCC are raising awareness again. 

“Juice jacking” is where bad actors use public chargers to infect smartphones and other devices with malware. This mostly happens in airports, hotels, and shopping centers, so avoid charging your mobile device there.

Tips to help you avoid becoming a juice jacking victim:

• Avoid using a public USB charging station. Use an AC power outlet instead.
• Bring AC, car chargers, and your own USB cables with you when traveling.
• Carry a portable charger or external battery.
• Consider carrying a charging-only cable, which prevents data from sending or receiving while charging, from a trusted supplier.
• If you plug your device into a USB port and a prompt appears asking you to select "share data" or “charge only,” always select “charge only.”
• Keep your software updated. Software updates are likely to have current security protection, patches, and bug fixes.
• If you receive a prompt on your phone asking if you trust the device it is plugged into, that device may be attempting to transfer data from your phone. Decline the request.
• Use two-factor authentication or biometric log-ins when available.

If you suspect that you might have been a victim of juice jacking, check your device for any signs of unusual behavior, such as unexpected pop-ups, notifications, or apps that you didn’t install, and report this to your phone provider. As always, we recommend that you report any incidents of juice jacking to the authorities to help prevent others from becoming victims. 

Sources:

1. FCC
2. U.S. Army Cyber Command 
3. AGIO

• Contact your financial institution immediately if a bank account or credit card statement does not arrive on time. 
• Review your bank account and credit card statements promptly and immediately report any discrepancy or unauthorized transaction.

• Store your checks, deposit slips and credit union statements in a secure and locked location. Never leave your checkbook in your vehicle. 
• Never give your account number to individuals you do not know, especially over the telephone, through email or on the Internet. Be particularly aware of unsolicited phone sales. Fraud artists can use your account without your authorization and you could be held responsible. 
• When you receive your check order, ensure that all checks are present and that none are missing. If you believe your checks are missing, report it to the credit union immediately. If you fail to receive your order by mail, notify the credit union because checks could have been stolen or lost in transit. 
• If your home is burglarized, check your supply of checks to determine if any have been stolen. Look closely, because thieves will sometimes take only one or two checks from the middle or back of the checkbook. The longer it takes to realize that your checks have been stolen, the more time the criminal has to use them. 
• Limit the amount of personal information on your checks. For example, do not include your social security number or drivers' license number. A criminal can easily use this type of information to steal your identity. 
• Do not leave blank spaces on the payee and amount lines. Draw a line or line through any empty spaces. 
• Use dark ink that cannot be easily erased or written over. Based on recent studies, the ink found in gel pens, has been the only ink found to be counterfeit proof. 
• It's safest to purchase your supply of checks from the credit union or from a reputable check reorder company. 
• At California Coast Credit Union our e-Statements allow you to view your confidential California Coast Credit Union financial records without the paper trail so you won't have to worry about identity theft or financial fraud. When you sign up for our e-Statements, you can view all your transactions from the privacy of your home or work computer, no more waiting for your statement to arrive in the mail. And best of all, it's FREE! 

Home Computer

Maintaining your computer with the latest updates is one of the most effective security precautions that you can take. As vulnerabilities in software are discovered, the software companies release updates, or patches, to address these issues. Many of these programs can be configured to automatically check for updates over the Internet.

Adobe

Adobe has recently released several updates to their products.

• Adobe home page: http://www.adobe.com
• Adobe Reader updates are available at: http://get.adobe.com/reader/ 

Microsoft

Microsoft releases updates for their Windows operating systems and their MS-Office suite on a weekly basis. It is highly recommended that your home PC is maintained with these updates on a regular basis. Your home PC should also have an anti-virus program installed. This program requires daily or weekly updates to be effective. 

The latest Microsoft updates are available at: http://update.microsoft.com

Home Internet Router

A home internet router should have the administrator password changed from the default password that comes from the factory. Routers have firmware that may be updated as released by the manufacturer of the device. These firmware updates may contain security updates.

Mobile Phones

Android Smartphones

Avoid Android malware using these precautions: 

• Install apps only from trusted play stores like Google Play
• Keep the option to "Install Apps from Unknown Sources" unchecked in System Settings
• Keep the option to "Verify Apps" checked in System Settings
• Keep both options under "Verify Apps" checked in Google Settings > Security
• Keep an eye on the permissions requested from untrusted and unknown apps, and disallow any suspicious requests
• Secure your Wi-Fi network and be cautious when you connect to untrusted public Wi-Fi in airports and coffee shops
• Upgrade, if possible, to the latest version of Android operating system
• Install anti-virus and other mobile security apps for Android
• Enable "Remote Wipe" feature, in case your device is ever lost

Apple iPhones & iPads

Apple releases updates for their iOS operating system on a periodic basis. These updates odten contain fixes for security vulnerabilities. It is highly recommended that your iPad and iPhone are maintained with the latest iOS version.

