Fraud & Security Protection

National Credit Union Administration (NCUA) Sounds Alarm

The National Credit Union Administration (NCUA) has issued an alert about a new scam targeting credit unions members. Follow this link for more information: click here!

The agency warned of fraudulent emails pretending to come from the NCUA and asking credit union member participation in an "Online Survey" or "Member Survey." The emails promise a $40 compensation as an inducement to respond to the email.

The emails are fraudulent, the NCUA warns, and may be an attempt to obtain confidential member information. The agency does not solicit such information from credit union members.

This is a phishing activity with no NCUA activity or approval. If you have received these emails please do not respond. If you have any questions or concerns please email NCUA at pacamail@ncua.gov, or call California Coast Credit Union at (877) 495-1600.

Fraud Prevention Tips

At California Coast Credit Union we want to assure you that your personal and financial information is Safe and Secure. One of our top priorities is to keep information about your accounts private. We maintain the highest level of security, using the latest encryption technology for Cal Coast ONLINE transactions, plus virus protection and firewalls. We want to help protect you from the threat of identity theft and online fraud. Identity Theft means that your personal information such as your Social Security number or driver's license number is obtained and used by an impostor. Thieves can obtain your information by means of not only stealing your wallet, but also by stealing your mail, phishing, computer scams or viruses, confiscating documents found in your trash, or even a data breach. California Coast Credit Union does not communicate with members through text messaging, and would never ask for personal information via email.

Security

Potential Disruption of Internet Service

Cyber attacks, identified as a Distributed Denial of Service (DDoS), have recently been in the news. The intent of such an attack is to prevent Internet access. What this could mean for our members would be the inability to access the credit union's website and services such as online banking.

We cannot know if or when these this event will actually occur. However, aside from the inconvenience of a potential disruption of online service, be assured that your member information will remain secure and protected.

It's good to know whenever Internet access is unavailable for any reason, you can continue to get information and access your accounts through the following services:

  • Our Member Service Center at (877) 495-1600 is available Monday - Friday, 7:30 am - 6 pm and Saturday 9 am - 2 pm.
  • Deposit your checks with our free Cal Coast mobile deposit application using your iPhone, iPad or Android phone.*
  • Visit our network of over 20 branches and 60 additional shared branching locations in San Diego and Southern Riverside counties.
  • Access accounts through 30,000 fee-free CO-OP® ATMs nationwide including many in 7 - Eleven locations, with nearly 70 ATMs locally.

We take such news seriously and are diligently working to guard against any online service disruptions.


*The new Cal Coast Mobile app, is compatible with the iPhone iOS 4.3 and above, iPad 3 and above and the Android OS 2.2 and above. Check with your wireless provider to determine if data and text message rates apply. Mobile banking is not available on Fresh Start Checking and business checking accounts. Federally insured by NCUA.


One of the fastest growing white-collar crimes is identity theft, which occurs when an identity thief gains access to and uses an individual's personal identifying information without his or her knowledge in order to commit fraud or theft. You can protect your privacy and minimize your risk of becoming a victim of identity theft by taking the following steps:

Personal Identifying Information

  • Always protect personal identifying information, such as your date of birth, Social Security number, credit card numbers, bank account numbers, Personal Identification Numbers (PINs) and passwords.
  • Do not give any of your personal identifying information to any person who is not permitted to have access to your accounts.
  • Do not give any of your personal identifying information over the telephone, through the mail or online unless you have initiated the contact or know and trust the person or company to whom it is given.

Credit, Debit and ATM Cards

  • Limit the number of credit, debit and ATM cards that you carry.
  • Cancel all cards that you do not use.
  • Retain all receipts from card transactions.
  • Sign new cards as soon as you receive them.
  • Report lost or stolen cards immediately.

Mail

  • Promptly remove mail from your mailbox.
  • Deposit outgoing mail in a post office collection box, hand it to a postal carrier, or take it to a post office instead of leaving it in your doorway or home mailbox, where it can be stolen.

