SSL Secured
Online Banking
Enroll Online Login to BayFedOnline Help
Strawberry fields near Watsonville, CA

Fraud and Scam Alerts

Lucky's/Save Mart Reports Tampered Payment Terminals

The Santa Cruz Sentinel and San Jose Mercury News reported on December 7, 2011, that payment terminals at 23 area Lucky's and SaveMart grocery stores contained a skimming device used to capture customer credit and debit card information. While the hacked terminals were discovered and replaced in late November, the grocery stores have just begun to receive fraud complaints from their customers.

Instructions for Compromised Cards

If you are a Lucky's/SaveMart customer and are concerned that your debit or credit card may have been compromised, here is what you should do:

  1. Contact the financial institution that issued your card and explain that your card number may have been compromised. If you are calling after hours, call the lost or stolen card hotline number printed on the back of your card.
  2. The financial institution will cancel the card with the compromised number and issue you a new card with a new number.
  3. Review your paper or online account statements regularly and immediately report any transactions you did not make or do not recognize to your financial institution.

Cardholders do not need to close their accounts, just their cards.

If your debit or credit card is ever lost or stolen, or if your card numbers have been compromised, you should cancel your cards immediately, but you do not need to close your checking or credit card accounts. Here's why:

  • Each individual debit and credit card is assigned a number that is unique to the card itself, but has nothing to do with the checking or credit card account it is attached to.
  • To protect an account when a card or card number has been compromised, your financial institution needs only to cancel the card number. Cancelling the card separates the card number from the account it was assigned to so that transactions attempted with that number will have no account to draw from.
  • Once a card number is cancelled, your financial institution will issue you a new card with a new number. The new card will have a completely different number than the compromised card.
  • Closing accounts and opening new ones can be time-consuming, costly, and may not offer you any more protection from fraud than if you just closed your debit or credit card. Opening a new account may require that you and any joint account holders complete a new account application and, in the case of a new checking account, purchase new checks.

In most cases, cancelling a compromised card is the best way to protect your accounts from fraud; however, if additional information about you or your accounts has been stolen, account closure may be necessary. If you are uncertain about the correct way to deal with a lost, stolen, or compromised card, call the issuing financial institution for information.

At Bay Federal Credit Union, the safety and security of your accounts and personal information are among our top priorities. If you are concerned about potential account fraud, or if you have any questions about the measures we take to safeguard your accounts and information, please contact us at 831.479.6000 or 888.4BAYFED, option 3.

February 1, 2011 Business Alert: Another Trojan Makes Headlines
The Internet Crime Complaint Center (IC3) recently reported that more than $150,000 was stolen from a U.S. business through unauthorized wire transfers when one of its computers was infected with the Bredolab Trojan. The method of delivering the Trojan, however, was different than in past cases using the Zeus Trojan in the money mule scam.

Risk Type: Funds/Wire Transfer, Other, Scams
State(s): All States
Related Product: Bond

Details:

Unlike the money mule scam in which the Zeus Trojan was delivered via phishing emails (as infected attachments or links to infected websites) sent to key employees of the business, Bredolab was embedded in emails received by the business in response to a job posting the business placed on an employment website. Bredolab compromised the business' online banking login credentials which were used by the cyber thieves to initiate three wire transfers – one to the Ukraine and two domestic wires.
According to security software vendor Symantec, Bredolab was first discovered in 2009 and has been used in a number of scams involving email containing infected attachments as the method of delivery:

  • Western Union unclaimed money:
    The victim receives an email allegedly from Western Union notifying the victim that their money transfer was not received by the recipient. To claim the money, the victim must print the attached invoice and take it to the nearest Western Union office.
  • United Parcel Service (UPS) delivery failure:
    The victim receives an email allegedly from UPS notifying the victim that a package sent by the victim was not deliverable due to an incorrect address. To claim the package, the victim must print the attached invoice and take it to the UPS office.
  • Shop.corsair.com shipping instructions:
    The victim receives and email allegedly from Shop.corsair.com notifying the victim that their purchase of an Apple iMac has been shipped. The victim is instructed to print the tracking number in an attachment contained in the email.
  • Facebook password changes:
    The victim receives an email allegedly from Facebook notifying the victim that their Facebook password has been changed as a measure to protect users. The victim is told that their new password is contained in an attached document.

