Fraud & Security Center

Fraud Alert

Fraud comes in many forms—from phone calls to emails to texts. If you receive an unsolicited communication claiming to be from Monterra Credit Union, DO NOT provide codes or personal information. Read More.

Working together to protect your personal information

In these days of rampant—and increasingly creative—fraud, staying safe is a joint effort. We at Monterra Credit Union employ advanced technologies to help ensure the security of our members’ accounts, and we supplement those tools by keeping you up to speed on the latest scams. Your role is equally critical, and that is to be aware, vigilant, cautious, and smart—enhanced by a healthy dose of suspicion.

For your convenience, we have compiled information on both scams and security measures to boost your knowledge and show how you can assume an active role in safeguarding your finances.

 

Common Frauds and Scams

Your mobile devices are designed for your convenience.  Scammers find them very convenient, as well. 

If you’re like most people, your cell phone is with you at all times. That gives the bad guys an extensive, unsuspecting audience for the latest frauds and schemes they’ve cooked up. Learn what they’re up to and how to protect yourself.

Stay alert and informed with Account Alerts. Monterra will never call, text, or email you to ask for your account numbers, Social Security number, ATM or debit card PIN, or any other sensitive information. Learn more about our Text Alert Program.

TYPES OF TEXT AND TELEPHONE FRAUD SAFETY MEASURES
Tech Support Scam: Fraudsters pose as tech support from legitimate companies. Creating a sense of urgency, they claim you have a serious computer problem and offer to fix it if you provide remote access to your device. When you do, they steal your personal and financial information.
  • Remember that someone cannot discern a computer issue remotely. Even a warning pop-up that appears on your computer itself is not an authentic diagnosis.
  • Decline the offer of help. If you’re concerned that you actually might have a problem, take your computer to a real IT person.
  • Never grant anyone remote access to your devices unless you know exactly who they are and what they’re doing.
Unsolicited calls: A fraudster pretends to be from a business or your financial institution and fakes an urgent issue to gain access to your information. Keep in mind that it’s easy for a fraudster to present a number that appears legitimate when calling you.
  • Don’t answer the phone if you don’t recognize the caller. Let it go to voicemail and then evaluate the message.
  • If you do pick up, do not provide any information. Hang up and contact the company or the credit union directly to find out if there’s an actual problem.
Loved-One-in-Trouble Fraud: “Your grandchild was arrested.” “Your spouse is in the hospital.” “Your friend was caught shoplifting.” Whatever the crisis, the scammer claims that offering up your credit card information will solve the problem.
  • Hang up immediately.
  • If you’re too frightened to do that, ask for the name of the jail/hospital/store, hang up, and verify the information directly.
  • Call your grandchild/spouse/friend and check on their well-being.
Fake Package Delivery Scam: This con usually takes the form of a text that impersonates UPS or Amazon, claiming they have a package for you that can’t be delivered without more information.
  • Don’t click on any links in a text. They’ll invariably take you someplace you don’t want to go.
  • Don’t offer up any personal or financial information to an unknown source.
Charity Scam: Scammers pose as legitimate charities, exploiting your goodwill to get you to donate to their bogus cause.
  • Hang up the phone or ignore the text.
  • If you’re intrigued, check out the charity on your own. If it’s legitimate, make your donation directly on the real website.

 

There are many ways to commit card fraud. There are also many ways to avoid it.

The more you know about popular credit and debit card scams, the better equipped you are to protect your cards and your information. To keep you up to speed on what to look out for, we’ve compiled a list of some of the more common scams and smart ways to avoid them.

Keep in mind that you have the ability to create alerts for all transactions, and you can do so here.

If you suspect misuse of your credit or debit card, you can dispute a claim or file a fraud report here.