The update screen can be found under: Settings > General > Software Update.

• Protect your card(s) by activating them immediately upon receipt by calling the phone number indicated on your card. If you fail to receive your new card(s) in the mail within 10 business days, notify the credit union immediately. The card(s) may have been stolen from your mailbox or lost in transit. 
• Keep your card(s) in a secure and locked location when not in use. Do not leave your card(s) in your vehicle. 
• Retain copies of all sales receipts, merchant and ATM receipts until you receive your monthly statement, at which time you should verify that the transactions/charges are accurate. If you discover any errors, unauthorized transactions, payments or alterations, notify the credit union immediately. 
• Cancel all cards that you do not use. 
• Sign new cards as soon as you receive them. 
• Report lost or stolen cards immediately. 
• If you notice anything suspicious when approaching an ATM, return later or use another ATM. Consider having another person accompany you to the ATM. 
• Have your ATM card ready to avoid searching through your purse/wallet at the ATM site. 
• Stand close to the ATM and block it with your hand to avoid detection of your PIN and other account information, and ensure doors are locked and keep the engine running when using drive-up ATMs. 
• Put your cash away as soon as the transaction is complete. Count the cash later in the safety of your vehicle or home. 
• If you notice anything suspicious while you are transacting business, immediately cancel your transaction, put your ATM card away and leave. 
• Be aware of individuals who pose as credit union staff trying to get information from you. Never give information to strangers at the ATM, over the phone or on the Internet. 
• The credit union strives to ensure ATM facilities are safe and convenient. Please tell us if you are aware of any problems with a California Coast Credit Union ATM, such as a light that is not working or there is any damage to an ATM facility. 
• Limit the number of credit, debit and ATM cards that you carry. 
• Memorize your Personal Identification Number (PIN). Do not write the number on your card or keep it in your wallet. 
• Never give your PIN to anyone, not even your financial institution. 
• Always be aware of your surroundings and look for well-lit, visible ATMs, especially when transacting at night.

• Order a copy of your credit report annually and review it for accuracy. 
• Check your credit report for unauthorized bank accounts, credit cards and purchases. 
• Look for anything suspicious in the section of your credit report that lists who has received a copy of your credit history. 

• Store extra checks, credit cards, documents that list your Social Security number, and similar items in a safe place. 
• Shred all credit card receipts and solicitations, ATM receipts, bank account and credit card statements, canceled checks, and other financial documents before you throw them away. 

• Promptly remove mail from your mailbox. 
• Deposit outgoing mail in a post office collection box, hand it to a postal carrier, or take it to a post office instead of leaving it in your doorway or home mailbox, where it can be stolen.

Each year scam artists and identity thieves steal billions of dollars from unsuspecting consumers. These criminals use the phone, email, text messaging, postal mail and the internet to steal your information or trick you into handing over your money. Learn how to recognize common scams, take action if you think you are a victim of fraud, and what you can do to protect your finances from fraud.

Learn more

• Never use the same password on multiple systems. If your password is compromised on one system, this will grant access to other systems. 
• Never share your password with anyone else. 
• Select strong passwords, which means: 
• Use a password that is easy to remember yet complex enough that it cannot be easily guessed. 
• Avoid using dictionary words in your password that may be subject to dictionary attacks. 
• Use a combination of upper and lower case characters from the alphabet plus numbers and special keyboard characters such as !#$%. 
• Some computer systems have limitations to the allowed length, number of characters, or types of special characters allowed. Use the strongest password that the system will allow. 
• Generally, the longer and more complex a password is, the harder it is to compromise. 
• Avoid writing down your passwords. If a password is written down, always keep it in a secure location. 
• Never store a PIN in the same place as the associated credit or debit card. 
• Never write your password on a post-it note on your computer monitor or under your keyboard. 
• Multifactor authentication is based on "what you have" (a card or device) and "what you know" (a password). If the card or device is compromised, the second factor of a strong password becomes even more important. 
• If a system does not require period password changes, it is a good practice to periodically change your password anyway. 
• If you suspect that your password to a credit union system has been compromised, immediately contact the credit union. 

• Always protect personal identifying information, such as your date of birth, Social Security number, credit card numbers, bank account numbers, Personal Identification Numbers (PINs) and passwords. 
• Do not give any of your personal identifying information to any person who is not permitted to have access to your accounts. 
• Do not give any of your personal identifying information over the telephone, through the mail or online unless you have initiated the contact or know and trust the person or company to whom it is given.