Bredolab is also distributed by drive-by downloads. In a drive-by download, the victim's computer is infected simply by visiting an infected website. The malware is downloaded to the victim's computer without their knowledge.

February 3, 2011 Consumer Alert:
Protect Yourself from Mortgage Scams
Be aware of scams regarding foreclosure or short sale options, modification services, imposter landloards or any other misleading solicitations related to your mortgage. Members that receive these types of solicitations should contact the California Department of Real Estate. The CDRE will have information regarding current legistlations, licensing requirements and the latest fraud alerts.

November 9, 2010 Consumer Alert:
Fraud risk related to the Electronic Federal Tax Payment System

The IRS recently became aware of a fraudulent scheme targeting EFTPS users, the scheme uses an e-mail that claims your tax payment was rejected and directs you to a website for additional information. The website contains malware that will attempt to infect your computer.

If you receive a message claiming to be from the IRS or EFTPS, please:

  • Do not reply to the sender, access links on the site or submit any information to them.
  • Forward the message as-is immediately to phishing@irs.gov.

How to report and identify phishing, e-mail scams and bogus IRS websites:
If you receive a suspicious e-mail or discover a website posing as the IRS, please forward the e-mail or URL information to the IRS at phishing@irs.gov.

EFTPS is a tax payment system provided free by the U.S. Department of Treasury. Pay federal taxes electronically via the Internet or phone 24/7. Visit EFTPS to enroll.

The IRS does not initiate taxpayer communications through e-mail.

September 28, 2010 Consumer Alert:
Counterfeit Cashier’s checks being distributed by mail

Counterfeit Cashier’s checks are being distributed in the mail purporting to be drawn on Bay Federal Credit Union. We have been alerted that unsolicited packages are being received in the mail from a company called “BMA Survey 4 Check Mystery Shoppers Shopping." The address on the letter is P.O. Box 170, Kent, Washington, 98012-1902.

Included in the package is a counterfeit Cashier’s check with the name of Bay Federal Credit Union printed on it. The instructions in the letter is to deposit the enclosed check in the recipient’s account at a bank, perform research with some listed major retail chains, and to send the bulk of the funds from the check back to the company via Western Union.

If you are in receipt of a package from BMA Survey 4 Check Mystery Shoppers, please be aware the enclosed check is not valid. Please do not deposit the check in your account nor send funds to BMA Survey 4 Check Mystery Shoppers. If you have deposited the check, do not send funds through Western Union or any other method to BMA Survey 4 Check Mystery Shoppers. The check will be returned to your depositing financial institution and your account will be charged back for the amount of the check.

If you receive a similar package, please report it immediately to your local law enforcement office and the following:

US Postal Service Mail Fraud Complaints, or call toll-free: 1-877-876-2455
Federal Trade Commission ID Theft help line: 1-877-438-4338
Better Business Bureau: 1-703-276-0100

If you ever become concerned about the safety and security of your accounts or personal identification information, be sure to contact us immediately at 831.479.6000 or 888.4BAYFED.

Update August 27, 2010 Consumer Alert:
 Counterfeit Cashier’s checks being distributed by mail

Counterfeit Cashier’s checks are being distributed in the mail purporting to be drawn on Bay Federal Credit Union. Unlike our official Cashiers checks featuring local scenes, the counterfeit checks have a bluish background that fades from left to right to a pinkish color. The counterfeit checks also feature a seal for a heat activated security sensor.

We have been alerted that unsolicited packages are being received in the mail from a company called “Survey in Motion Research, Inc” . The address on the letter is 129 Central Avenue Kent, WA 98032 7439. The envelope is postmarked and mailed from Ontario Canada. The letter enclosed explains Survey in Motion is a research group in Kent, WA.

Included in the package is a counterfeit Cashier’s check with the name of Bay Federal Credit Union printed on it. The instructions in the letter is to deposit the enclosed check in the recipient’s account at a bank, perform research with some listed major retail chains, and to send the bulk of the funds from the check back to Survey In Motion via Western Union.

