Stay safe by staying alert
While scams and data breaches may be slightly different, both can result in theft of your personal information and loss of your money. It’s important to be aware of the most common scams and to trust your instincts: if something doesn’t seem right, it probably isn’t – and if it sounds too good to be true, it probably is.
What is a scam?
A scam is any direct attempt to trick you or others into providing your personal information. Most scams involve a situation where the scammer pretends to be someone he or she is not -- it may be someone posing as an employee of a company you do business with, or someone you don’t know claiming to want to do business together. Many scams also occur online, using fake websites and emails.
What is a data breach?
A data breach is the theft of personal/financial information of multiple people all at once when technology that holds that information is compromised. Names, addresses, social security numbers, and account numbers and PINs are all targets of this type of theft. One thing to remember about data breaches is that information stolen in a single breach may not be enough to impact you, but there is an entire underground market for buying and selling stolen data and a criminal enterprise may eventually put together enough of the pieces to be a danger to your finances and identity.
Common Examples & How to Stay Safe
Below are common or recent examples of scams and data breaches. There are too many out there to list them all, but understanding these examples will help you spot others.
- General “phishing” attempts: One of the most common scams is known as phishing. This is when you receive an email, phone call, or text message from what appears to be a reputable company, often a company you do business with. This message asks you to reply with or visit a website to enter personal information, like user name, password, social security number, account numbers, and more.
- How to stay safe: Always be sure you’re communicating with the actual company before you provide any sensitive information. For emails, make sure you recognize the sender and that the email address and domain name is what you expect. Watch out for multiple typos or inconsistent language, as these can be signs of fraudulent messages.
- Online auction/buying scams: The ability to buy and sell second-hand goods online is a big convenience, but it’s also very attractive to scammers. Typically, these scams involve someone that wants to buy your item with a money order and who offers to overpay if you are willing to send cash with the item. Their payment to you either never arrives or is fraudulent, and you have now lost your money and the item.
- How to stay safe: Whenever you buy something online, ensure the seller is verified and that the item is “as-advertised” before sending payment. As a seller, ensure that you have the money (or at least that the payment has officially been initiated though Paypal, Venmo, etc.) before you ship the item or allow it to leave your possession.
- Inheritance scams: These scams promise a substantial amount of money as an inheritance from a long-lost relative but require payment of legal and transfer fees up front.
- How to stay safe: Anyone offering you a large sum of money under suspicious circumstances should be a red flag. Unless you know all the people involved and you do not have to pay any up-front fees, do not respond to the offer and do not send money anywhere.
- Lottery/sweepstakes scams: Using mail or email, scammers will claim that you have won a large lottery or sweepstakes, often in another country. But before they can send you the money, you must pay a fee. In a similar scam, someone claims they they’ve won the lottery but cannot pay the fees or taxes, asking that you help pay those costs in exchange for a share of the winnings.
- How to stay safe: Do not engage with anyone or any company that claims you have won something (or are entitled to something) unless you have a relationship with that person/company and can verify the authenticity of the claim. In almost every situation where you are eligible to have won a large prize, you will know you have entered or that you took the necessary step to enter the contest.
For websites, check to be sure you are on a secure website, which will have an “https” (rather than just “http”) and that the domain name is correct. Often a scam site will be very close to the real site – often only different by a letter or two.
If you are ever in doubt, simply delete these suspicious messages and do not respond. Instead, use trusted methods to contact/interact with the companies you do business with rather than responding to communications sent directly to you. You can report suspicious emails to firstname.lastname@example.org and visit the FTC's Identity Theft website to learn more.
Most data breaches happen in one of two ways:
- Sensitive information held at a company is stolen either by an internal employee or by outside hackers. The more of your personal information a company, the more of a target that company is for criminals.
- Debit and credit card information is recorded at point-of-sale machines that have been tampered with at retailers, restaurants, and gas stations – often at major chains like the Home Depot or Michaels breaches that occurred in the last few years.
- How to stay safe: While the breach itself is outside of your control, there are ways to limit your exposure and respond if your information has been stolen. First, always use your EMV chip card payment method if possible when you are at a physical merchant, and if you see any visible signs of physical tampering with a point-of-sale machine or ATM, notify the employees immediately.
If your information has been stolen as part of a breach, be sure to monitor your accounts (Account Alerts from SMCU are a good idea!) and your credit report for suspicious activity. If you see anything, notify your bank or credit union right away. If the breach is considered a large enough security risk, your bank or credit union may reissue your credit or debit card. Be sure to activate and begin using your new card as soon as you get it.
Ways SMCU protects you
- As a financial institution, SMCU has very strong security systems and protocols in place to protect your personal and financial information.
- All SMCU employees are trained on how to handle sensitive data to avoid theft.
- There is multi-factor authentication required to log-in to Online and Mobile Banking.
- SMCU will never ask you to provide personal information over email or by text – we will only discuss these details with you in a secure environment or in-person/over the phone after we have verified your identity.
- Our public website smcu.org is secure site. You can verify this by noticing that the address begins with "https" and not "http". You'll also notice a padlock symbol in the address bar. We maintain our security certificates for the benefit of all members.
- If your debit or credit cards are ever compromised, or fraud is suspected, SMCU may lock your cards or reissue them, depending on the severity of the risk.
- If your money is ever stolen, SMCU’s Zero Liability Policy will return any money you lost and conduct a thorough investigation.
General tips to protect yourself
- Never respond to an email or text message that asks you to share personal information.
- Be careful not to give account information over the phone to people claiming to represent SMCU. If you have any concerns, ask for the caller's name and phone number, so you can call back to confirm association with SMCU. As an added measure, call our Member Services and Support Center at (650) 363-1725 to confirm the call.
- Never enter personal information (including passwords) into a website that is not secure or that has a domain name you don’t recognize – and look closely as domain names can look very similar.
- Never send money to someone you don't know and be very cautious if an offer seems too good to be true.
- If you sell something online, be sure you have the money before shipping the item.
- If you won a lottery or sweepstakes but did not buy ticket or remember entering, be very careful and never offer any personal information or agree to move money around in return for a percentage of that money.
- Use common sense. If it's free, why are they asking you to pay for it?
- Make sure that SMCU has your most up-to-date contact information: address, phone numbers, and email address so we can easily contact you if we detect potentially fraudulent activity on any of your accounts.
If you see suspicious transactions on your SMCU account or think you may have been the victim of a scam, contact us immediately at (650) 363-1725.