• Memorize your PINs and passwords and keep them confidential. 
• Change your passwords periodically. 
• Avoid selecting PINs and passwords that will be easy for an identity thief to figure out. 
• Do not carry PINs and passwords in your wallet or purse or keep them near your checkbook, credit cards, debit cards or ATM cards.

Protect yourself and your money from fraudsters

It’s a high-tech spin on an old-fashioned scamming scheme, yet social engineering is a powerful technique that can be used to trick you into cooperating with scam artists and identity thieves. These fraudsters can use various scare tactics to trick you into providing your financial institution’s login credentials and card data or paying for unnecessary technical support services or other items.

This can be done through a phone call, where a scam artist pretends to represent a credit union, a fraud department, a software company like Microsoft, or a popular anti-virus company. They may spoof the caller ID so that it displays a legitimate phone number from a company, and then ask you to install an application and provide them with the code that gives them remote access to your computer. 

Text messaging is another method that scam artists will use to fool you. These attacks can occur as SMishing (SMS text phishing) and Vishing (Voice phishing). SMishing and Vishing occurrences usually involve a member receiving a text message or phone call that is asking about suspicious transactions. However, the real information the fraudster is looking for is your card number, CV2 code, PIN number, or other information that could compromise your account.

Below are a few red flags that can help you identify if the text you received might be a SMishing attempt. Be wary if you receive a text about a suspicious transaction that contains any of these:

• Requests for card numbers, PIN numbers, CV2 codes or expiration dates.
• References to merchants that are vague or nondescript. Legitimate transactions should contain detailed information.
• Links to unknown websites
• Hyperlinked phone numbers

A fraudster may also display a fake message on a website, or a pop-up message that won't go away. Messages like this, known as “scareware”, may indicate a virus or other malware. These messages are fake, and are designed to trick you into calling a phone number staffed with fake technical support.

When you engage with these fraudsters, they will offer fake solutions and ask for payment in the form of a one-time fee, subscription service, or gift card. 

Protect yourself from social engineering using these tips:

• Be cautious when responding to unsolicited text messages and voice calls, even if they appear to be from the credit union.
• If you have questions, always hang up and call back the credit union at a reliable, known phone number to inquire about the messages you might have received.
• Never provide personal information in response to SMS messages or phone calls that are supposed to be from the credit union.
• Be cautious when clicking links in text messages. Most legitimate card activity validation requests will require a simple “YES” or “NO” response, and will not include hyperlinks or a member’s personal information.
• Do not provide your credit or debit card information to these fraudsters.
• Do not give a gift card number or PIN on the back of a gift card to settle a demand for payment. Scammers will typically request popular gift cards such as Amazon, Google Play, iTunes, Steam, and MoneyPak, among others. You can visit the Federal Trade Commission’s site to learn more about gift card scams and how to report them.
• Most companies do not send unsolicited email messages or make unsolicited phone calls to request personal or financial information, or to provide technical support to fix your computer.
• Any customer identifying communication with most companies must be initiated by you.
• If a notification appears with a phone number, don’t call the number.
• Do not give remote access of your computer to a fraudster.
• If you need technical support, you should initiate contact with a reputable company that you have researched first.

• Be suspicious of any offer made by telephone, on a Web site or in an email that seems too good to be true. 
• Before responding to a telephone or Internet offer, determine if the person or business making the offer is legitimate. 
• Do not respond to an unsolicited email that promises some benefit but requests personal identifying information. 
• California Coast Credit Union never requests a customer’s bank card number, account number, Social Security number, Personal Identification Number (PIN) or password through email. If you should receive an email requesting such information that appears to be from California Coast Credit Union, do not respond to the email and contact California Coast Credit Union immediately at 1-877-495-1600.

• Do not carry more checks, credit cards, debit cards, ATM cards and other bank items in your wallet or purse than you really expect to need. 
• Do not carry your Social Security number in your wallet or purse.

Cyber attacks, identified as a Distributed Denial of Service (DDoS), have recently been in the news. The intent of such an attack is to prevent Internet access. What this could mean for our members would be the inability to access the credit union's website and services such as online banking.

We cannot know if or when these this event will actually occur. However, aside from the inconvenience of a potential disruption of online service, be assured that your member information will remain secure and protected.

Internet down? We’re still here for you.

• Member Service Center at (877) 495-1600 is available Monday - Friday, 7:30 am - 6 pm, and Saturday 9 am - 2 pm
• Deposit your checks with our free Cal Coast mobile deposit application using your iPhone^®, iPad^® iPod^® or Android^TM phone or tablet
• Visit our network of over 20 branches and 60 additional shared branching locations in San Diego and Southern Riverside counties
• Access accounts through 30,000 fee-free CO-OP^® ATMs nationwide, including many in 7-Eleven locations, with nearly 70 ATMs locally