✦ Stay Alert, Stay Safe: Your Guide to Scam Awareness
Security & Fraud Prevention Center
TOPCU will never call, email or text you asking for a one-time passcode, your account password, your debit card number or any other sensitive information.
Dealing with Suspicious Activities
If you encounter a potential scam, refrain from responding or taking any requested action. Document the suspicious activity and report it directly to TOPCU through official channels. It’s crucial to act promptly to safeguard your account and assist in preventing further fraudulent attempts.
Identifying Genuine Communications
Genuine communications from TOPCU will always have recognizable characteristics, such as an official email address (info@topcu.org). TOPCU will never request your one-time passcode, card number, PIN, and CVV number. Look for consistency in branding and avoid any communication that pressures you for immediate action or personal details.
Your Peace of Mind is Key: If you ever feel uneasy or doubt the legitimacy of a call claiming to be on behalf of TOPCU, we strongly encourage you to take the following steps:
- Politely end the call.
- Directly contact us by calling the number on the back of your card. This ensures you are speaking to our genuine team.
Protective Measures Against Scams
Enhance your account security by setting up alerts for unusual activities and regularly reviewing account transactions. Utilize two-factor authentication and maintain robust, unique passwords for an added layer of defense against unauthorized access.
Zelle Scams
Zelle scams often involve fraudsters posing as known contacts or other institutions, urging you to send money or divulge login credentials. They might send alarming messages about unauthorized transactions, requiring you to act swiftly. Always verify such requests independently through known contact information.
Got a 'TOPCU Alert' text? Think Twice!
Before clicking any links, remember, we’ll never text you for personal info.
Is Your Phone Ringing with Our Number?
If in doubt, hang up and call us back on the official (520) 881-6262.
Your Data Is Safe with Us
We’ll never ask for your PIN, password, or OTP over text or call.
Mistakes Happen, We're Here to Help
Shared your info by accident? Call us immediately for support.
2024 Scam Tracker
Scammers are crafty, but their tactics have common red flags
Do you believe that your device, account, or personal information has been compromised?
If you feel your device, account, or personal information may have been compromised, rest assured, we are here to help. Follow these three steps:
- Change your online credentials, including your username and password, immediately
- This can be done in the Settings > Security section of online and mobile banking
- Contact us immediately at (520) 881-6262
- Describe the situation to us so that we can help find a solution
- Have your computer/mobile device scanned for malware
If you have questions on the legitimacy of an email or text message, please contact us
Know the red flags
The most common types of scams will target you through fake emails, text messages, voice calls, letters or even someone who shows up at your front door unexpectedly. No matter which technique the scammer uses, you may be:
-
Pressured to give personal information (One time pass codes, account info)
-
Threatened with law enforcement action
-
Told to purchase gift cards and provide codes as a form of payment
-
Asked to deposit a check that overpays for something you’re selling, then send the difference elsewhere
Can I see my Credit Score?
-
The new TOPCU Digital Branch will offer rich credit reporting and credit management solutions with member score monitoring, credit utilization, and educational material. These solutions provide our members with powerful credit monitoring resources to assist in your financial wellness journey at no extra cost.
How do members access/unlock savvy money?
From the online dashboard click “unlock your credit score”
- Read the disclosure
- Click Continue
The best ways to avoid being scammed
Don’t respond: If you’re not 100% certain of the source of the call, email or text, then hang up the phone, don’t click on the link in the email and don’t reply to the text message.
Don’t trust caller ID or answer phone calls from unknown numbers: If you recognize the caller ID but the call seems suspicious, hang up the phone. Phone numbers can be easily spoofed to appear to be from a legitimate caller.
Don’t give out your information: Never provide any personally identifiable information unless you’re absolutely certain the person and reason are legitimate. Remember: TOPCU will never ask you to send us personal information such as an account number, Social Security number, one-time passcode, or Tax ID over text, email or online.
Research and validate: If the individual or organization seems suspicious, make sure the request being made is legitimate by calling the organization through an official number from their website or consulting with a trusted family member or friend.
If you feel you may have been a victim of a scam, Call or Text us at: (520) 881-6262, ext. 702 to learn more.
How to Set Up Shared Access?
Shared Access
Shared Access lets you give other people permission to view and/or access to your account. You can control exactly what type of access you share by choosing certain from certain permissions. For example, you can choose to only allow a person to view the account, or you can allow them to make certain transactions. This is a good way to let a joint member, financial advisor, accountant or other designated person view your account using their own unique login credentials.
How to Set Up Shared Access
- Log in to your Online Banking profile and click on the drop-down menu, at the top right, next to your name.
- Click Settings.
- Click on the “Shared Access” tab, then click “Add a user.”
