This website requires Javascript to function properly.
If you are using a screen reader or other auxiliary aid and are having problems using this website, please send us a message through our Contact Us form or call 866-632-6819.

See All | Contract

Online Banking

Fraud Alerts & Scams

Current Alerts

In addition to the helpful tips posted on this site to educate and protect members against scams and fraudulent activities, SCCU will also periodically add special alerts and warnings regarding current scams.

If you are unsure about any type of request for financial information, please contact SCCU directly to confirm the message's validity before sending money or releasing any information.


Recent Warnings and Alerts Include:

July 1, 2022 - Prime Time for Amazon Prime Day Scams

Amazon Prime Day 2022 is approaching, which means that you might be expecting some Amazon deliveries soon. While you may use Prime Day for awesome deals, cybercriminals use Prime Day for awful scams.

Cybercriminals may take advantage of Prime Day in different ways, but there are some common scam tactics that they typically use. For example, they may include the Amazon logo in their phishing emails to make their emails seem more legitimate. Their emails may also include links that send you to fake Amazon login pages.

If you enter your Amazon login credentials on one of the fake pages, cybercriminals can use these credentials to change your Amazon account password and log you out of your account. Then, they can make purchases using your saved payment information.

To keep your Amazon account secure, follow the tips below:

  • If you receive an email from Amazon about an upcoming delivery or an account update, don’t click any links in the email. Instead, log in to your Amazon account directly from your browser to check on the issue.
  • Enable multi-factor authentication (MFA) on your Amazon account. MFA adds an additional layer of security by requiring you to present two or more verification factors to log in to your account.

Cybercriminals often use scare tactics to trick you into clicking links without thinking. If you receive an email that urges you to take immediate action, stop and evaluate the message before you click any links.


June 24, 2022 - 5 surefire phrases that you’re talking to a scammer on the phone

It can be challenging to determine if that text message, email, or video is legitimate or just another scam. There are usually telltale signs, like spelling errors, that give away the scammer's intentions. But it's not so easy when you speak to someone over the phone.

Unlike electronic communication, humans can quickly adapt to any situation, changing their story or deflecting questions. No matter how crafty the crook is, there will always be certain words or phrases they say to tip you off that it’s a scam.

Read on for five things to listen out for if you suspect the caller might be a scammer.

  • We need your Medicare number

    One of the most common scams is asking for your medical insurance number. You might receive a phone call from a fake laboratory, clinic, or doctor's office, with the caller claiming they need to do further tests. They'll need your Medicare number to process the order.

    As soon as you hear that, hang up. AARP points out that this scam bills Medicare for unnecessary tests, many of which it doesn't cover.

  • We can help with a refund

    A regular claim from scammers, they offer to help you get a refund from a recent unauthorized Amazon purchase. Obviously, no such transaction took place, and your Amazon account is still secure.

    The caller will ask for your banking details or other personal information, and giving it can put you at risk of fraud and identity theft. Hang up the phone and contact Amazon directly if you think you have business with the company.

  • Your electricity will be shut off by the end of the day 

    Nobody wants to get a phone call about shutting off their utilities, and scammers know the panic it can cause. In this scam, the caller will claim to be from the local electricity or water company and claims your account is past due. You can prevent this by paying the outstanding balance immediately.

    AARP explains that utility companies send an email first, and scammers use robocalls for this scam. So end the call and phone your utility provider through its official number to find out the true status of your account.

There's always a tech angle

Some scammers use confusing terms to bully into a conversation or your bank account. They know that there is a good chance senior citizens will act without asking questions, especially when it involves technology they know little about. Here are more signs you’re talking to a phone scammer:

  • We need you to download this to your phone

    Usually aimed at the elderly, a scammer pretends to be from a well-known tech company. While the reason they claim to be calling varies, it usually involves claims that your device is infected with malware and they can help remove it. Hang up the phone immediately!

    Legitimate tech companies will never call you out of nowhere, claiming to know your device is infected with malware. The scammer instructs the victim to download a particular app, but it's nothing more than malware or an application to take complete control of your device.

  • Your social security check has been frozen

    In this scam, a robocaller will claim that there is a freeze on your Social Security check, and you must pay to prove your identity.

    This will never happen, as no federal or state government official will ask for payment or further personal details over the phone unsolicited. Hang up the phone immediately and report the call through the Office of the Inspector General's fraud hotline at 1-800-269-0271.


June 16, 2022 - Beware of phishy facebook messages

In a new scam, cybercriminals have been using compromised Facebook accounts to send links to fake login pages. This scam is gaining popularity, with over eight million people viewing just one of the phishing pages so far this year.

In this scam, cybercriminals hack users’ Facebook accounts and then use these accounts to send messages to the users’ Facebook friends. When a user clicks on a link from one of these messages, they are directed to a fake Facebook login page. On this page, the user is asked to enter their email and password to verify their credentials.

