Alerts and Security

Keeping You Safe. Alerts and Security.

Alerts

QR Code Scams- Keep Yourself Safe!

QR codes are everywhere—from restaurant menus to event posters—but not all of them are safe. Scammers are placing fake QR codes in public spaces to trick people into visiting malicious websites and sharing personal information.

Stay safe with these QR code tips:

  • Think before you scan. If you found the QR code in a random or high-traffic area, be cautious—just like you would with a suspicious email or too-good-to-be-true offer.
  • Check for tampering. Look for stickers placed over existing codes, poor print quality, or misaligned placement.
  • Don’t trust the display name. Scammers can spoof names to make links look legitimate.
  • Watch for red flags. Misspellings, bad grammar, or typos in the content are signs of a scam.
  • Preview the link. Hover your camera over the QR code without clicking to see where it leads.
  • When in doubt, don’t scan. Instead, contact the business directly using a verified phone number or website.

Your security matters to us—stay alert and protect your information!

Fraud Friday Video Series

Watch and learn and stay one step ahead of fraudsters with Fraud Friday, TBA Credit Union’s video series designed to help you spot scams and protect your finances. For more tips and tricks, visit our YouTube Channel.

Security Tips

The holiday season is a time for giving and goodwill—but unfortunately, it’s also prime time for scammers. Fraudsters often exploit the rush and generosity of the season to trick us. Here are common scams and tips to keep you safe!

1. Holiday Mail & Delivery Scams- With increased shipping activity, scammers send phishing emails posing as USPS, FedEx, or UPS. They use fake links and urgent messages to steal personal information.
2. Holiday Shopping Scams- Flash sales and social media deals can be tempting—but not all are legitimate.
3. Charity & Investment Scams- Scammers prey on goodwill during uncertain times, creating fake charities or investment opportunities.

Protect Yourself with these tips!

• Avoid clicking links or opening attachments unless you’re sure of the sender.
• Never share personal details, one-time passcodes, or PIN numbers.
• Be skeptical of “urgent” alerts or offers that seem too good to be true.
• Notify TBACU of holiday travel plans.
• Report suspicious activity to TBACU immediately.
• Don’t purchase gift cards for payments.
• Keep social media private and never share account details publicly.
• Use ATMs inside bank branches or trusted businesses to avoid skimmers.

Valentine’s Day is a time for love and connection, but it’s also a prime opportunity for scammers to take advantage of unsuspecting romantics. Here are the top three tips to protect yourself from romance scams.

  1. Be Cautious with Personal Information– Never share personal details like your address, financial information, or social security number with someone you’ve only met online. Scammers often use this information to steal your identity or money.
  2.  Verify Their Identity– If someone you’re talking to online seems too good to be true, they might be. Use reverse image searches to check their profile pictures and be wary of anyone who avoids video calls or in-person meetings.
  3. Watch for Red Flags– Be alert for signs of a scam, such as requests for money, urgent pleas for help, or stories that seem inconsistent or overly dramatic. Trust your instincts and don’t hesitate to cut off communication if something feels off.

Protecting your personal information is crucial in today’s digital world. Limit the information you share online, enable Multi-factor Authentication (MFA) for added security, and use strong, unique passwords for each account. Be cautious of phishing attempts and regularly update all your devices to protect against vulnerabilities. By following these steps, you can significantly reduce the risk of cyber threats.

  1. Limit Sharing. Limit the information you share on a web and social media site, with any merchant, and in email. Cybercriminals scour the internet for any piece of information about you and, like a puzzle, put the pieces together to target you. And that ‘free’ email account you’re using? It’s also collecting information about you.
  2. Enable Multi-factor authentication (MFA). Enable MFA for all important online accounts. This can be an email or text message with a one-time password (OTP), PIN, or code. Enable MFA on every account that you can.
  3. Use Strong Passwords. As one of the first lines of defense for keeping your information safe, here are a few tips:
    1. Use a different password for each account.
    2. It doesn’t have to be complicated, like Di&81&329a$, it just has to be strong, memorable, and easy to type. Choose four unrelated words, then add a number and a special character.
    3. Reset your passwords every few months. By the time a data breach is reported, a threat actor could already be using and/or selling your data.
    4. Use a password manager. With just one master password, a password manager can generate and retrieve passwords for every account that you have, making it super easy to make them strong.
  4. Think before you click. Recognize and report email phishing and other social engineering attacks. Email, text, in person, or over the phone, if the message is urgent or threatening, pulls at your heartstrings, or is an unsolicited offer to help, it’s likely a scam. Don’t interact with it, just send it to your junk folder.
  5. Update. Update software on every device. Set your phone, door camera, television, desktop computer, laptop, router, etc. to automatically update. Cybercriminals also scour the internet and exploit outdated devices.