- On the “Add user” page, enter all of the requested information for the person you want to give access to your account. You’ll need to enter the person’s First Name, Last Name and Email Address. You’ll also need to enter the person’s email address a second time in the Confirm Email Address field.
- Under “Choose permissions,” select the accounts (shares) and level of access you want the person to have. Options include “View account” (see balances and transactions), “Transfer into” (add money from another account to the selected account), “Transfer from” (move money from the selected account to another account), and “Pay bills.”
If you want the person to have full access (able to do everything you can as the primary account holder), click “All permissions.” Once finished, scroll to the bottom of the page and hit “Save.”
- Once you click “Save,” a new window will pop up asking you to confirm and invite the added user. Review the permissions to make sure they are correct, and then check the box next to the statement “I acknowledge one or more of these settings selected will allow the invitee to transfer money from my account/accounts.” Note that this “acknowledgment” disclosure will appear regardless of whether or not you elected to give the person permission to transfer money from your account. Once finished, click “Confirm.”
- After clicking “Confirm,” you’ll be brought back to the main Shared Access page. You’ll see an “Invitation Pending” notice at the top of the screen. Click on the pending invite to open it up. You will see a 6-digit confirmation code at the top. You must provide this number to the person you have given account access to. They will need the confirmation code to complete their registration (see step 8). Keep in mind the code is only good for 24 hours, so the person must accept their invite and complete the registration process within that time frame.
- If you need to make any changes to access you have granted, you can also click on the pending invite and choose from “Edit user” (to change their name or email address), “Edit Account Access” (to change access permissions) or “Cancel Invitation” (to delete the shared access for this person).
- When the person you gave access to receives the email invite, instruct them to click on the unique link. From there, they’ll be directed to a page with three options: “Log In” with the existing TOPCU login info, “Register” for a login or “Sign in as guest.” Instruct the invited user to select the appropriate option based on their relationship with the credit union.
- On the next page, the invitee will be prompted to enter a Confirmation Code. This is the 6-digit code described in step 7 above, viewable from the “Shared Access” tab in your Online Banking account. You must personally give this code to the person you are granting access to. It will not be e-mailed to them.
In addition to entering the confirmation code, the person will need to fill in all the fields marked with the red asterisk, then click the “Continue” button at the bottom of the page. The system will then guide them through the rest of the process.
Can I see my Credit Score?
The new TOPCU Digital Branch will offer rich credit reporting and credit management solutions with member score monitoring, credit utilization, and educational material. These solutions provide our members with powerful credit monitoring resources to assist in your financial wellness journey at no extra cost.
How do members access/unlock savvy money?
From the online dashboard click “unlock your credit score”
- Read the disclosure
- Click Continue
Check out these important tips for staying safe and secure while using TOPCU Mobile Banking.
Don't access your online accounts on public Wi-Fi
When you’re on public Wi-Fi, hackers can more easily access your computer and steal personal information from it. You should never access your financial institution’s website through a computer, tablet, or mobile phone unless you’re on a secure Wi-Fi network with a password or using your own cell phone data connection. This is much more difficult for thieves to hack, so it keeps your information safer.
Avoid saving your login information on devices you do not use regularly
Reason:
Some websites give you the option to save your login information for future use, but if someone uses your computer or mobile device after you, they could gain access to your online accounts. To at least help prevent this from happening, now many home banking sites time out after a certain number of minutes of inactivity, and do not save your informations.
Use strong passwords and change them often
Reason:
Strong passwords have a mix of upper- and lowercase letters, numbers, and symbols. Many financial institutions now require your online accounts to carry a password meeting these requirements. You should also change your password at least once a year and use different passwords for all of your online accounts so that hackers will have a more difficult time gaining access to your information.
Use two-factor authentication whenever possible
Reason:
Two-factor authentication is the next level of security that many financial institutions are now offering. Usually, a text or email is sent with a code or a series of questions are asked when you log in, reset your password, or change devices. This creates an extra layer of security in case the users home banking or mobile banking password gets compromised.
Keep your computer updated
Reason:
Outdated computers and mobile devices may not be secure enough to protect your personal and financial data against the latest computer viruses. If your computer gets infected with a virus, a hacker could gain access to your accounts without you knowing it until your money is gone. Always perform your computer’s recommended updates as soon as they become available and install antivirus software on your computer.
Always type your financial institution’s web address into your browser yourself
Reason:
Some hackers send out “phishing” emails that appear to be from your financial institution. They’re hoping you’ll enter your login information at their fake version of the bank’s site. Never click on links in emails that appear to be from your bank, even if they look legitimate. Instead, type the financial institution’s web address into the URL bar yourself, or use a search engine to find the correct web page. You can bookmark the right page for later use.