If you fall for this scam, any credentials that you share will be delivered directly to the cybercriminals. The cybercriminals could then log in to your Facebook account and send similar links to your Facebook friends. It's important to remember that cybercriminals can also use ad tracking tools to receive money from visits to these pages. They profit from every click!

Follow these tips to stay safe from phishy messages:

  • Hover your mouse over links before you click. Watch out for links that are suspiciously long or show a domain for a different website than the website you want to visit.
  • If you receive a suspicious Facebook message, reach out to your Facebook friend by email, text message, phone call, or another app. If they didn’t send you the message, let them know that their account has been hacked and they should change their password immediately. Do not reply to the suspicious message.

Stay informed about the latest scams and how you can stay safe. Information is one of our most powerful tools against cybercriminals.


June 3, 2022 - keep yourself safe from malicious search results

Search Engine Optimization (SEO) is a technique that helps websites appear more often in search engine results, and rank higher than other websites. Legitimate websites use SEO such as easy-to-remember URLs and relevant keywords. Unfortunately, cybercriminals can also use SEO for their malicious websites.

Some of the ways cybercriminals use SEO is by adding tons of popular keywords to their website and creating multiple links that redirect you to their website. Cybercriminals can also pay third parties to visit their website, which makes the website appear more reputable and popular to search engines. If you visit one of these malicious websites, you may be tricked into downloading a malicious file or providing your personal information.

Follow these tips to keep yourself safe from malicious search results:

  • Always hover your cursor over a link before you click, even when using a search engine. Look for spelling mistakes and overly long URLs that can hide a website's true domain.
  • Avoid search results that include a long list of random or repeated words and phrases. That website could be using excessive keywords to draw in traffic.

Visit trusted websites directly by entering the URL in your browser’s address bar, instead of using a search engine to find the website.


May 20, 2022 - How to Spot a Credit Card Skimmer at Gas Pumps and Avoid Getting Scammed

Drivers are keeping a close eye on gas prices, but a lack of cheap gas isn't the only issue you might face when filling your tank. A gas pump skimmer can do a real number on your bank account.

Gas-station fraud commonly occurs with the use of skimmers, small devices that thieves place on or above the card readers at gas pumps (and ATMs) to copy and steal your credit card information. They used to be found primarily in cities, but the scam has spread into rural areas, and everyone should be on alert for these devices.

One of the best ways to avoid being a victim of a gas pump card skimmer is to take the extra few minutes to pay inside. 

What are credit card skimmers?

Credit card–skimming devices are installed on point-of-sale terminals, allowing thieves to take information off your card when you swipe it. "A credit card skimmer is a device that transfers data from your credit card's stripe," says Chris Hauk, consumer privacy champion at online privacy and security site Pixel Privacy. "Skimmers are usually found on gas pumps or other point-of-sale devices, in areas that aren't being monitored every minute of the day, as this allows the bad guys time to install a skimmer on a pump without being observed."

Do card skimmers work on chip cards?

Credit card skimmers do work on chip-enabled cards; however, they read the magnetic strip on your card, not the chip, so avoid the strip reader when possible.

How can I protect myself at the gas pump?

Educating yourself on how to spot a credit card skimmer and what card skimmers do is a good first step in protecting yourself from gas-pump fraud. As a rule of thumb, exercise awareness anytime you're using a public pay station or when your card leaves your sight. A shop employee who takes your card into another room to run the transaction could be dipping the card into a skimmer, for instance. And pumps that aren't in the gas station attendant's line of sight give thieves an opportunity to attach a skimming device.

Stay safe when filling your tank by following the experts' tips below.

  • Whenever possible, choose the pump closest to the building. They're closest to employees and the least likely to have been tampered with.
  • Avoid using a debit card, if possible. Should you be forced to use debit, run it as a credit card so you don't have to enter your PIN. Debit purchases take the money right out of your account, while credit purchases have a lag time for payment and often offer zero fraud liability.
  • Avoid the PIN pad. "If at all possible, always use the chip or the Apple Pay–type payment system," Bischoff advises. A chip-enabled card is safer than swiping your credit card, and Apple Pay creates a unique code for each transaction, which offers some built-in protection.
  • Gas station gift cards. They don't have any of your personal information connected to them, and since they have a limited value, your potential losses—should a scammer somehow get the numbers—would be relatively minimal.

May 6, 2022 - The Keep-it-simple scam

In a new scam, cybercriminals use short, simple phishing emails to try to sneak past security-aware employees. The scam itself is a typical credential-stealing phishing attack: You receive an email notification stating that some of your emails could not be delivered. To review these emails, you are directed to click a link. If you click the link, you are taken to a fake login page and any credentials that you enter on the page will go straight to the cybercriminals.