TYPES OF CARD FRAUD SAFETY MEASURES
Phishing: You receive an email or text from a fraudster that appears to be a legitimate and trusted company, and you’re tricked into revealing your card information.
  • Don't click on a link unless you're 100% sure it's legitimate.
  • Look for "https://" to determine if a website is secure.
  • Carefully read the name of a website, since subtle misspelling are common on bogus sites.
  • To increase your online safety: if a website prompts you to save your card information for future purchases, click no.
Skimming: A small electronic device is attached to a legitimate card reader, blending in well enough to remain unseen. The skimmer is then used to capture your card information.
  • Check to see if the card reader is securely attached and if the graphics line up.
  • If the numbers on the keypad are hard to press, that may be a sign of a false keypad.
  • Think twice before using privately owned ATMs, since that’s where most skimming occurs.
Malware: You unwittingly download a virus onto your computer, where it lurks undetected. When you enter your card information online, it’s acquired by a fraudster via the malware.
  • Use an antivirus program to scan downloads before opening them.
  • Don't click on random links.
  • Be wary of opening email attachments or images.
  • Don't click on pop-up windows.
Weak Passwords: “123456.” “Password.” You’d be amazed at how many people use obvious passwords that are easy for a scammer to crack.
  • Consider creating a passphrase that incorporates special characters and numerals, such as MyL1feisH@ppy.
  • Use a password manager app.
  • Don't use the same passwords for different online activity. 
  • Don't share your passwords.
  • Change passwords often.
Card Theft: Someone physically steals your card and fraudulently uses it to make purchases.
  • Carefully guard your wallet or handbag when you're in a public place.
  • Don't leave credit or debit cards unattended. 
  • As soon as your card is returned to you by a merchant or server, put it back in its designated safe spot. 

 

 

Scams are evolving with the times. Here’s how to spot them and protect yourself.

Check fraud has come a long way from bounced, kited, and forged checks. Since paper checks are less commonly used these days, scams have become more sophisticated and often take advantage of people’s trust. Here are a few examples of the latest schemes and what you can do to safeguard your funds.

TYPES OF CHECK FRAUD SAFETEY MEASURES
Secret Shopper: You’re hired to purchase and evaluate a retailer’s goods, and a check is sent to you for your services. You’re then told to wire part of the funds to a third party and keep the rest. The check turns out to be bogus, so you lose the funds you sent plus the cost of the purchases you made.
  • Toss letters and ads offering jobs of this nature.
  • Never wire money to strangers.
  • Thoroughly research a company before engaging in business.
Online Employment Applications: You apply for a job online and get hired. Your “new employer” sends you a check and tells you to buy equipment right away. The check is for more money than you need, and you are told to return the extra funds. It ultimately bounces, and you’re on the hook for both the equipment you bought and the money you returned.
  • Be suspicious of jobs that don’t verify your work experience.
  • Think twice if the potential employer has an email domain from a popular provider instead of a professional address.
  • Don’t trust job offers that promise quick money or huge earning potential.
Email Checks: You are emailed a check and told to deposit it via remote deposit.
  • Do not attempt to deposit an emailed check. It is not a negotiable item and cannot be deposited or cashed.
Overpayment: A buyer overpays for something you’re selling online, then asks you to refund the difference. You later discover that the check was fake and you’re out the entire amount… plus the money you refunded…plus the item you were selling.
  • Independently confirm a buyer’s name, address, and phone number.
  • Don’t ever accept a check for more than your asking price.
  • With buyers you don’t know, use an online payment service instead of a check.
Prize Winner: You’re sent a check for winning a sweepstakes or lottery, then told you have to pay for taxes, processing, or shipping. You’re out the money you send—and there’s no prize.
  • Ignore all offers that ask you to pay for a prize or gift.
Money Order Swap: You’re given a money order and asked for a check in return. When you try to deposit the money order, you learn it’s fake. And your check funds are gone.
  • Never accept a money order from someone you don’t know.

 

Your personal information is yours. Until it isn’t.

Imagine discovering, out of the blue, that your savings account has a zero balance and you’re over the limit on your credit card. This is the reality of account takeover fraud, which can wreak havoc on your financial life. This modern-day threat highlights the importance of securing your online identities and staying vigilant against digital thieves.

To further protect yourself, we encourage you to sign up for Account Alerts. You can set up a One-Time Passcode at every login and also be alerted each time a login is completed.

