Beware of Coronavirus COVID-19 Scams!

  • Categories: Fraud

Scammers and fraudsters are taking advantage of people’s fears by trying to capitalize off the Coronavirus (aka COVID-19) outbreak through various channels. Below are some of the latest scams to watch out for and avoid. Remember, POPA Federal Credit Union will never ask for any sensitive personal information over text or text or email. When in doubt, call your financial institution directly. For more tips on avoiding Coronavirus scams, visit

Caution: Seniors are especially vulnerable to these schemes and are often specifically targeted by criminals. Be sure to speak with your parents and elderly family members about these scams and how to avoid them.

  • Facebook Posts. One particular scam targets seniors through a Facebook post informing them that they can get a special grant to help pay medical bills. The link within the post takes them to a fake website claiming to be a government agency called the “U.S. Emergency Grants Federation” where they are asked to provide their Social Security Number under the guise of needing to verify their identity. In other versions, fraudsters claim individuals can get additional money, but the victims have to pay a “processing fee” first to receive the grant. What to Do: Don’t click on any links and/or input any sensitive personal information. If it sounds too good to be true, it usually is a scam so don’t fall for it.
  • Robocalls. Scammers will try to get your bank account number or other sensitive personal information using the current pandemic to test your vulnerabilities. Some will claim they are calling from the Social Security Administration, Medicare testing facility, etc. What to Do: Just hang up. Don’t press any buttons, don’t give any information, don’t even speak.
  • Fake Cures and Treatments. The FTC (The Federal Trade Commission) and FDA (U.S. Food and Drug Administration) are warning the public to be on alert for any company claiming to have a cure or treatment for Coronavirus. What to Do: Don’t fall for it. Don’t buy or promote anything with claims to treat or prevent Coronavirus. According to the FDA, there are no approved vaccines, drugs, or investigational products currently available to treat or prevent the virus.
  • Fake Emails, Texts, and Phishing. Scammers have always used fake emails or texts to get you to share valuable personal information (e.g. account numbers, SSN, login IDs and/or passwords) in order to steal your identity, money, or both. What to Do: Don’t click on any links sent to you by a person or company that you don’t know. If you click on one of these links, they can install viruses onto your computer or device.
  • Fake Charities. During times of need, like natural disasters or pandemic, many fake charities will try to profit off the public’s generosity by creating sophisticated websites, emails, phone calls, etc. that often use names that sound similar to real charities. What to Do: Do some research when it comes to donations. There are sites where you can verify the charity, such as: Charity Navigator and Charity Watch. Real charities won’t rush you into donating. If any “charity” wants donations in cash, by gift card, or by wiring money, don’t do it. Real charities will take credit cards or checks – both which are safer ways to pay.

“Internet Explorer Flaw” – Internet Security

A security warning was issued recently for those who use Internet Explorer (IE). There is a newly-announced security flaw that may allow attackers to install malicious code on your computer to steal valuable data or cause other harm.

Microsoft has confirmed that the security vulnerability affects Internet Explorer versions 6 through 11. The company is currently working on a patch for the security hole and will release a fix through the usual Windows Update channel. However, it is unlikely they will release a patch for Windows XP users now that official support for that operating system has ended. We recommend members to retire Windows XP and migrate to Windows 7 or Windows 8.

We recommend switching to another web browser such as Google Chrome, Firefox, or Safari until a patch has been released. We also urge you to make sure your antivirus software is running and is up to date.

It is always good security practice to refrain from visiting sites wherein you are unsure about their nature or content. Also, you should never click on any links found in emails that come from unsolicited or unknown sources.

“Apple iOS Security Update” – Internet Security

It’s come to our attention that Apple has released an iOS update that fixes some security issues for iPhones, iPads, and iPods. If you are using a device that runs iOS and haven’t updated to iOS 7.1.1 yet, we strongly suggest updating to iOS 7.1.1 as soon as is convenient to make sure your mobile device is secure.

Apple details how you can update your device’s Operating System on their support page:

“Heartbleed Bug” – Internet Security

POPA Federal Credit Union has assessed and found all member web-facing systems unaffected by the “Heartbleed Bug”. Please feel confident that POPA Federal Credit Union has and will continue to take the required steps to address current and future security issues. We will, continue to monitor all systems and keep members informed as necessary.

What is “Heartbleed Bug”?

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. This is all accomplished without leaving a trace on the server.

What can I do to protect myself?

It is recommended that members regularly change all internet accessible passwords (Online banking systems, e-mail accounts, online shopping accounts, etc.) and use a unique password for each system. POPA Federal Credit Union recommends that members contact manufacturers of all internet connected devices about any possible Heartbleed Bug vulnerabilities.

Is my mobile device secure?

Apple computer announce that all their devices and applications have not been affected by the Heartbleed Bug, except for the Blackberry Messenger for IOS application. Google Android and Windows devices have been found secure except for Google Android versions 4.1.0 and 4.1.1. We recommend that members contact their mobile device provider or cellular carrier for more information about any Heartbleed bug vulnerabilities.

What is not affected?

Web, email and mobile-app communications that were never meant to be secure. Windows PCs, Macs, most Linux desktop and laptop machines. iOS (Apple) devices and most Android devices.


Please call us at (562) 229-9181 and one of our Member Service Representatives will be happy to assist you.

Key Copies… by Smartphone!

  • Categories: Fraud

Smartphone apps are convenient in ways we never imagined!
There is now an app that allows you to copy keys with your phone. “Keys Duplicated” aka “Shloosl”, will copy your house key for you using nothing more than a couple of smart phone photos.

MasterCard® SecureCode™


MasterCard® SecureCode™ is a service from MasterCard and POPA FCU that provides added protection when you buy online. There is no need to get a new MasterCard card. You choose your own personal MasterCard SecureCode and it is never shared with any merchant. A private code means added protection against unauthorized use of your credit or debit card when you shop online.

Stay Safe: Change Your Passwords


According to a report released Dec. 3rd by cybersecurity firm Trustwave, over two million passwords have been stolen, compromising accounts at Facebook, Gmail, Twitter, Yahoo, ADP and more.

Target Issues Phishing Warning


As we continue to monitor the recent Target compromise, we have learned of recent phishing emails related to the Target breach. The emails look like they are from Target and play on the fears of the public that they may have had their card compromised.

To be safe, proceed with caution if you receive an e-mail from Target. Do NOT OPEN any links that may be included in these emails as that could potentially allow additional access to your personal information. Target is posting any and all emails to their breach-related site so you will know the difference between valid emails and phishing emails.

Target’s breach-related site can be accessed here.