What makes this scam unique is the simple phishing email. The email looks like a plain text alert with only a few lines of information and no images or logos. With so few details to look at, it could be difficult to determine if the email is legitimate. To match the plain text design, the link in the email is a long URL instead of the usual “Click Here” type of link. Cybercriminals want you to trust the URL, but if you hover your mouse over the link, you’ll find that the link does not lead to the URL shown in the email.

Follow the tips below to help you stay safe from similar, simple scams:

  • Never click on a link in an email that you were not expecting, even if it appears to come from a program or application that you use.
  • When you receive an alert email, ask yourself questions such as: Did I sign up for email notifications? Have I received alerts like this in the past?

If you think the notification could be real, log in to the program or application directly instead of clicking the link in the email.


April 15, 2022 - Beware of 'Vishing' Scams

Voice phishing, or “vishing”, is a phishing attack conducted by phone. Vishing is a classic tactic that cybercriminals continue to use today. Recently, cybercriminals launched a vishing attack that impersonates Europol, the law enforcement agency of the European Union (EU). Using advanced techniques, cybercriminals disguise their phone numbers to display as an official Europol number on your caller ID.

The call starts as an automated message, stating that your personal data has been compromised and to press the 1 key to continue. If you press 1, you’re greeted by a real person who sounds polite and professional. The caller offers to help, as long as you give them information such as your name, address, and identification number. Any information you provide will be delivered straight to the cybercriminals.

Follow these tips to stay safe from similar scams:

  • Never trust your caller ID. Cybercriminals can spoof phone numbers to look like a familiar or safe caller.
  • If you did not initiate the call, do not provide personal information over the phone.

If you’re not sure if a call is coming from a legitimate organization, hang up. Then, find the official phone number for the real organization and call them directly. Don't call the suspicious phone number again.


March 26, 2022 - Beware of Puppy Scams

LANSING – Michigan Attorney General Dana Nessel is sharing her newest video focused on consumer protection.

The video, which is now available on the Department’s YouTube page, highlights the importance of doing your research before adding a four-legged family member.

“While we saw a spike in pet adoptions and purchases at the beginning of the pandemic, the possibility of bad actors looking to scam pet lovers remains a concern at all times,” Nessel said. “It remains imperative that future pet owners do their research before committing to anything. And if you think you encountered a scam, contact my Consumer Protection Team right away.”

Some important reminders are included in AG Nessel’s Puppy Scams Consumer Alert:

  • Research the breed: Take the time to understand ideal breeding conditions, common health issues, and their average selling price if you’re looking at different breeders.
  • Research the breeder: Conduct a thorough internet search of the breeder from whom you intend to purchase the puppy. You should also search the email address that is advertised on the breeder’s website or that the breeder uses to contact you, as scammers often use the same email address across multiple websites. Finally, if the breeder’s website contains testimonials, conduct an internet search of the text of the testimonial. If the same or similar text appears on other websites, the breeder is likely a scammer.
  • Do not purchase a puppy sight-unseen: If you are unable to do so, request that the breeder video chat with you or send you a photo or video with your name and the date written on a piece of paper next to the puppy. Be sure to do this before making any sort of deposit. In addition, request to see the premises and the mother. Avoid breeders who offer to meet you at a “convenient” public location and will not allow you to see where the animals are kept.
  • Use a credit card to make the purchase: Avoid wiring money, sending gift cards, or sending money using apps such as Venmo, Zelle, or CashApp, as such transactions cannot be refunded and are not traceable. Use a credit card to the extent possible, which will allow you to dispute a purchase.
  • Retain all documents and communications from the breeder: In the event, you must document fraud, be sure to retain all records of the sale, including screenshots of the original advertisement, written communications, and any other paperwork associated with the breeder.
  • Consider contacting your local shelter: Most shelters are looking for adopters or foster to prevent overcrowding and to relieve stress on the animals. Many animals at the shelter are immediately available for adoption. Shelters also may be able to offer references to reputable local rescues or breeders.

Your connection to consumer protection is just a click or phone call away. Consumer complaints can be filed online at the Attorney General's website, or if you have questions call 877-765-8388.


March 18, 2022 - Beware of Auto insurance refund scams

LANSING – Michigan Attorney General Dana Nessel is providing important consumer protection reminders as auto insurers issue $400 per-vehicle refunds to eligible Michigan policyholders.

“These refund checks come at a time when many Michiganders have faced financial hardships, and I appreciate the bipartisan work done to achieve this win for drivers,” AG Nessel said. “Unfortunately, these refunds will likely attract bad actors who will turn this surplus into a scam. Remember, these are automatic payments back into your account. No one will call, write or email you for information prior to disbursing the money. And if you are contacted by someone claiming to need personal information before receiving your $400, remain skeptical and report it to my Consumer Protection Team.”

Governor Gretchen Whitmer and Michigan Department of Insurance and Financial Services (DIFS) Director Anita Fox said last week insurers are required to disperse the refunds to eligible Michiganders no later than May 9, 2022.

