Fraud
Amazon Issues Urgent Alert: 300 Million Customers at Risk Amid Holiday Cyberattacks
As the 2025 holiday shopping season hits full stride, Amazon is warning all 300+ million of its customers to stay on high alert. With Black Friday sales stretching longer each year, cybercriminals are exploiting the shopping surge, and new data shows their tactics are more aggressive and convincing than ever.
Why Amazon Is Sounding the Alarm
In a November 24 email sent to users, Amazon warned that scammers are increasingly impersonating the company to steal sensitive personal and financial information. These attacks aren’t new, but they’re evolving fast, especially with artificial intelligence making fake messages, spoofed websites, and fraudulent alerts look more realistic.
According to Amazon, attackers are reaching out using:
- Fake delivery or “account issue” notifications
- Social media ads for unreal “too-good-to-be-true” deals
- Messages from unofficial channels asking for login or payment info
- Suspicious or unfamiliar links
- Unsolicited tech support phone calls
Amazon stresses that customers should treat any unexpected message requesting credentials or payment information with extreme caution.
New Report Confirms Rising Holiday-Themed Scams
A fresh FortiGuard Labs report backs up Amazon’s warning. The findings reveal:
- 18,000+ holiday-themed domains registered in the last three months
- 750 confirmed malicious
- 19,000+ domains impersonating major brands, including Amazon
- 2,900 malicious brand lookalike domains
Cybercriminals are crafting domains with slight variations, easy to miss during the rush of holiday shopping. Experts warn that AI is accelerating the sophistication of these scams, making fake order confirmations, spoofed retailer websites, and forged customer service interactions more convincing than ever.
The FBI Confirms Massive Financial Damage
In a new public service announcement on November 25, the FBI warned that brand impersonation attacks are fueling a surge in account takeovers. Since January 2025, thousands of victims have reported losses totaling more than $262 million.
These scams often involve:
- Phone, text, email, or instant message contact from someone pretending to be customer support
- Claims of “fraudulent activity”
- A link to a realistic but fake website
- Victims entering their login, MFA code, or one-time passcode
- The attacker using those credentials to reset the password and take over the account entirely
Although the FBI’s alert focuses on financial institutions, the tactics apply to all major brands, including Amazon.
How Amazon Says You Can Protect Yourself
Amazon is urging customers to take the following steps to protect their accounts year-round:
1. Use Only Official Amazon Channels
Rely exclusively on the Amazon app or amazon.com for customer service, order tracking, refunds, and account updates.
2. Enable Two-Factor Authentication (2FA)
2FA adds a crucial layer of protection against unauthorized access.
3. Use Passkeys
Passkeys let you sign in using biometrics (face, fingerprint) or your device PIN, a safer alternative to passwords.
4. Remember What Amazon Will Never Do
Amazon will never:
- Ask for payment over the phone
- Request payment information via email
- Ask you to verify account credentials through links or messages
If you receive messages asking for any of those, assume it’s fraudulent.
Stay Vigilant This Holiday Season
With AI-powered scams accelerating and brand impersonation attacks spiking, Amazon’s warning is timely and necessary. Whether you’re shopping for holiday deals or simply checking order updates, a moment of caution could save you from a costly scam.
Stay safe and always confirm before you click.
Beware of Bitcoin ATM Scams: What You Need to Know to Stay Safe
As technology evolves, so do the ways scammers try to take advantage of unsuspecting victims. One of the latest tactics involves Bitcoin ATMs—machines that let users buy cryptocurrency using cash or debit cards. While legitimate Bitcoin ATMs exist, scammers have found ways to exploit them to steal money from innocent people. At SRI Federal Credit Union, protecting our members from fraud is a top priority. Here’s what you need to know about these scams and how to stay safe. How the Scam Works Common Red Flags Be alert for these warning signs: How to Protect Yourself We’re Here to Help If you ever feel uncertain about a payment request or believe you’ve been targeted by a scam, contact SRI Federal Credit Union right away. Our team can help you verify the situation and take steps to protect your accounts. Fraudsters are getting more creative, but together, we can stay one step ahead. Stay informed. Stay cautious. Stay protected.