Credit Reports

  • Order a copy of your credit report annually and review it for accuracy.
  • Check your credit report for unauthorized bank accounts, credit cards and purchases.
  • Look for anything suspicious in the section of your credit report that lists who has received a copy of your credit history.

Bank Account and Credit Card Statements

  • Contact your financial institution immediately if a bank account or credit card statement does not arrive on time.
  • Review your bank account and credit card statements promptly and immediately report any discrepancy or unauthorized transaction.

Telephone and Internet Solicitations

  • Be suspicious of any offer made by telephone, on a Web site or in an eMail, that seems too good to be true.
  • Before responding to a telephone or Internet offer, determine if the person or business making the offer is legitimate.
  • Do not respond to an unsolicited eMail that promises some benefit but requests personal identifying information.
  • California Coast Credit Union never requests a customer’s bank card number, account number, Social Security number, Personal Identification Number (PIN) or password through eMail. If you should receive an eMail requesting such information that appears to be from California Coast Credit Union, do not respond to the eMail and contact California Coast Credit Union immediately at 1-877-495-1600.

Home Security

  • Store extra checks, credit cards, documents that list your Social Security number, and similar items in a safe place.
  • Shred all credit card receipts and solicitations, ATM receipts, bank account and credit card statements, canceled checks, and other financial documents before you throw them away.

PINS and Passwords

  • Memorize your PINs and passwords and keep them confidential.
  • Change your passwords periodically.
  • Avoid selecting PINs and passwords that will be easy for an identity thief to figure out.
  • Do not carry PINs and passwords in your wallet or purse or keep them near your checkbook, credit cards, debit cards or ATM cards.

Wallets and Purses

  • Do not carry more checks, credit cards, debit cards, ATM cards and other bank items in your wallet or purse than you really expect to need.
  • Do not carry your Social Security number in your wallet or purse.

Miscellaneous

  • Use common sense and be suspicious when things do not seem right.
  • Be suspicious of any proposed transaction that requires you to send an advance payment or deposit by wire transfer.
  • Call us immediately at 1-877-495-1600 if you believe that you are a victim of identity theft involving one of your California Coat Credit Union accounts.

We recommend that you consider reading about the following precautions to protect your identity as well as your personal and financial information:

ATM Safety

Memorize your Personal Identification Number (PIN). Do not write the number on your card or keep it in your wallet.

Never give your PIN to anyone, not even your financial institution.

Always be aware of your surroundings and look for well-lit, visible ATMs, especially when transacting at night.

If you notice anything suspicious when approaching an ATM, return later or use another ATM. Consider having another person accompany you to the ATM.

Have your ATM card ready to avoid searching through your purse/wallet at the ATM site.

Stand close to the ATM and block it with your hand to avoid detection of your PIN and other account information, and ensure doors are locked and keep the engine running when using drive-up ATMs.

Put your cash away as soon as the transaction is complete. Count the cash later in the safety of your vehicle or home.

If you notice anything suspicious while you are transacting business, immediately cancel your transaction, put your ATM card away and leave.

Be aware of individuals who pose as credit union staff trying to get information from you. Never give information to strangers at the ATM, over the phone or on the Internet.

The credit union strives to ensure ATM facilities are safe and convenient. Please tell us if you are aware of any problems with a California Coast Credit Union ATM, such as a light that is not working or there is any damage to an ATM facility.

Checking Account

Store your checks, deposit slips and credit union statements in a secure and locked location. Never leave your checkbook in your vehicle.

Never give your account number to individuals you do not know, especially over the telephone, through email or on the Internet. Be particularly aware of unsolicited phone sales. Fraud artists can use your account without your authorization and you could be held responsible.

When you receive your check order, ensure that all checks are present and that none are missing. If you believe your checks are missing, report it to the credit union immediately. If you fail to receive your order by mail, notify the credit union because checks could have been stolen or lost in transit.

If your home is burglarized, check your supply of checks to determine if any have been stolen. Look closely, because thieves will sometimes take only one or two checks from the middle or back of the checkbook. The longer it takes to realize that your checks have been stolen, the more time the criminal has to use them.