“Our bipartisan auto insurance reform will soon put $400 per vehicle back in the pockets of Michigan drivers,” Gov. Whitmer said. “The refund checks will be automatically deposited into your bank account or mailed to your home, and I appreciate Attorney General Nessel for her leadership as we protect Michiganders against potential scammers. Remember, no one will contact you for information before you receive your refund. If someone contacts you and attempts to fish for personal information, report the incident to the Attorney General’s Consumer Protection Team. We will stay focused on getting things done for Michiganders and finding more ways to put money in people’s pockets as families face rising costs.”

“Any time there's a widespread distribution of money to consumers, criminals will try to take advantage, but DIFS and the Attorney General’s office remain committed to protecting Michigan consumers,” Director Fox said. “You do not need to take any action to receive your refund. It will be issued automatically by your insurance company and only as a direct deposit or mailed to you as a check. If you have any questions about the MCCA refund, I encourage you to call your insurance company or agent directly or contact DIFS with any additional questions Monday through Friday 8 a.m. to 5 p.m. at 833-ASK-DIFS.”

One type of scam that could arise during this process is an impersonation scam – a bad actor may pretend to be with an insurance agency or government agency and contact an unsuspecting consumer under the guise of discussing their refund.

For that reason, Nessel is reissuing her consumer alert focused on warnings to avoid falling for an imposter.

Refund details:

  • Anyone who had a vehicle, motorcycle, or RV that was insured by a policy that meets the minimum insurance requirements to operate on Michigan roads as of 11:59 p.m. on October 31, 2021, is eligible to receive a refund for that vehicle.
  • Eligible Michigan policyholders will receive $400 per vehicle or $80 per historic vehicle.
  • Refunds must be delivered in the form of checks or ACH deposits. Gift cards, premium discounts, and credits against current or future balances are not allowed.

Eligible consumers who do not receive their refunds by the May 9 deadline should contact their auto insurer or agent. If consumers have questions or concerns that cannot be resolved directly with their insurer, they should contact DIFS by calling Monday through Friday 8 a.m. to 5 p.m. at 833-ASK-DIFS (833-275-3437) or by emailing autoinsurance@michigan.gov.

To help Michiganders learn more about these refunds, DIFS has launched a consumer FAQ page at Michigan.gov/MCCArefund. The webpage contains important information and answers common questions about the refund timeline, eligibility requirements, and tells consumers what to do if they have questions or concerns about their refunds.

Your connection to consumer protection is just a click or phone call away. Consumer complaints can be filed online at the Attorney General's website, or if you have questions call 877-765-8388.


March 11, 2022 - Be Cautious Before you Click a PayPal Link

There are several ways to send and receive money worldwide, but almost half a billion users prefer PayPal. The payment system is so popular that in the last quarter of 2021, it processed 5.3 billion transactions. 

Unfortunately, as we have seen on many occasions, being the top player in an industry also makes you one of the biggest targets for hackers and scammers. In worrying trends, criminals use sophisticated phishing attacks to steal your financial details.

PayPal regularly sends out communications about service updates and policy changes, but not all messages are legit. Fraudulent emails claiming to be from PayPal made up around 38% of all phishing attacks last year.

The phishing email will include a link that takes you to a spoofed PayPal page in many cases. Once you have logged in to the bogus page, the criminals capture your details and make off with your money. The email's content will differ depending on the scam. It usually revolves around verifying your profile, checking suspicious transactions, an exciting promo that you could benefit from, or some other campaign requiring you to sign in to your account.

What you can do about it

Phishing emails are widespread these days. The good news is that you can take precautions to avoid falling victim. Here are some helpful suggestions:

  • Don't click on links and attachments that you receive in unsolicited emails.
  • If the message gives you a sense of urgency, delete it.
  • Spelling and grammar errors are big red flags.
  • Use two-factor authentication and password managers for better security.
  • Keep your operating systems, apps, and devices updated with the latest official software and patches.
  • Always have a trusted antivirus program updated and running on all your devices. 

March 4, 2022 - Watch out for scams related to ukraine

The recent war in Ukraine has gathered a lot of attention. Unfortunately, cybercriminals often take advantage of world events to prey on your emotions. Now more than ever, it’s essential to watch out for phishing attacks and disinformation campaigns.

Cybercriminals may use several different tactics to scam you. For example, cybercriminals may try to trick you into sending money using cryptocurrency. The cybercriminals may take advantage of your sympathy by pretending to be Ukrainians who need financial assistance.

Cybercriminals may also try to catch your attention and manipulate your emotions by spreading disinformation. Disinformation is false information designed to mislead you intentionally. Cybercriminals may spread disinformation in the form of emails, text messages, or social media posts.

Don’t fall for these scams. Follow the tips below to stay safe:

  • Avoid making donations to unknown users. If you would like to donate to support a cause, donate directly through a trusted organization's website.
  • Watch out for social media usernames that only consist of random letters and numbers. These accounts may be run by bots instead of legitimate users.