At SRI Federal Credit Union, your safety and peace of mind always come first.
Tap Cards Are Here at SRI Federal Credit Union!
Big things are happening at SRI Federal Credit Union! We’re excited to announce that Tap Cards, also known as contactless payment cards, are now available for all SRIFCU Visa® Credit and Debit Cards. This means every member can now enjoy a faster, easier, and more secure checkout experience with just a simple tap. Tap Cards are a modern, more convenient way to pay. With just a quick tap on the payment terminal, you can complete purchases in seconds without swiping, inserting, or entering a PIN for most small transactions. Here’s what you can look forward to: ✅ Fast and Convenient – Tap and go at checkout counters, transit stations, vending machines, and many other places. 💳 Look for this symbol wherever you shop! Whether you’re grabbing a cup of coffee, picking up groceries, or boarding public transit, Tap Cards make everyday purchases quick and safe. If you already have an SRIFCU Visa Credit or Debit Card, your current card will automatically be replaced with a Tap Card when it expires. However, if you’d like to start tapping now, you can call us and request a Tap Card today! Please note that Tap Cards are not yet available for instant issue at our branch, but they will be very soon. For now, once your new Tap Card is ordered, it will arrive within 7–14 business days. We’ll continue sharing updates as Tap Cards become available for instant issue and provide more details on activation, usage, and FAQs. Tap into the future of payments with your new SRIFCU Tap Card!Why Tap Cards?
✅ Safe and Secure – Each transaction uses a unique, one-time code that helps protect you from fraud.
✅ Widely Accepted – You can use your Tap Card anywhere you see the contactless symbol:
How to Get Your Tap Card
Stay Tuned
Fraud Alert: Scammers Posing as U.S. Marshals
At SRI Federal Credit Union, protecting our members from fraud is always a top priority. We are alerting you to a new phone scam that has been reported in our community. Scammers are calling members while pretending to be U.S. Marshals or other law enforcement officials. They use intimidation tactics and claim that your accounts are “under investigation.” Victims are pressured to: Withdraw large sums of cash and tell the bank or credit union it’s for “home remodeling.” Purchase cryptocurrency, gold, or gift cards and send proof to the scammer. Hand over cash to a so-called “courier” who comes to their home. These calls are designed to create fear and urgency, making people feel they must act quickly to “protect” their money. ⚠️ Important: Real law enforcement will never call and demand money, ask you to hide the reason for a withdrawal, or send someone to your home to collect cash. If you receive one of these calls: Hang up immediately. Do not continue the conversation. Do not share personal or financial information. Verify with us directly. Call SRI Federal Credit Union at 650-800-5434 if you’re ever unsure. Report the scam. Visit ReportFraud.ftc.gov or call the National Elder Fraud Hotline at 833-372-8311. These scams often target seniors, but anyone can fall victim. Please help us spread the word by sharing this alert with family, friends, and neighbors. Together, we can stay alert, protect our finances, and stop fraud before it spreads.How the Scam Works
What You Should Do
Protect Your Community
All You Need to Know About Overpayment Scams
Great news – you’ve just received a check, and you’ve been overpaid! But there’s a catch: the check writer wants you to send the surplus back to them. Unfortunately, though, if you follow these directions, you’ll be buying right into a scam. Overpayment scams are fairly common, and for the unaware, they can be difficult to spot. Let’s take a look at these scams and what you need to know to avoid falling victim to these ruses. What is an overpayment scam? In an overpayment scam, fraudsters target an individual who’s selling a large item online, such as a car. The scammer will reach out to the seller, offering to buy their car for more than the asking price. Then, they’ll send the seller payment in the mail. At this point, the seller is thrilled. But, when the check comes, it brings with it a surprise – they’ve been overpaid. Soon after, the alleged buyer contacts the seller to ask them to refund the surplus. The seller may think it’s strange, but they comply, not wanting to keep money that isn’t theirs. The next thing they know, the original check hasn’t cleared and they realize they’ve been scammed. Not only have they not been paid for the purchase they believed the check writer was buying, but they’ve also lost the money they’ve sent back to the scammer. Red flags When selling an item on an online platform, look out for these red flags, which can alert you to a possible overpayment scam: If you encounter any of these red flags while trying to sell an item online, do not engage with the “buyer.” Block their email address and mark it as spam to avoid further contact from the scammer. You may also want to report them to the platform you’re selling the item on to help stop them from reaching out to others. How to avoid overpayment scams The FTC offers the following tips for avoiding overpayment scams when selling online: If you’ve been targeted If you believe you’ve been targeted by an overpayment scam, there are steps you can take to mitigate the damage. First, report the scam to your financial institution, as they may be able to reverse the payment. Next, alert the FTC at ftc.gov so they can do their part in catching the criminals. Finally, you can let your local law enforcement agencies know about the scam and warn your friends and family about it as well. Don’t get caught in an overpayment scam! Use this guide to stay safe.