TYPES OF ACCOUNT TAKEOVER FRAUD SAFETY MEASURES
Social Media Account Takeover: A fraudster hacks your online profile and has total access to the personal data you used to create the account. They can read your private communications, send fake messages to your contacts, and post as you.
  • Choose strict privacy settings.
  • Use a strong password.
  • Don’t accept every random friend request you receive.
  • Limit what you share on social media.
  • If your account is hacked:
    • Reset your password.
    • Report the hack to the social media site.
    • Alert your friends and family that you’ve been hacked and warn them not to click on any attachments that appear to be from you.
Phishing: You receive an email or text that appears to be from a legitimate source. It includes a link, and clicking on it takes you to a fake login page. When you enter your credentials, they’re captured by a fraudster.
  • Never click on a link or download an attachment unless you are absolutely certain it’s from a trusted source.
  • Look for grammatical errors and other glitches in the email or text. Cyber criminals tend to be bad at spelling, grammar, syntax, and punctuation.
Impersonations: You receive a call that appears to be from Monterra—caller ID is easy to spoof—or a text from us that appears to be legitimate (see text link). [Not sure what link Dani is referring to.] Unfortunately, these callers are skilled at convincing you that they really do work for the credit union.
  • Hang up or delete the text. Monterra will never call or text you to request passwords, credit or debit card numbers, login credentials, or any other personal information.
Computer Popups: A popup on your computer entices you to call a phone number. The scammer’s goal is to gain remote access to your computer or phone. Once they succeed, they can use your stored passwords to get into online banking and elsewhere.
  • Ignore popup ads and never click on links in them.
Malware: This is another example of the danger of clicking on an unknown link. You just might be facilitating the installation of malicious software designed to steal your personal information.
  • Always avoid the temptation to click on an unfamiliar link. It’s simply not worth the risk.
Mobile Banking Trojan: This malware steals financial information and performs unauthorized transactions from your mobile device. The trojans are often disguised as legitimate apps—or bundled with real apps—to trick you into downloading them.
  • Never download anything from an unofficial app store.
  • Never click on a link or attachment in an unknown email.
Credential Stuffing: An attacker steals login credentials from a data breach, then tries the username and password combinations on multiple websites to get into additional accounts.
  • Do not use the same username and password on different websites.

 

It's your money.  Make sure it stays that way.

Online and mobile banking fraud takes many shapes—from hacking to phishing, from malware to social engineering trickery. To safeguard your information and your funds, you need to be aware of the many ways fraudsters gain illegal access to your accounts.

To further protect yourself, we encourage you to sign up for Account Alerts. You can set up a One-Time Passcode at every login and also be alerted each time a login is completed.

TYPES OF ONLINE AND MOBILE BANKING FRAUD SAFETY MEASURES
SIM Swapping: A fraudster impersonating you directs your mobile service provider to transfer your cell number to a SIM card that they control. The upshot: they can capture SMS-based authentication codes.
  • Keep your personal information personal. For a criminal to successfully impersonate you when reaching out to your carrier, they’ll need to know details that aren’t—or shouldn’t be—public.
Fake Mobile Apps: A scammer creates a bogus mobile banking app that look like the real Monterra app. You download it and unwittingly give your login credentials to the fraudster.
  • Think before you click. You can safely download the Monterra mobile banking app directly from our website.
Password Spraying: Cybercriminals use bots to pair usernames with common passwords in the hope of finding a real match and gaining access to your financial accounts.
  • Always use multi-factor authentication (MFA), which requires two forms of verification to log into your account.
  •  Avoid using the same username and password for online banking and email.
Phishing: You’re sent a fraudulent email that pretends to be from an authentic company. You’re directed to click on a link that takes you to a phony website, where you’re tricked into providing your online banking login credentials.
  • Never click on a link in an email unless you know for certain that it’s legitimate.
  • Never provide any sensitive information on an unknown website.
Smishing: You receive a text claiming to be from Monterra that says your account has been compromised. Using scare tactics, the fraudster lures you into revealing your login information or other personal data.
  • Immediately delete the text. Monterra will never contact you and ask for any personal financial information.
Malware: Banking malware is designed to steal your money, and it can infect both your computer and your cell phone. You can inadvertently fall victim to malware by clicking on a link to claim a prize, downloading illegal music or videos, or using clickbait links on social media.
  • Don’t click on strange links or pop-ups.
  • Avoid random downloads from unknown sources. If you accidentally download something, run an antivirus program to scan it before opening.