Stay informed by following trusted news sources. If you see a sensational headline, be sure to do research to verify that the news story is legitimate.


February 25, 2022 - Fake Qr codes

QR codes have become increasingly popular in recent years, mainly due to social distancing efforts and a need for contactless services. They are commonly used to access restaurant menus, discount codes, and make payments. Unfortunately, cybercriminals have taken advantage of this tool, creating fake QR codes that trick you into providing your personal information.

Since custom QR codes are easy to generate, cybercriminals can easily create fake codes for malicious purposes. For example, cybercriminals could place a fake code in a coffee shop, encouraging you to connect to free Wi-Fi. Or, they could place the phony code on a parking meter, enticing you to make a quick and easy payment. However, if you scan these fake QR codes, the cybercriminals may steal your payment information or redirect you to a malicious website.

Follow these tips to stay safe from QR code scams:

  • Cybercriminals use the convenience of QR codes to trick you into acting impulsively. Always think before you scan.
  • Be cautious of QR codes without labels or codes that promise outrageous deals. Remember that if an offer seems too good to be true, it probably is!

Don't share payment information or personal details via QR codes. Instead, navigate directly to a safe website to make the payment or share the details.


February 12, 2022 - Beware of Valentines day romance scams

LANSING – Michigan Attorney General Dana Nessel wants Michiganders to protect their hearts and wallets as we approach Valentine’s Day.

“Dating services – particularly online – can lead to more than romantic encounters,” said Nessel. “These services, as well as shopping for Valentine’s Day gifts, come with risks that bad actors will look to exploit. It’s important to know how to protect yourself so looking for romance doesn’t lead to financial ruin.”

To ensure consumers protect themselves, Nessel is reissuing her Romance Scams: Stay Safe and Avoid Financial Heartache Consumer Alert.

To protect yourself, Nessel recommends the following:

  • Never give someone you haven’t met money. Scammers are savvy and play on your emotions to get the information they need to carry out their scam or get your money. The Federal Bureau of Investigation reports that in the United States, romance scams account for the highest financial losses of all internet-facilitated crimes.
  • Be cautious with your personal information, including your financial information, contact information, and photographs of yourself.
  • Never agree to meet for the first time in a private setting. Insist on a public place where there are sure to be other people around and tell a member of your family or a friend where you will be and when you will contact them again after the meeting. Arrange your own transportation to and from the meeting and have a working mobile phone with you, if possible, with a pre-programmed, one-touch emergency number. Make sure to leave all available information about the person you will be meeting with your contact.
  • Conduct an online reverse image search to see where else the person’s image appears and whether it has been altered before you swipe right or pursue a relationship based on an online profile image. Watch this video to learn how to do that.
  • Be suspicious if the other person refuses to talk on the phone or do a video call before you meet in person.
  • If you’re signing up for an online dating service, read your contract (terms of the agreement) carefully before signing it – including all “fine print” – so you know exactly what you’re buying. Some contracts make it easy for the dating service to avoid responsibility but difficult for consumers to get their money back.

February 11, 2022 - Cybercriminals go for the gold

Last week, the opening ceremony of the 2022 Olympic Winter Games took place in Beijing. With representatives from 91 countries, the Olympics are watched by billions of spectators from all over the world.
Unfortunately, cybercriminals often use worldwide events like the Olympics to catch your attention and manipulate your emotions. As the games continue, be extra cautious of any emails, text messages, and social media posts that mention the Olympics.
Remember these tips to help you stay safe:

  • Watch out for sensational or shocking headlines about participating countries and athletes. These headlines could lead to articles that contain misinformation or false information designed to mislead you intentionally.
  • No matter how exciting or disappointing the news is, always think before you click. Cybercriminals target your emotions in hopes of tricking you into acting impulsively.
  • Stay informed by watching official Olympic broadcasts and checking trusted news sources

December 15, 2021 - Amazon Scam

Be on the alert because there's a new Amazon scam in town. Some of our members have received calls from Amazon customer service telling them that they have a fraudulent charge on their account. Be aware this is a SCAM!

Scammers call with an automated message, pretending to be Amazon customer service. They tell you that there was a fraudulent charge on your account, then they tell you they can help you fix it. "The con artists will either outright ask for credit card and account login details. Or, they will request remote access to your computer under the guise of “helping” to solve the issue for a fee. Please remember that it is illegal for a company to charge a fee to investigate credit or debit card fraud.

Please hang up when you receive this kind of call. Log into your Amazon account online and check your purchase history if anything is out of the ordinary, contact Amazon directly and monitor your SCCU account online through Online Banking and or Mobile Banking.

Please help Soo Co-op Credit Union get this information out to our community. Please SHARE!!!