If you are in receipt of a package from Survey In Motion, please be aware the enclosed check is not valid. Please do not deposit the check in your account nor send funds to Survey In Motion. If you have deposited the check, do not send funds through Western Union or any other method to Survey in Motion. The check will be returned to your depositing financial institution and your account will be charged back for the amount of the check.

If you receive a similar package, please report it immediately to your local law enforcement office and the following:

US Postal Service Mail Fraud Complaints, or call toll-free: 1-877-876-2455
Federal Trade Commission ID Theft help line: 1-877-438-4338
Better Business Bureau: 1-703-276-0100

If you ever become concerned about the safety and security of your accounts or personal identification information, be sure to contact us immediately at 831.479.6000 or 888.4BAYFED.

August 27, 2010 Consumer Alert:
Vishing alert - Members' card number information

The afternoon of Friday Aug. 27th, we became aware that local residents may be receiving an automated call claiming to be from “Santa Cruz Credit Union” . The calls are being made to home and business phone numbers. The caller ID may be 416-628-572 and appear to be originating in Canada. The call informs the person their debit card has been “terminated”, or is on hold, cancelled, or is in jeopardy of being suspended. The call then instructs the person to press 1 to have the card activated.

These calls are not from Bay Federal Credit Union. Bay Federal Credit Union will never contact members to verify personal information over the phone, through an email, or text message. This information includes card numbers.

In the event that you receive a phone call or text message of this nature, do not provide any personal information or account numbers. If you are concerned about the legitimacy of a phone, text or email message, contact the financial institution directly to verify its intended purpose. Suspicious activity should be reported to law enforcement and the Federal Trade Commission (FTC). See below for additional information on how to protect yourself, and your identity.

Read more about "vishing" on our Fraud Prevention page.

July 22, 2010: False Email from National Automated Clearing House Association (NACHA)

NACHA has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of being sent from NACHA.

The subject line of the e-mail states: "Unauthorized ACH Transaction." The e-mail includes a link that redirects the individual to a fake Web page and contains a link which is almost certainly an executable virus with malware. Do not click on the link. Both the e-mail and the related website are fraudulent. Do not follow web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated, and ensure that the computer operating systems and common software applications security patches are installed and current.

July 6, 2010 Consumer Alert:
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mails state: "you need to check your Bank Deposit Insurance Coverage." The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets." The e-mail then directs recipients to click on a link stating "You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage."

This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers and should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.

5/26/2010 Consumer Alert:
NCUA warns of fraudulent e-mail activity

Yesterday, NCUA said e-mails from simulated NCUA e-mail boxes to members of credit unions may be an attempt to obtain members’ confidential data.

The e-mails solicit credit union members’ participation in an online survey or member survey and promise compensation of $40 for responding. “The emails are fraudulent,” NCUA said. “NCUA does not solicit such information from credit union members. This is a phishing activity with no NCUA activity or approval.”

Anthony Demangone, NAFCU’s director of regulatory compliance, reminds credit unions of agency rules on the protection of member data.

“NCUA’s security regulation requires credit unions to take reasonable precautions to protect their members’ sensitive information,” he said. “With that in mind, credit unions might consider alerting members to this scam and others in newsletters, branch signage, blogs or Twitter feeds.”

NCUA said anyone receiving these phishing e-mails should not respond to them. Questions can be sent to NCUA at pacamail@ncua.gov.

Back To Top

Contact Bay Federal: 831.479.6000

About | Loans | Savings | Account Access | Investment Services
 Apply Now | Rates | Calculators | Contact | Site Map | Home | Privacy Policy
© Bay Federal Credit Union. All Rights Reserved.
Equal Housing LenderYour savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government. National Credit Union Administration, a U.S. Government Agency.

Note: Because your browser may not be configured to refresh its cache each time you view a web page, and as we are unable to control cache settings on all browsers, you may not be viewing the most current version of our website or the most current information about our products and services, pricing, availability, special offers, discounts, etc. We recommend that you contact us to confirm information about products or services that you are interested in.

 

Verified by GeoTrust