Limit the amount of personal information on your checks. For example, do not include your social security number or drivers' license number. A criminal can easily use this type of information to steal your identity.

Do not leave blank spaces on the payee and amount lines. Draw a line or line through any empty spaces.

Use dark ink that cannot be easily erased or written over. Based on recent studies, the ink found in gel pens, has been the only ink found to be counterfeit proof.

It's safest to purchase your supply of checks from the credit union or from a reputable check reorder company.

At California Coast Credit Union our e-Statements allow you to view your confidential California Coast Credit Union financial records without the paper trail so you won't have to worry about identity theft or financial fraud. When you sign up for our e-Statements, you can view all your transactions from the privacy of your home or work computer, no more waiting for your statement to arrive in the mail. And best of all, it's FREE!

Citidel Virus

Online banking users should be aware of a new variation of a 'social engineering' attack. Criminals are using a computer virus, called Citadel, to launch this attack in an attempt to steal personal and/or account information, including online banking login passwords. The latest version uses social engineering tools to create fake pop-ups, even on legitimate banking sites. This could trick online users into re-entering their bank and credit union account logins and passwords. That could confuse members making online transactions at their credit union's site. See below example below.

Security advice:

  • Avoid using out-of-date software versions that have vulnerabilities easy to exploit. Software companies issue patches and updates; use them. Out of date Java software in particular has been a gateway for the Trojan infection, say researchers;
  • Run full-system virus scans at least once a week;
  • Use caution when entering user names and passwords and enter these slowly to give time to back out if something seems odd;
  • Regularly visit the FBI's Internet Crime Complaint Center for updates about Citadel;
  • Have a computer expert remove any malware. Even if you succeed in unfreezing the computer, keyloggers and other malware may still be operating in the background; and
  • Never pay money or provide personal information to a suspicious online entity.

A pop-up requesting information could look like this:

Sample Pop-up requesting information

What to do if you think your computer has been infected.
If you suspect your computer is infected, or if you see a screen similar to the one above, do not enter your personal information. Call our Member Service Center immediately, at (877) 495-1600. We suggest that you also contact a qualified computer technician to assist you.
For more information you can go to this website: http://blog.malwarebytes.org/intelligence/2012/11/citadel-a-cyber-criminals-ultimate-weapon/

Computer Security

Maintaining your computer with the latest updates is one of the most effective security precautions that you can take. As vulnerabilities in software are discovered, the software companies release updates, or patches, to address these issues. Many of these programs can be configured to automatically check for updates over the Internet.

Microsoft releases updates for their Windows operating systems and their MS-Office suite on a weekly basis. It is highly recommended that your home PC is maintained with these updates on a regular basis. Your home PC should also have an anti-virus program installed. This program requires daily or weekly updates to be effective. Adobe has recently released several updates to their products.

Counterfeit Check Scams

If you receive a check in the mail with a letter that says you've won the lottery or a sweepstakes or that you've been selected to participate in a secret shopper program, there's a very good chance the check is counterfeit. If you receive a check in the mail because you've sold something on the internet or signed up to work from home, and the check includes an overpayment that you are supposed to return, there is also a likely risk that the check is counterfeit.

Some of these checks look authentic and include the names and addresses of legitimate financial institutions. In addition to checks, counterfeits can also come in the form of official checks, money orders, business checks or personal checks. If you receive a check from an unknown source, contact the financial institution it's written on to help you verify the validity of it. You can find contact information from a public source such as the institution's website or the phone book. Never rely on the contact information on the check or any letter that accompanied the check.

Legitimate California Coast Credit Union's cashier's checks will never be used to fund secret shopper programs, sweepstakes or other similar transactions where you are asked to send money to claim income or winnings. If you are ever in doubt of the validity of a California Coast Credit Union cashier's check you've received, please contact us immediately at (877) 495-1600.