From identity theft and phishing attacks to counterfeit schemes and money laundering, cybercriminals are constantly devising new ways to exploit unsuspecting individuals. Being aware of these threats and taking proactive measures to protect yourself can significantly reduce the risk of falling victim to these malicious activities.

  • Email Phishing: Common ways to determine an email is malicious include messages that:
    • tug at your heartstrings–ask for a charitable gift for the latest natural disaster,
    • claim to have health information, often with a link to a malicious website, or
    • threaten you with a sense of urgency–your account will be closed if you don’t act now!

Check out this document to learn more about social engineering.

Identity theft occurs when someone unlawfully obtains and uses your personal information, such as your Social Security number, credit card details, or bank account information, to commit fraud or other crimes. This can lead to significant financial loss and damage to your credit score. To prevent identity theft, it’s crucial to safeguard your personal information by using strong, unique passwords, enabling multi-factor authentication, regularly monitoring your accounts for suspicious activity, and being cautious of phishing attempts and other scams.

  • Regularly review banking, investment, and insurance statements and online accounts. If discover unauthorized transactions or activity, immediately report it.
  • Review your credit reports. Annualcreditreport.com is the only site for free credit profiles from the top three bureaus – You can retrieve one, wait four months, and then retrieve another. It may be beneficial to review your child’s as well.
  • Identity Theft Protection services likely do not prevent fraud or Identity Theft, but can alert and help respond to it.  It’s really an insurance policy and may provide peace of mind. Read the fine print though.  Also, contact your homeowners’ or renters’ insurance policy.  You may have coverage and not even know it.
  • You have an increase in email spam or unsolicited phone calls.  If so, don’t reply, merely block the phone number or email address.  If they’re too numerous, you may need to change your email address or your telephone number.
  • Notify each banking, investment, and insurance institution. Request a ticket/claim number for each report.
  • Contact your homeowners’ insurance Your policy may help you recover.
  • Take your computer, tablet, and mobile phone to a reputable computer tech to check for malware, remote access, and updates.
  • Using a secure, cleaned, updated computer:
    • Change the password for each online account–banking, email, medical, social media…
    • Change the administrator and network passwords to your home wi-fi router.
    • If you’ve not, immediately freeze your four credit profiles. In that process, declare that you are an identity theft victim.
    • If you’ve not, file your taxes.
    • Report identity theft.
    • Document each step. Who you contacted and the date. This may help with a claim or uncover how the data was stolen.
    • You may need to open new banking accounts.
    • Regularly review your credit report and your banking, medical, and investment statements.

Should you report it to local law enforcement?  It never hurts, however, many times the crime happened outside of their jurisdiction.

Phishing, or using email to trick you into sharing passwords or private information, is still a big problem and has led to a number of multi-million dollar security incidents over recent years.

Here are a few easy tips to help recognize phishing and protect your information and accounts.

  1. Create two email accounts. Limit one for creditors, financial institutions, insurance companies and any official business. Don’t share this address with anyone else. Create a second email account that you can readily share with friends, family, and newsletters. Fake emails will stand out.
  2. Manage Your Inbox and Accounts. Download important messages to your local computer. Delete unwanted messages and any that have personal or private information. I’d even delete the Sent and Deleted folder contents. Why? If bad actors get into your account this will limit what they can get.
  3. Mark spam messages as spam. This will help ‘train’ the filter.
  4. Think Before You Open a Message.
  5. Is the sender’s name AND email address unrecognized?
  6. Is it a catalog or newsletter you didn’t ask for?
  7. Is the message threatening, urgent, or pulling your heartstrings? Your account will be locked, or your credit card will be closed if you don’t respond right this moment. What about fake ‘charities?’ Each natural disaster prompts bad actors to ask for money too.
  8. Is the email or website address misspelled? When hovering your mouse over the link, is the address different?
  9. Is it out of the norm for the sender to send that kind of message or attachment at that time of the day?

If you answered Yes, you should avoid opening the message or clicking on the attachment or link. It would be best to call or contact the sender directly, but NOT using the phone number in the email.

Federal Trade Commission | Protecting America’s Consumers (ftc.gov)

Home – National Cybersecurity Alliance (staysafeonline.org)

Avoid Pre-Screening. While you’re reviewing your credit reports for fraud, opt-out of credit pulls for pre-approved credit and solicitations. Get your free, annual report: https://www.AnnualCreditReport.com

Freeze your Credit Profile with Each Bureau. Start with the top four credit bureaus. Limiting access to your profile greatly reduces bad actors’ ability to open banking or utility accounts.