Protect Yourself from Fraud and Scams

CoastHills will never call, email or otherwise ask for your username, password, account number, credit or debit card number, PIN or CVV code (the three digits on the back of your card). If someone calls and asks you for any identifying personal information, hang up and call us at (805) 733-7600.

If you are concerned you may have unintentionally provided any personal identifying information, please change your passwords immediately and contact us.

Simple and important tips to avoid scams and fraud

  1. Don’t provide your user ID and password to anyone who calls, texts or emails you saying your account is restricted or compromised, no matter who they claim to be. Hang up and call us at (805) 733-7600.
  2. Don’t send gift cards or send Peer-to-Peer (P2P) payments to anyone you met online saying that they desperately need money or to someone who called or texted saying you owe money for bills, taxes, fines, etc. Legitimate businesses do not accept those payments.
  3. If someone urges you not to tell anyone about what they’re asking you to do, you are being scammed.
  4. Scammers will threaten your physical safety or warn of dire legal consequences if you don’t comply with what they’re asking you to do.
  5. Courts, law enforcement personnel or tax collectors will never ask to be paid using gift cards or P2P payments. Local, state and federal agencies do not collect over the phone.

Understanding common scams

Fraudsters are finding more ways than ever to try and steal your personal information. They’ll often target as many people as possible, in the hopes that at least a few people will be trusting enough to fall prey to their scam. They will try to scare or pressure you into acting quickly so you don’t have time to think or talk to someone you trust.

Here are seven common scams to avoid. 

You receive an email from what appears to be a company you do business with, alerting you that your account has been compromised. To regain access, the email states, you’ll need to click on the link provided. Don't do it. This is a phishing scam. If you click the link, you grant access to your device by downloading a hidden malicious code that can then be used to access personal information on your device.

How to protect yourself from a phishing scam:
Always be cautious about opening attachments or links, whether they seem to be from a company you know or even a friend. Look for grammatical errors within the email, slight alterations to the email address format or domain, requests for login credentials or urgent action demands. To check for disguised links, hover your cursor over the link and check the url that pops up to make sure it matches, before clicking. 

This type of scam is similar to phishing, but the message comes through text. In a typical example, you receive a text from someone saying they represent a company you do business with and they're notifying you that your account has been restricted. To regain access, the text states, you need to verify your Social Security number.

How to protect yourself from a smishing scam:
Be wary if you receive a text from a strange phone number, especially if it includes a suspicious link. Again, look for spelling or grammatical errors, a sense of urgency and requests for money or personal information.

Fraudsters spoof IDs to impersonate a companies and financial institutions. The name of your financial institution or the phone number may appear on your caller ID as legitimate. The caller tells you they have flagged a fraudulent transaction on your account. They ask for your account number for verification and start to push you for more personal identifying information, using fear as a tactic. 

How to protect yourself from a caller ID spoofing scam:
Watch for an unfamiliar phone number. Maybe you recognize the caller ID display name but not the phone number associated with it. In some cases, the call may be a pre-recorded message. In other cases, a person will give you a sense of urgency or request payment or personal information. If you are unsure, hang up and call the company back using the phone number published on their website. Do not redial the number from your phone.

You may receive a phishing email or smishing text that includes a link to a website. You click on the link leading to a website that appears nearly identical to the trusted company. The domain (or web address) even looks the same. However, once you’re on the spoofed website, any personal identifying information you provide will be accessed by the fraudsters. 

How to protect yourself from a website spoofing scam:
First, take a close look at the url. The most common tactic is to create a url that is nearly identical to a legitimate website’s url but may be off by a letter or use a number in place of a letter. Also, check for SSL certification, which is an added level of security for every visitor on a website. To do this, click the icon that looks like a lock to the left of the url in the address bar at the top of your web browser. You should see “Connection is secure” in the dropdown.

Similar to phishing scams, whaling involves a fraudster sending an email that appears to come from a trusted source, which has enough personal details or references to seem legitimate. Likely, that personal information was found through internet research by the fraudster and will direct you to click on a link that leads to a spoofed website that looks identical to the legitimate site. This spoofed site will start collecting your information or will download malware onto your device. 

How to protect yourself from a whaling scam:
A whaling attack is harder to recognize than a standard phishing attack because fraudsters will usually invest more time to make the communications look legitimate. However, some common signs an email are that the sender’s email address is not an exact match of the domain of the company the email claims to be from, there’s a request to share personal information or wire money and, as common with other scams, there’s a sense of urgency that encourages the recipient to act quickly.

Another common tactic used by fraudsters is asking you to put money on a gift card like Google Play or Target, then telling you to give them the gift card number and PIN. This tactic is common because gift cards are easy for people to find and buy. They also have fewer protections, similar to cash. Once you use the gift card, the money is gone.For example, you may receive a phone call from someone who says they work for the IRS and that you owe back taxes. If you don’t pay right away, something bad will happen. However, you can rectify what you owe with a gift card. 

How to protect yourself from a gift card scam:
First, no real business or government agency (law enforcement, the IRS, the court system, etc.) will ever insist you pay them with a gift card. If you receive a call or message from an unknown source who insists gift cards are the only way to rectify a payment, pay for a service, receive a prize or send money to someone you met online, it’s a scam. Once they have the gift card number and PIN, they have your money.

While P2P services are typically a safe way to transfer money, there is always the risk of fraudsters trying to access your funds. Unlike bank accounts and debit or credit cards, balances held in P2P services may not be protected by FDIC insurance or federal law, which can leave you vulnerable to claims of unauthorized use or fraud and could make resolving claims of fraud more difficult. 

How to protect yourself from a P2P scam:
To lower the risk of being victimized by fraudsters, we recommend you only conduct P2P transactions with people you know. It’s also recommended to never hold a balance on your P2P service since they likely aren’t insured and if a fraudster gains access to your account, your money will be gone. Most transactions are immediate and irreversible, a fact scammers are known to exploit.

Report fraud and scams below: 

If you are concerned you may have unintentionally provided any personally identifying information to a fraudster, please contact us by filling out the form below or calling our 24-hour call center at (805) 733-7600.

To report a lost or stolen card, or to dispute charges, call us at (805) 733-7600 or toll-free (800) 262-4488.

    • Phone Number is a required field
    • Email is a required field
      For security purposes, please do not include your account number, social security number, or any other sensitive personal information on this form.
      • reCAPTCHA is a required field

      CoastHills Credit Union is a full-service financial institution with 12 Central Coast locations throughout Santa Barbara and San Luis Obispo counties.

      Here to help

      No matter your inquiry, give us a call at (805) 733-7600, toll-free at (800) 262-4488, or use one of our other convenient contact methods.