 

Fraud can be lurking in your inbox or on your phone.  Learn how to recognize it.

It looks like an ordinary email or text from your gym. Your doctor. Your favorite retail store. The post office. In reality it’s a scammer, hoping you won’t look too closely and trustingly open the message. And that’s when the deception kicks in. Hyper vigilance pays off if you want to avoid getting caught in the web of email and text spoofs.

Stay alert and informed with Account Alerts. Monterra will never call, text, or email you to ask for your account numbers, Social Security number, ATM or debit card PIN, or any other sensitive information. Learn more about our Text Alert Program.

TYPES OF EMAIL/TEXT SPOOFING SAFETY MEASURES
Display Name Spoofing: An email display name is altered to make it look like a person or place you trust. If you don’t look at the actual email address, you’ll be fooled.
  • Even if you recognize a display name, it’s a good idea to get in the habit of double-checking the email address. It takes just few seconds, and it can save you a lot of trouble in the long run. 
  • Do not respond to any 10-digit texts that appear to be from Monterra and report them to us immediately. 
  • Configure your email to show both the display name and the full email address. 
  • Read domain names carefully. The smallest difference can cause a huge problem. 
  • Look for https:// to make sure a website is secure. 
  • Avoid clicking on links or opening attachments in unknown or unexpected emails.
  • Hover your mouse over links to see the actual URL before clicking.
  • Be wary of common phishing signs, such as urgent language and requests for personal information.
  • Employ antivirus software and keep it up to date.
  • Consider investing in a secure email gateway that filters your incoming emails for threats and blocks known malicious senders.
Monterra Text Spoof: A text message comes from what appears to be Monterra’s main number. However, we do not use 10-digit phone numbers for any text communication.
Reply-to Spoofing: The reply-to address in the email is changed, so when you answer, it goes to the scammer instead of to the real address.
Domain Spoofing: The domain name in the email is forged to mimic a legitimate domain. This can be done by typosquatting (m0nterra.org instead of monterra.org) or by slighting modifying the domain name (yourfaveshop.co instead of yourfaveshop.com).
Business Email Compromise: A scammer impersonates a high-level employee in your company, tricking you into transferring money or sharing sensitive information.

 

Weaving a web of deceit: That's what spoof sites are all about.

Spoof sites are deceptive websites created by cybercriminals to steal your personal and financial information. They replicate the design and branding of reputable companies, making it difficult to distinguish between the real and the fake. We at Monterra are committed to helping you understand the risks of spoof sites and providing you with the tools you need to stay safe.

TYPES OF SPOOF SITES SAFETY MEASURES
Banking Websites: A spoofed version of a bank or credit union site might look identical to the real one, using similar logos, fonts, and layout. If you look carefully, however, there’s a slight difference in the URL.

How to Identify Spoof Sites

  • Before clicking on any link, hover over it to see the URL and determine if it’s legitimate.
  •  Look for misspelled words, accent marks, or extra characters.
  •  Make sure the URL begins with https://. The “s” means secure.
  • Be wary of websites that have poor grammar, typos, or an unprofessional look.

How to Protect Yourself from Spoof Sites 

  • Keep your browser and security software updated.
  • Be password savvy. Create hard-to-crack passwords, change them often, and use different ones for different accounts.
  • Enable two-factor authentication to add an extra layer of security.
  • Be skeptical of unsolicited emails. Never click on links or download attachments from unknown sources.
  • Don’t respond to emails claiming that urgent action is required.
  • Don’t respond to promises of business opportunities that seem unrealistic.
E-Commerce Platforms: A fraudster creates a fake version of a popular online store. It features amazing deals that lure you into entering your credit card information.
Social Media Sites: You receive an email with a link to what appears to be a social media site, telling you to log in to view a message. When you do, the spoof site captures your login credentials.
Email Providers: A spoofed email login page is sent to you via a phishing email. It look just like your real email login, but the information you enter goes directly to the attacker.
Professional Sites: A spoofed version of a professional or corporate site is used to gather login credentials or spread malware.