Protecting Our Members After the NationalPublicData.com Breach
In today’s digital landscape, data breaches have become all too common. The most recent incident involves a hacker known as “USDoD,” who allegedly breached the systems of National Public Data, a company that aggregates data to provide background checks. This breach, which is believed to have started in or around April 2024, resulted in the theft of personal records that were later posted for sale and eventually released by other criminal groups onto the dark web. As a credit union committed to the security and privacy of our members, we want to keep you informed about this incident and provide you with actionable steps to protect yourself from potential fraud and account takeovers. Understanding the Breach The breach at National Public Data exposed a significant amount of personal information. While this breach did not directly involve our credit union’s systems, the compromised data could still affect our members if their personal details were included. Currently, available information suggests that this breach involved personal information—such as names, addresses, contact information, and potentially Social Security numbers—not credit or debit card information. At this time, we do not believe card data was compromised in this event. How This Could Affect You Even though credit and debit card information was not compromised, the exposure of personal data still poses a risk. Cybercriminals may use this information to engage in identity theft, phishing scams, or account takeovers. They could impersonate you, gain unauthorized access to your accounts, or create new accounts in your name. Steps to Protect Yourself Fraud Alert: A fraud alert is a warning placed on your credit report that tells creditors to take extra steps to verify your identity before issuing credit in your name. This can be particularly helpful if you believe your personal information may have been compromised, as it makes it harder for identity thieves to open new accounts. How to Place a Fraud Alert: Credit Freeze: A credit freeze (also known as a security freeze) is a more robust protection that locks your credit report, preventing creditors from accessing it entirely. This means that new credit accounts cannot be opened in your name while the freeze is in place. Unlike a fraud alert, a credit freeze does not expire and remains in place until you remove it. How to Place a Credit Freeze: Our Commitment to Your Security At SRI Federal Credit Union, your security is our top priority. We are continuously monitoring our systems and taking proactive measures to protect your accounts. We also encourage you to take these precautions to safeguard your personal information. If you have any questions or concerns, please do not hesitate to reach out to our member services team. Together, we can protect your financial well-being and maintain the trust you’ve placed in us.
All You Need to Know About One-Time Password Scams
One-time passwords (OTPs) are a crucial security feature in our digital age by offering an extra layer of protection for online transactions and account logins. Unfortunately, though, scammers often try to hijack these codes to steal sensitive information, money, or both. Here’s what you need to know about one-time password scams and how to avoid them. What is a one-time password scam? One-time password (OTP) scams are designed to trick individuals into sharing their OTPs, which scammers then use to gain unauthorized access to accounts. Here are the various ways these scams go down: Whichever method is deployed in an attempt to steal your OTP, the scammer will then use it to access your accounts and possibly steal your identity Red flags Avoid falling victim to a one-time password scam by watching out for these red flags: Protect yourself Staying safe from OTP scams requires vigilance and adopting best practices for online security. Here are some steps you can take: If you’ve been targeted If you believe you’ve been scammed and/or have shared your OTP, take immediate action. First, change the passwords on all affected accounts and those that have similar login credentials. Next, inform the host organization of the account that it’s been compromised. They can help secure your account and guide you on additional steps to take. Monitor your accounts in the ensuing weeks and months, keeping a close eye on your financial statements and account activity for any unauthorized transactions. Finally, file a report with your local consumer protection agency, the Federal Trade Commission (FTC), and the Internet Crime Complaint Center (IC3). You may also want to consider identity theft protection at this time if sensitive information was compromised. One-time password scams can be difficult to spot and wreak massive damage. Use this guide to learn about one-time password scams and how to prevent yourself from falling victim. Stay safe!