Monitor your account regularly
Reason:
Following the above precautions should, hopefully, keep others out of your online account. The only way to make absolutely sure is to check your account balances and transaction history regularly, and make sure your money isn’t going anywhere it isn’t supposed to. If you notice suspicious activity, change your account password, and contact your financial institution immediately.
Downloading apps
Smartphones and tablets are very useful devices. App stores make them even more useful by providing a convenient method to install apps of all kinds to do many useful things. Sometimes, unfortunately, apps are made available that spy on you as you use your device. It is important to read the reviews for the app — more reviews (with good ratings) are better and some app stores are more trustworthy than others.
Also, be aware of what you’re allowing an app you’ve downloaded to access on your device. For example, a flashlight app shouldn’t need access to all of your contacts to work. When in doubt, removing a questionable app — or not downloading it in the first place — is always the safest option.
Jailbreaking/rooting
Jailbreaking (iOS) and/or rooting (Android) a device is a process by which a flaw in your smartphone or tablet’s basic software is exploited, permitting the user to change the behavior of the device. Jailbreaking and rooting can void your warranty, nullify support with the device manufacturer and sometimes introduce security issues that put you at risk. We do not recommend installing the TOPCU Mobile app or accessing a TOPCU mobile-friendly site from a device modified in this manner unless you are certain the device is safe to use for banking purposes.
Encryption
Most smartphones and tablets sold today provide encryption and password-locking capabilities. We recommend you use them, especially when you have chosen to store your login credentials on any mobile apps including online banking, social media and shopping. Without this protection, your device may provide a thief with the access necessary to make fraudulent transfers and purchases.
Mobile Malware
Mobile malware is malicious software that is installed on your device with the intent to steal your personal information or financial details. One of the main ways that the malware can access your phone is through Wi-Fi networks and Bluetooth. Only use secure and trusted Wi-Fi networks and keep Bluetooth switched off when you aren’t using it. If your device supports security and anti-virus software, consider installing that software. Back up the device’s data and keep the copy in a safe and secure location.
ONLINE SECURITY
- Keep your devices and their operating systems up-to-date by regularly installing updates.
- Avoid accessing sensitive information on unsecured wireless networks. And turn off Bluetooth when not in use.
- Enable the remote wipe feature on your mobile device in case it is lost or stolen.
- Finally, if you are looking to get rid of a mobile device, be sure to remove all personal information with a factory reset.
PASSWORDS TIPS
- TOPCU will never ask for your Online/ Mobile Banking password.
- Change your password regularly.
- Password protect your mobile device and lock it when it’s not in use.
- Do not tell your password to others under any circumstances.
MONITOR ACTIVITY
Monitor your financial records and accounts on a regular basis. Use electronic account alerts to notify you of activity. Regularly review your statements with online banking to spot any suspicious activity.
If you have any doubts, please contact us at (520) 881-6262.
Find suspicious activity? Please contact us at (520) 881-6262.
Report Scams to the FTC
If you were scammed or think you saw a scam, report it to the Federal Trade Commission
Find out steps you can take if you were scammed.
What To Do if You Were Scammed
Your complaint could help the FTC stop the scammers.
Report Fraud, Scams, and Bad Business Practices
SCAM Alerts
As the saying goes, if it sounds too good to be true, it probably is! The Better Business Bureau of Southern Arizona monitors and reports on scams to keep the Tucson community up to date on these malicious activities. Keep updated with the BBB Scam Tracker.
Traveling? Let TOPCU Know Before You Go
Whether you’re traveling in the United States or overseas, please notify TOPCU prior to your travel so that we may flag your account and avoid any issues using your ATM or Debit cards.
To notify us about travel, or if you have additional questions, contact us at (520) 881-6262 ext 702 or by email at info@topcu.org.
Security & Safety
TOPCU takes every precaution to protect our members’ information and data security is the number one priority. If you suspect fraud on your account, please let us know right away by calling (520) 881-6262 ext. 702 or toll-free at (800) 440-8328, or visit your local branch.
IMPORTANT SAFETY ALERT: We continue to monitor fraudulent activity in the United States and abroad. TOPCU cards will be blocked for your protection in areas we deem a security risk. Please let us know if you are traveling, so we can put a VIP travel notification on your account.
Identity Theft Resources
According to the Federal Trade Commission (FTC), Arizona has ranked high on the list of all states in identity theft. Identity theft occurs when a criminal steals another person’s personal information to take on that person’s identity. Identity theft is much more than misuse of a Social Security number—it can also include credit card and mail fraud. Knowledge and awareness are key ingredients in arming yourself against identity theft.
The FTC Consumer Information site is a one-stop national resource about identity theft, providing current information and practical tips to help you deter, detect, and defend yourself from fraudulent activities. Learn more at the FTC online resource center.
You can also find additional information on Identity Theft from the Arizona Attorney General’s Office.