Some jobs sound too good to be true. And that's precisely what they are.

Employment scams promise lucrative job opportunities but deliver only financial loss and disappointment. They often use legitimate-looking websites and emails to deceive their victims into providing personal information or money. Here are some of the ways they prey on job seekers.

TYPES OF EMPLOYMENT SCAMS SAFETY MEASURES
Work-from-Home Scam: Do you believe you can make thousands of dollars a month with minimal time and effort? Then you’re just what this scammer is looking for. Instead of striking it rich, however, you end up spending huge amounts of money on starter kits, training, and useless certifications. 
  • Don’t be tempted by get-rich-quick schemes. They simply don’t exist.
Financial Information Scam: Your prospective employer asks for your Social Security Number and bank account information on a job application before you’re hired—and there goes your identity.
  • Never provide this type of information prior to getting the job.
  • Once you’re hired, a legitimate employer will need your Social Security Number for tax purposes and your bank account information if you’re being paid via direct deposit.
Head Hunter Scam: These fraudsters seek you out and offer jobs that don’t exist, then charge you for their services.
  • Don’t ever pay for the promise of a job. Keep in mind that real head hunters are paid by the companies that hire them—not by the job candidates.
  • Always do independent research of a prospective employer.
  • Be wary of unsolicited jobs.
Pyramid Scheme: This fraudulent—and illegal—business model tricks you into paying money to join, promising that you'll make money by recruiting others to join, too. In reality, though, only a few people at the very top make significant sums, while most others lose out.
  • Just say no. In addition to losing money, you’ll likely lose friends when you start trying to recruit them.
Government or Postal Job Scam: An ad promises a job with the federal government or the U.S. Postal Service—for a fee.
  • Never respond to an ad of this nature.
  • Real job opportunities with the federal government and U.S. Postal Service are free and available online at USAJobs.gov and usps.com/employment respectively.

 

Keeping a close eye on your personal information

Together, we can fight identity theft and fraud while safeguarding your Monterra Credit Union accounts.

Defining identity theft

Identity theft occurs when a criminal has enough of your personal information to pretend to be you. That information can be stolen in various ways, including scams, phishing and data breaches. In certain cases, this theft could result in risk to your reputation if your social media or email accounts are hacked. In more serious cases, your money could be stolen and/or your credit impacted if a criminal applies for a loan using your name.

How Monterra protects you

  • As a financial institution, Monterra has very strong security systems and protocols in place to protect your personal and financial information.
  • All Monterra employees are trained on how to handle sensitive data to avoid theft.
  • If your debit or credit cards are ever compromised, or fraud is suspected, Monterra may lock your cards or reissue them, depending on the severity of the risk.
  • Multi-factor authentication is available to log in to online and mobile banking.
  • Monterra will never ask you to provide personal information over email or by text. We will only discuss these details with you in a secure environment or in-person/over the phone after we have verified your identity.

Ways to protect yourself

  • Be extremely cautious about sharing your personal information on social media and other websites and ensure your privacy settings are set to ensure only those you want to see your posts can see them.
  • Check your credit report regularly for loans and accounts you did not open.
  • Only share information with verified merchants you are making a purchase or entering into an agreement with them that requires that information.
  • Use your EMV Chip, Tap to Pay, or Digital Wallet whenever possible and avoid swiping your card at point-of-sale machines.
  • Avoid using isolated stand alone ATMs. They are vulnerable to being compromised.
  • Sign up for Account Alerts so that you get notified of purchases made on your cards/accounts as they occur.
  • If you lose or misplace your credit card, debit card, or checks, inform Monterra Credit Union at once.
  • Regularly change your online and mobile banking passwords and make them difficult to guess.
  • Let us know when you’re traveling and where you’re going, especially when you leave the country.

Additional resources

  • FTC website for reporting identity theft
  • ID Theft Center to learn more about steps you should take if you've been victimized
  • If it appears someone is using your Social Security number, call the Social Security Administration at (800) 772-1213.

If you see suspicious transactions on your Monterra account or think you may have been the victim of identity theft, contact us immediately at (650) 363-1725. Then, immediately contact all three credit bureaus.