Here are some other tips that will help you avoid becoming the victim of a counterfeit check scam:

  • Shred any offer that asks you to pay for a prize or a gift.
  • Know who you're dealing with, and never wire money or send a check to strangers.
  • If you're selling something, don't accept a check for more than the selling price, no matter how tempting the offer or how convincing the story. Ask the buyer to write the check for the exact amount. If the buyer refuses to send the exact amount, don't send the merchandise or a refund.
  • Resist pressure to act immediately. Any legitimate offer should still be good after the check clears.
  • It's best not to rely on money from any type of check unless you know and trust the person you're dealing with or, better yet until your financial institution confirms that the check has cleared. Forgeries can take weeks to be returned through the banking system, and until you have confirmation that the funds from a check have cleared your account, you are responsible for any funds you withdraw against that check, whether or not the financial institution places a hold on them.
  • Resist the urge to enter foreign lotteries. If you are notified that you are a winner of a lottery that you didn't enter chances are you are being scammed.

Debit and Credit Cards

Protect your card(s) by activating them immediately upon receipt by calling the phone number indicated on your card. If you fail to receive your new card(s) in the mail within 10 business days, notify the credit union immediately. The card(s) may have been stolen from your mailbox or lost in transit.

Keep your card(s) in a secure and locked location when not in use. Do not leave your card(s) in your vehicle.

Retain copies of all sales receipts, merchant and ATM receipts until you receive your monthly statement, at which time you should verify that the transactions/charges are accurate. If you discover any errors, unauthorized transactions, payments or alterations, notify the credit union immediately.

Password Security

Never use the same password on multiple systems. If your password is compromised on one system, this will grant access to other systems.

Never share your password with anyone else.

Select strong passwords, which means:

  • Use a password that is easy to remember yet complex enough that it cannot be easily guessed.
  • Avoid using dictionary words in your password that may be subject to dictionary attacks.
  • Use a combination of upper and lower case characters from the alphabet plus numbers and special keyboard characters such as !#$%.
  • Some computer systems have limitations to the allowed length, number of characters, or types of special characters allowed. Use the strongest password that the system will allow.
  • Generally, the longer and more complex a password is, the harder it is to compromise.

Avoid writing down your passwords. If a password is written down, always keep it in a secure location.

Never store a PIN in the same place as the associated credit or debit card.

Never write your password on a post-it note on your computer monitor or under your keyboard.

Multifactor authentication is based on "what you have" (a card or device) and "what you know" (a password). If the card or device is compromised, the second factor of a strong password becomes even more important.

If a system does not require period password changes, it is a good practice to periodically change your password anyway.

If you suspect that your password to a credit union system has been compromised, immediately contact the credit union.

Phishing

Phishing (pronounced "fishing") attempts are on the rise. Beware of people requesting information over the phone, by text message or by email. Phishing scams involve criminals who try to trick people into providing personal information (such as credit card numbers, PINs, financial account or other sensitive information).

California Coast Credit Union will never send you an email or text message requesting account verification or personal information. If you are ever in doubt of the validity of someone requesting personal account information, please contact California Coast Credit Union immediately at (877) 495-1600

The criminals who "phish" get more creative all the time! It's important to be aware of the common traits of phishing attempts so you'll recognize them as they evolve. Here are a few to consider:

  • They usually involve requests using the name of business or a person who you would trust.
  • Using a scenario that is intriguing and/or creates a sense of urgency to respond (i.e. will be asked to help solve a crime or win a prize).
  • They often involve consequences such as losing access to your financial accounts, your eBay account or getting arrested because you failed to show up for jury duty.
  • Many phishing attempts have misspellings or grammatical errors, but may look and sound professional. They may even illegally use a company's logo.

Phishing emails are designed to load malicious software on your computer to gather information or just to do damage to your hard drive. The best ways to avoid compromising your computer's security is to ensure that you keep updated anti-virus software on your computer and avoid opening emails unless you know the sender. Be particularly careful of emails that contain attachments.

Vishing

Vishing is the criminal practice of using social engineering (using the phone) and/or Voice IP (calling through a computer) to gain access to private personal and financial information for the purpose of committing fraud.

These are disguised as legitimate calls from fraud prevention departments requesting or verifying your personal or financial information. Do not give out your information. Instead, if you have questions, please call California Coast Credit Union or the financial institution that issued the card.