All You Need to Know About Pig-Butchering Scams Category: Scams: Phishing Scams
You may have received a text or chat message in recent months about an attractive-looking investment opportunity. The message may have seemed to be sent mistakenly, but it’s all too real. In fact, it’s likely a pig-butchering scam.
Let’s take a look at these prevalent scams and how you can avoid falling victim. What is a pig-butchering scam? “Pig butchering” refers to the practice of fattening up a hog before slaughter. This scam, which originated in China, has been spreading around the world since COVID. In a pig-butchering scam, a fraudster creates a fake online persona, usually accompanied by an attractive photo and a luxurious lifestyle that is showcased in more photos to flesh out their story. Then they’ll initiate contact with a target on dating or other social media platforms, pretending to have reached out by mistake. Somehow, they’ll transition from there into a chat about the target’s life, family, work and more. To make themselves sound more believable, the scammer will invent details about their own life. They’ll use this to create a real rapport with the target until they’re actual friends, albeit with only a remote connection. Next, the scammer will start dropping hints about a fabulous investment opportunity. They’ll brag about their own success with this investment, sometimes even sharing screenshots of an alleged brokerage account with handsome earnings. They’ll try persuading the victim to invest in this “opportunity” as well, building on their growing relationship, until the victim agrees to join in the supposed opportunity. Once the victim agrees to go along with the investment, the scammer will offer to help them with the investing process. They may explain exactly how to wire money to a crypto wallet and, ultimately, to a bogus brokerage. Sometimes, they’ll recommend that the victim starts with a modest investment, which will soon show a (fabricated) gain. They may even allow the victim to withdraw some funds, which will convince the victim that the investment is genuine. Here’s where things get really ugly. Once the faux trust has been established, and the pig has been good and fattened, the scammer will persuade the victim to invest heavily in this “stock”. The victim, sure it is a legitimate opportunity that will only show gains, is more than happy to do so. They will even sometimes pursue mortgaging their house to get in on this investment. Other victims have liquidated their retirement savings or taken out loans. The scammer will continue to put pressure on the victim, watching gleefully as they pour more and more of their savings into the alleged investment. When the victim has sunk a significant amount of money into the investment, the scammer will suddenly disappear, leaving the victim with a useless “investment” and no way to recover their funds. Red flags Watch out for these red flags that can alert you to a possible pig-butchering scam: Stay safe Don’t get butchered! Follow these tips to stay safe. First, thoroughly research every investment opportunity before dropping any of your funds in it. Next, only use a registered and secure investment platform or app. Stay away from investments that guarantee quick, high returns and press you to act quickly. Be wary of any strangers who’ve contacted you “by mistake” and insist on pursuing the relationship. As with any scenario, never share your sensitive information with an unverified contact. If you believe you’ve been targeted by a pig-butchering scam, alert the FTC and your local law enforcement agencies. Do not engage with the scammer and be sure to block their number and/or email address from your devices. Finally, let your friends know the scam is happening in your circle. Stay safe!
Don’t Get Caught in an Investment Scam!