Know how to spot elder abuse and report it immediately

Elderly people are vulnerable to many kinds of financial abuse and may be unable to stop it. if you believe someone is a victim of elder abuse, you can help by contacting Eldercare Locator. The person who takes your call will refer you to the best local agency to help based on the circumstances you describe.

Eldercare Locator
(800) 677-1116
Monday - Friday: 6 a.m. to 5 p.m., Pacific Time

Signs of financial elder abuse

  • ATM activity in the vulnerable adult's account, even though he or she is physically unable to leave home
  • Abrupt and unexplained change in a financial Power of Attorney, new names added to signature cards, or a new joint account
  • Signatures that seem forged, unusual or suspicious
  • Out-of-sync check numbers
  • Allegations of "missing funds" from a vulnerable adult's account
  • Credit union or credit card statements sent to an address other than the vulnerable adult's home
  • Unusual cash withdrawals from a checking account
  • Abrupt increase in credit card activity or a sudden flurry of bounced checks
  • Sudden appearance of previously uninvolved relatives claiming rights to a vulnerable adult's affairs and possessions
  • A caregiver who appears to be getting paid too much or too often

Love is in the air. It's also in cyberspace.

Having a significant other in your life is certainly appealing, and the growing popularity of dating sites is proof of that. It is estimated that there are more than 8,000 online dating platforms worldwide, and 366 million users gave them a try in 2022 alone. Sadly, some of them found fraud instead of love. Whatever shape the scam takes, there are ways to keep from falling victim.

TYPES OF ROMANCE SCAMS SAFETY MEASURES
Catfishing: A con artist uses another person’s photo to create a false identity. This is often done with stock photos of very attractive people to trick you into fostering a romantic relationship. While the swindler may not always try to extort money, emotional harm comes from the deception, embarrassment, and humiliation of being conned.
  • Never send money to, or accept money from, a person you don’t know.
  • Don’t agree to transfer money for someone else.
  • Be mindful of what you post online. The details you share can give a scammer a clear picture of your life.
  • Research the person who has reached out to you to see if they have an online presence beyond the dating site.
  • Do not agree too quickly to communicate directly.
  • Take things slowly and ask lots of questions. Listen carefully to see if the answers make sense.
  • Never reveal financial information to someone you’ve met online.
  • Never send inappropriate photos.
  • Be wary if someone keeps promising to meet in person but keeps making excuses about why the timing isn’t right.
  • Learn how to recognize a fake profile. Some tips:
    • The photo looks too staged and professional.
    • Personal information is sparse.
    • The person cannot be found anywhere else online.
    • There are very few comments or likes from others on their social media.
Inheritance Scam: You’re lured into an online romance with someone who says they need to get married to claim their inheritance. They ask you to pay for airfare or other costs involved with the “wedding”—which never happens.
Military Impersonation: A fraudster impersonates a member of the military stationed overseas. After fostering a romantic relationship with you, they claim they can’t access their funds because they’re in a combat zone, and they ask for money from you.
Sugar Daddy/Momma Scam: Targeted to younger women and men, this type of scammer poses as an older, wealthy person who offers to pay for online companionship. They ask you to pay a fee to prove your loyalty to them—and then they disappear.
Money Mule Recruitment: Someone you’ve gotten romantically involved with online asks you to accept money from them and forward it to someone else. This is actually part of a money-laundering scheme that adds you as a layer of distance between the criminals and the victims.  

 

Security Solutions
REPORTING FRAUD

See suspicious activity or a transaction you don’t recognize on your Monterra account(s)? Contact us immediately to report it.

ACCOUNT ALERTS

Set up alerts so you know what's happening at all times. Even get notified each time a login occurs to your online banking profile.

IDENTIFYING VALID MONTERRA CONTACT

Scammers might try to impersonate Monterra. Know that we will never contact you and ask for your account numbers, card numbers, or PINs.

DIGITAL BANKING SECURITY

Do your part to ensure your online or mobile app sessions are secure and you stay informed of activity occurring on your accounts.

WEBSITE BLOG

Stay up to date on the latest security threats and learn how you can do your part to protect your accounts.