December 3, 2021 - Order Confirmation imitation 

If you’ve started your holiday shopping, you may have received purchase confirmation emails from Amazon, one of the world’s most popular retailers. Unfortunately, cybercriminals have also been sending their version of these emails. In a new scam, cybercriminals impersonate Amazon to send fake purchase confirmation emails in hopes of receiving a unique holiday gift: your credit card information.

In this scam, cybercriminals send you a fake purchase confirmation email that appears to come from Amazon. You can review details about the phony purchase in the email, such as the payment amount and your mailing address. To check the purchase further, you can click a “View or manage order” button in the email. If you click this button, you’ll be taken to Amazon’s actual website, but you won’t be able to find information about the purchase. As a last resort, you can call the customer service phone number in the email. If you call, you’ll be asked to provide your credit card number and CVV number to cancel the purchase. Instead of canceling the purchase, you’ll grant cybercriminals access to your credit card.

Don’t fall for this scam! Follow the tips below to stay safe:

  • Watch out for fake customer service phone numbers. If you need assistance, check the vendor’s website to find their customer service phone number or email address.
  • Don’t click links in emails you weren’t expecting. If you click a malicious link, malware or other malicious software may be downloaded onto your device.

Don’t share sensitive information over the phone, such as credit card numbers or social security numbers.


November 12, 2021 - Phishing starts earlier and earlier 

It’s only early November, but you have probably already seen Christmas trees sold in stores. This is a trend known as “seasonal creep,” in which retailers start selling seasonal items in advance of the actual season. Did you know that cybercriminals also follow this trend?

For example, Black Friday and Cyber Monday traditionally fell after Thanksgiving in the United States. However, these international shopping events now start as early as November 1. Cybercriminals take advantage of this trend by sending phishing emails disguised as advertisements and phony purchase receipts long before the holiday season begins.

Follow the tips below to shop safely this holiday season:

  • Never click a link from an email or text message that you weren't expecting, even if the link appears to be for a store you recognize. Instead, use your browser to navigate directly to the retailer’s official website.
  • Watch out for malvertising. Malvertising is when cybercriminals try to phish shoppers through ads on social media and other websites. Always think before you click!
  • Be cautious of advertisements that promise outrageous deals. Remember that if something seems too good to be true, it probably is!

November 5, 2021 - Real People in fake call centers

The newest trend in cybercrime is the use of cybercriminal-controlled call centers to trick you into providing your bank or credit card information. Cybercriminals try to use real people in fake call centers to convince you that a scam is legitimate.

A recent call center scam starts with an email that appears to be an invoice for a very large purchase. It is not clear what company this invoice is from or what was purchased, but the payment amount is listed six times. The email also starts and ends with a line directing you to call their number if you did not authorize the transaction. If you call the number provided, a representative happily offers to refund you. But first, they’ll need your bank or credit card information. Unfortunately, the representative is actually a cybercriminal who plans to use your payment information for their own devious purposes.

Follow these tips to stay safe from this social engineering attack:

  • The invoice in this attack is specifically designed to cause alarm and frustration. Cybercriminals target your emotions in hopes of tricking you into acting impulsively. Always think before you click.
  • A valid phone number doesn’t mean that an email is legitimate. Cybercriminals are real people who can lie over the phone, just as they lie in phishing emails.

Instead of calling the provided number, reach out to your bank or credit card company to verify the details of the transaction. If by chance there has been unauthorized usage, your bank or credit card company can help correct the issue.


October 21, 2021 - Beware of Medicare Open Enrollment Scams

The open enrollment period for changing Medicare Advantage and Part D prescription plans ends December 7. While Medicare-related fraud is a year-round concern, Medicare recipients should be especially alert for fraudsters during the open enrollment, when scammers use the increased public attention about Medicare choices as an opportunity to strike. Take precautions to avoid becoming a victim of identity theft or Medicare fraud by guarding your Medicare number — and other personal information. Shop and compare plans to ensure you are getting the plan that best meets your needs, and don’t fall for high-pressure sales pitches.

Tips to avoid scams:

  • Never give your Medicare number or other personal information to an unexpected caller or someone who makes an unsolicited request for it.
  • Be suspicious of anyone who calls and claims to be able to help you sign up for coverage but needs to confirm your Medicare number, or asks for your Medicare number just to provide you enrollment information.
  • If a caller says they’re from Medicare and asks for your Medicare number or other personal information, hang up. The Center for Medicare and Medicaid Services will never call to ask for or check Medicare numbers.
  • Don’t trust caller ID. Scammers use technology to hide their real numbers and instead show numbers that seem legitimate. If the caller ID shows a 202-area code or says “government,” it could be anyone calling from anywhere.
  • Don’t respond to a telemarketing call relating to Medicare. Hang up on robocalls or other telemarketing calls pitching insurance plans.
  • Anyone who tries to sell you Medicare insurance while claiming to be an “official Medicare agent” is a scammer. There are no Medicare representatives. If someone comes to your door claiming to be from Medicare, remember Medicare does not send representatives to your home.
  • Ignore anyone who calls saying you must join their prescription plan or you will lose your Medicare coverage. The Medicare prescription drug plan (also known as Part D) is completely voluntary.
  • Be alert for mailers that appear to be government communications but are actually advertisements for private companies. These mailers will sometimes have a disclaimer, but it is buried in small print. Read carefully!