Investment is rarely without risk. Nearly every investment option carries with it the possibility of loss. What many don’t realize though, is that in addition to the typical risks, investing also carries the danger of falling prey to an investment scam. Investment scams can include promises of high return for minimal investments that never materialize, scammers posing as financial planners and offering useless – even harmful – advice for a hefty fee, and illegal securities offered as IRA investments. However, the most common investment scam is the Ponzi scheme. Let’s take a closer look at this scam and how you can avoid falling victim. What is a Ponzi scheme? Named for the original pyramid scammer Charles Ponzi, a Ponzi scheme is simply a sophisticated way that scammers rob from Peter to pay Paul. The orchestrator of the scheme will promise high returns to investors, often through a fictitious investment opportunity or business venture. Instead of using investments to generate profit, though, the scammer uses these funds to pay returns to their earlier investors. This creates the illusion of a profitable enterprise. The scheme grows, with more investors joining, and the scammers at the top of the pyramid making the most money. Eventually, the entire house of cards comes toppling down, with investors losing significant amounts of money. How to spot a Ponzi scheme Look out for these key characteristics of a Ponzi scheme to ensure you don’t get caught: Protect yourself from Ponzi schemes Ponzi schemes are fairly common, but with a little bit of knowledge and awareness, you can protect yourself from falling victim. Here’s how to protect yourself from Ponzi schemes: If you’ve been targeted If you believe you’ve been targeted by a Ponzi scheme or investment fraud, report it to the appropriate authorities as soon as possible so they can do their part in apprehending the criminals. You can alert the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) and the Federal Trade Commission (FTC) as well as your local law enforcement agencies. Ponzi schemes and other investment scams prey on the universal desire for easy money, but the only beneficiaries from these ruses are the scammers at the top of the pyramid. Stay alert, and stay safe!
Don’t Get Caught in an Emergency Scam!
It’s your grandson on the line and he’s in deep trouble! He’s telling you he’s been kidnapped for ransom, or perhaps he’s in trouble with the police and needs money for bail. Whatever the “emergency,” he’s asking you to wire money ASAP! You may already be calculating how much you can send, but pause for a moment, because you’re likely being scammed. Here’s what you need to know about emergency scams and how to protect yourself. How the scams play out In an emergency scam, a target receives a phone call, email or text message allegedly from a close relative. The caller claims to have been caught in hot water, which can be anything from a kidnapping, an issue with the police, a car accident or even getting stuck overseas with no money. Sometimes, the call will include another party, such as the “kidnappers” or “police officers” who are supposedly involved in the emergency. The caller will then ask the target to send over money as soon as possible using a wire transfer or prepaid debit card. They’ll also demand that this information not be shared with any other family members. They’ll claim to be embarrassed that they’ve gotten into this situation and ask that you honor their request to keep it quiet. While emergency scams are commonly played out with a grandparent of an alleged caller, they can also target parents, uncles, aunts, and siblings of the “caller”. They may even call posing as a friend or old neighbor of the target in an attempt to lure them into the scam. Unfortunately, if the target follows the directions of the caller and sends over money, these funds will go directly into the pockets of a scammer. How emergency scams lure victims If you’re reading the description of an emergency scam and thinking that no one could possibly fall for one of these ruses, think again. Scammers use several convincing methods to convince their targets that they are actually the callers they claim to be. First, the scammer will troll the target’s social media pages to learn their name, home address, job details, date of birth, and any other details about their life. Sometimes, they’ll hack the target’s email account to get this information. Next, scammers may pretend to be an “authority figure” who allegedly authenticates the caller’s story. They may pose as a lawyer, police officer, or even a doctor. Victims are often pulled into the scam when they hear an alleged authority figure on the call with their relative. Finally, some scammers go the extra mile by using AI to clone the “caller’s” voice. They simply scrape an audio clip they find on the internet and then use a voice-cloning program to make the emergency sound legitimate, even though it never happened. Red flags Here are some signs that can alert you to the possibility of an emergency scam: Protect yourself Follow these tips to keep yourself safe from emergency scams: Emergency scams play on the target’s emotions and assume they will act quickly to save their relative from a hairy situation. Stay calm and alert, and use the information here to avoid getting caught in an emergency scam.
