Scams & Data Breaches

A scam is any direct attempt to trick you or others into providing your personal information. Most scams involve a situation where the scammer pretends to be someone he or she is not. It may be someone posing as an employee of a company you do business with, or someone you don’t know claiming to want to do business together. Many scams also occur online, using fake websites and emails.

A data breach is the theft of personal/financial information of multiple people all at once when technology that holds that information is compromised. Names, addresses, Social Security numbers, and account numbers and PINs are all targets of this type of theft. Information stolen in a single breach may not be enough to impact you, but there is an entire underground market for buying and selling stolen data and a criminal enterprise may eventually put together enough of the pieces to be a danger to your finances and identity.

Below are common or recent examples of scams and data breaches. There are too many out there to list them all, but understanding these examples will help you spot others.

• Online Banking Scams: One of the most common scams is known as phishing. This is when you receive an email, phone call, or text message from what appears to be a reputable company or even Monterra. This message/caller may asks you to reply with or visit a website to enter personal information, like user name, password, Social Security number, account numbers and more.
  • How to stay safe: Always be sure you’re communicating with the actual company before you provide any sensitive information. For emails, make sure you recognize the sender and that the email address and domain name is what you expect. Watch out for multiple typos or inconsistent language, as these can be signs of fraudulent messages. Keep in mind, Monterra will never call you asking for card information, one-time passcodes or online banking credentials.
• Text Message Scams: You may receive text messages indicating an unauthorized transaction which may also have a link enclosed. Never click links from unknown individuals. The link is usually to get additional information from you. Don’t get anxious. The scammers rely on you being concerned and addressing the matter immediately.
  • How to stay safe: Pause. Call the credit union before taking any action. All valid text numbers are available on Monterra's website. Any alerts regarding suspicious transactions will always come from a “short code” number with 5-6 digits. Fraudsters cannot spoof short codes”. Assure your mobile device has sufficient malware and keep your security patches up to date.
• Online auction/buying scams: The ability to buy and sell second-hand goods online is a big convenience, but it’s also very attractive to scammers. Typically, these scams involve someone that wants to buy your item with a money order and who offers to overpay if you are willing to send cash with the item. Their payment to you either never arrives or is fraudulent, and you have now lost your money and the item.
  • How to stay safe: Whenever you buy something online, ensure the seller is verified and that the item is “as-advertised” before sending payment. As a seller, ensure that you have the money (or at least that the payment has officially been initiated though Paypal, Venmo, etc.) before you ship the item or allow it to leave your possession. Avoid buying items from social media websites as scammers are taking over valid sites.
• Sweetheart scams: These scams usually take a period of time to gain your trust and a sense of commitment. Some times scammers cultivate the relationship for several months. Most often, the scammer is out of the country or not local. They may even have video calls to assure you they are real. At some point during the relationship, the scammer will some significant need for money. Usually it’s a reason that requires immediate assistance or a need to travel to the United Staes.
  • How to stay safe: Sweetheart scams are long-cons. They rely on building trust. At some point they will ask you for funds. They may give you odd information for wires to avoid protection. They may tug at your heart strings claiming someone is ill or needs help. Don’t send the money.
• Lottery/sweepstakes scams: Using mail or email, scammers will claim that you have won a large lottery or sweepstakes, often in another country. But before they can send you the money, you must pay a fee. In a similar scam, someone claims they’ve won the lottery but cannot pay the fees or taxes, asking you to help pay those costs in exchange for a share of the winnings.
  • How to stay safe: Do not engage with anyone or any company that claims you have won something (or are entitled to something) unless you have a relationship with that person/company and can verify the authenticity of the claim. In almost every situation where you are eligible to have won a large prize, you will know you have entered or that you took the necessary step to enter the contest.

Make sure you are on a secure website, which will have an “https” (rather than just “http”), and that the domain name is correct. Often a scam site will be very close to the real site – different only by a letter or two.

If you are ever in doubt, simply delete these suspicious messages and do not respond. Instead, use trusted methods to contact/interact with the companies you do business with rather than responding to communications sent directly to you. You can report suspicious emails to spam@uce.gov and visit the FTC's Identity Theft website to learn more.

Most data breaches happen in one of two ways:

• Sensitive information held at a company is stolen either by an internal employee or by outside hackers. The more of your personal information a company, the more of a target that company is for criminals.
• Debit and credit card information is recorded at point-of-sale machines that have been tampered with at retailers, restaurants, and gas stations.
  • How to stay safe: While the breach itself is outside of your control, there are ways to limit your exposure and respond if your information has been stolen. First, always use your EMV chip card payment method if possible when you are at a merchant's location. If you see any visible signs of physical tampering with a point-of-sale machine or ATM, notify the employees immediately.

If your information has been stolen as part of a breach, be sure to monitor your accounts (Account Alerts from Monterra are a good idea!) and your credit report for suspicious activity. If you see anything, notify Monterra right away. If the breach is considered a large enough security risk, we may reissue your credit or debit card. Be sure to activate and begin using your new card as soon as you get it.

• As a financial institution, Monterra has very strong security systems and protocols in place to protect your personal and financial information.
• All Monterra employees are trained on how to handle sensitive data to avoid theft.
• Multi-factor authentication is required to log in to online and mobile banking.
• Monterra will never ask you to provide personal information over email or by text. We will only discuss these details with you in a secure environment or in-person/over the phone after we have verified your identity.
• Our public website is a secure site. You can verify this by noticing that the address begins with "https" and not "http". You'll also notice a padlock symbol in the address bar. We maintain our security certificates for the benefit of all members.
• If your debit or credit cards are ever compromised, or fraud is suspected, Monterra may lock your cards or reissue them, depending on the severity of the risk.

If your money is ever stolen, Visa’s Zero Liability Policy does not apply to certain commercial card and anonymous prepaid card transactions or transactions not processed by Visa. Cardholders must use care in protecting their card and notify their issuing financial institution immediately of any unauthorized use. Contact your issuer for more detail.

• Never respond to an email or text message that asks you to share personal information.
• Be careful not to give account information over the phone to people claiming to represent Monterra. If you have any concerns, ask for the caller's name and phone number, so you can call back to confirm association with Monterra. As an added measure, call our Member Services and Support Center at (650) 363-1725 to confirm the call.
• Never enter personal information (including passwords) into a website that is not secure or that has a domain name you don’t recognize. Look closely, as domain names can appear very similar.
• Never send money to someone you don't know and be very cautious if an offer seems too good to be true.
• If you sell something online, be sure you have the money before shipping the item.
• If you won a lottery or sweepstakes but did not buy ticket or remember entering, be very careful and never offer any personal information or agree to move money around in return for a percentage of that money.
• Use common sense. If it's free, why are they asking you to pay for it?

Make sure that Monterra has your most up-to-date contact information: address, phone numbers, and email address so we can easily contact you if we detect potentially fraudulent activity on any of your accounts.