If you need help with Medicare, call 800-MEDICARE or visit the Medicare website.

Michigan consumers can also call 800-803-7174 for the Michigan Medicare/Medicaid Assistance Program if you suspect a potential scam or need help making a health benefits decision.


October 8, 2021 - Remain Vigilant to Ongoing Cybersecurity Threats

Malicious online activity continues to intensify by the day, and it is becoming increasingly important for each of us to remain vigilant. One such example is spear phishing. 

What is spear phishing?

This is a more targeted phishing attack towards a specific individual, organization, or business. Malicious actors may target your members by sending emails that appear to come from your credit union and they will often include links that would direct members to websites that are built to look very similar to yours.

It’s important to remind both employees and members that this type of phishing is occurring. Similar to how your members could fall for something that appears to be from your institution, your employees could fall victim to this as well. It is important to remind your staff to analyze communications appearing to come from organizations that you work closely with.

Here are a few tips:

  • Verify the sender’s email address: Look at the email address that each email comes from. Does part of the address look suspicious? Does the domain match with whom the sender claims to be associated?
  • Check links in emails: Use your mouse to hover over links in emails. Does it look correct? Or does something seem off?
  • Think before you click: Take your time when analyzing the email.

When in doubt call: If you ever have any concerns or questions about the legitimacy of an email you received, contact the organization right away. Even if the suspicious activity is in the form of a phone call and they ask you for your credentials, we recommend that you tell them that you will call them back. Additionally, be sure to call the number you have on file, not the number they provide to you.


September 17, 2021 - Phony LinkedIn Job Postings

It was recently discovered that job postings on LinkedIn aren’t as secure as you might expect. Anyone with a LinkedIn profile can anonymously create a job posting for nearly any small or medium-sized organization. The person creating the post does not have to prove whether or not they are associated with that organization. This means that a cybercriminal could post a job opening for a legitimate organization and then link applicants to a malicious website.

Worse still, cybercriminals could use LinkedIn’s “Easy Apply” option. This option allows applicants to send a resume to the email address associated with the job posting without leaving the LinkedIn platform. Since the email address is associated with the job posting and not necessarily the organization, cybercriminals can trick you into sending your resume directly to them. Resumes typically include both personal and professional information that you do not want to share with a cybercriminal.

Follow the tips below to stay safe from this unique threat:

  • Watch out for grammatical errors, unusual language, and style inconsistencies in LinkedIn job postings. Be suspicious of job postings that look different compared to other job postings from the same organization.
  • Avoid applying for a job within the LinkedIn platform. Instead, go to the organization’s official website to find their careers page or contact information.

If you find a suspicious job posting on LinkedIn, report it. To report a job posting, go to the Job Details page, click the more icon, and then click Report this job.


JUne 16, 2021 - AMAZON PHONE SCAM

Phishing schemes and cyber attacks are reaching scary levels of sophistication. Most recently a ruse involving fraudulent Amazon phone calls has become widespread. Members have reported receiving a phone call from someone posing as Amazon customer service. The fraudulent call informs the member of recent issues on their accounts, such as suspicious Amazon charges or outstanding account balances. The member is then instructed to provide financial details such as bank account information and credit card numbers as well as remote access to their computer in order to resolve the alleged account issues.

How to spot the "Amazon Scam":

  • Be skeptical of unsolicited calls. Some departments at Amazon will call customers, but Amazon will never ask you to disclose or verify sensitive personal information or offer you a refund you do not expect.
  • Amazon will never ask you to make a payment outside of their website and will never ask you for remote access to your device.
  • Amazon will never send you an unsolicited message that asks you to provide sensitive personal information.
  • Any customer who receives a questionable email or calls from a person impersonating an Amazon employee should report them to Amazon customer service immediately.

For more information on the Amazon Phone Scam read more at Michigan.gov.


February 5, 2021 - AG Nessel, UIA Alert Residents to Tax Form for Victims of Identity Theft in Unemployment Claims

Michigan Attorney General Dana Nessel and the Michigan Unemployment Insurance Agency are letting individuals know of important tax documents for people who may be victims of identity theft as a result of widespread fraudulent unemployment claims in 2020.  Read more.


November 19, 2020 - Watch out for holiday fraud and scams

As the holidays approach, merchants are preparing for a continued increase in online sales as a result of store closures and restrictions due to the COVID19 pandemic. Members should be aware of scams that target the convenience of online shopping such as fake or spoofed websites and pop-ups, skimming, porch pirates, or impersonations for your curbside pickups. As you put together lists of gifts and purchases for the upcoming holidays, it can be easy to let your guard down. Make sure you are aware of the latest fraud and scams targeting shoppers during this holiday season. Click Here to learn more!


August 28, 2020 - “Are you human?” New Attack Uses a CAPTCHA as Camouflage

Have you ever found yourself staring at a wobbly letter trying to decide if it is an X or a Y, just to prove to a website that you’re not a robot? This funny little test is called a CAPTCHA and it is used to help prevent automated malicious software, known as “bots”, from accessing sensitive information. Unfortunately, cybercriminals are now using CAPTCHAs as a way to make their phishing scams seem more legitimate.

In a recent Netflix-themed attack, scammers are sending a phishing email that claims "your payment did not go through and your account will be suspended in the next 24 hours". To resolve the issue, you're instructed to click on a link in the email to update your information. If you click the link, you’re taken to a CAPTCHA page. Once you pass the CAPTCHA, you’re redirected to an unrelated webpage that looks like a Netflix login page. Here you’re asked to enter your username and password, your billing address, and your credit card information. Don’t be fooled! Anything entered here is sent directly to the cybercriminals.

Remember these tips:

• Phishing emails are often designed to create a sense of urgency. In this case, “your account will be suspended in the next 24 hours”! Think before you click, the bad guys rely on impulsive clicks.

• When an email asks you to log in to an account or online service, log in to your account through your browser and not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.

• Remember, anyone can create a CAPTCHA webpage, so don't fall for this false sense of security.

Stop, Look, and Think. Don't be fooled.


July 20, 2020 - What you need to know about romance scams

Millions of people turn to online dating apps or social networking sites to meet someone. But instead of finding romance, many find a scammer trying to trick them into sending money. Click here to read about the stories romance scammers makeup and learn the #1 tip for avoiding a romance scam.


June 15, 2020 - Exploiting the Coronavirus: Supermarket Spoofs

Grocery delivery services have been quite popular during the COVID-19 pandemic. These services help support social distancing, reduce the number of shoppers in each store, and allow at-risk patrons to safely buy essential items. Unfortunately, the popularity of these delivery services has caught the attention of cybercriminals. The bad guys are now spoofing supermarkets that offer delivery services in hopes of stealing your personal information. It starts with a phishing email that urges you to log in to your supermarket’s website using the link provided. Clicking the link takes you to a fake login page for your local supermarket. The page asks you to select your email provider (Gmail, Apple, and so on) and then log in to connect your account. Don’t be fooled! Connecting your account actually delivers your email credentials to the bad guys.

Remember the following tips:

  • Never click on a link within an email that you weren’t expecting.
  • Remember that email addresses can be spoofed. Even if the email appears to be from a familiar organization, it could be a phishing attempt.
  • When an email asks you to log in to an account or online service, log in to your account through your browser-not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.

April 8, 2020 - Say no to Scams

PLEASE SHARE THIS INFORMATION WITH FRIENDS AND FAMILY!!!

It's so easy to become a victim. It can happen so fast. Before you know it, you've clicked "send" and you’re out hundreds or even thousands of dollars.

Scam artists are working full-time at ripping you off. And after one scam bites the dust, the scam artists are ready with another one. It's no wonder so many people fall prey, scam artists make it very easy and they are so convincing.

There's no typical fraud victim. Even some of our members have fallen prey to these scams! Scammers don't care who you are, how old you are, or how much you earn. They're just after your hard-earned money.

Here are some tips so you don’t become a victim:

  • Spot imposters. Scammers often pretend to be someone you trust, like a government official, a family member, a charity, or a company you do business with. Don’t send money or give out personal information in response to an unexpected request — whether it comes as a text, a phone call, or an email.
  • Don’t believe your caller ID. Technology makes it easy for scammers to fake caller ID information, so the name and number you see aren’t always real. If someone calls asking for money or personal information, hang up. If you think the caller might be telling the truth, call back to a number you know is genuine.
  • Don’t pay upfront for a promise. Someone might ask you to pay in advance for things like debt relief, credit and loan offers mortgage assistance or a job. They might even say you’ve won a prize, but first, you have to pay taxes or fees. If you do, they will probably take the money and disappear.
  • Talk to someone. Before you give up your money or personal information, talk to someone you trust. Con artists want you to make decisions in a hurry. They might even threaten you. Slow down, check out the story, do an online search, consult an expert — or just tell a friend.
  • Don’t deposit a check and wire money back. If a check you deposit turns out to be a fake, you’re responsible for repaying the bank.
  • Hang up on robocalls. If you answer the phone and hear a recorded sales pitch, hang up! These calls are illegal, and often the products are bogus. Don’t press 1 to speak to a person or to be taken off the list. That could lead to more calls.

Soo Co-op Credit Union will NEVER ask for your personal or financial information via email or text message or phone. But many scam artists will! We recommend that you approach all unsolicited e-mail, phone calls, and text messages with a degree of suspicion