BluPeak Credit Union Details How to Avoid Scams This Holiday Season

“Every purchase online over a non-secure network is a chance for bad actors to gain access to your financials,” said Charlie Williams BluPeak’s SVP, Chief Risk Officer. “Take a common-sense approach to protecting yourself, and you’ll be in good holiday spirits all season long.”

Our mobile devices have made life easier in so many ways, but not just for us. It’s also never been easier for scammers to pretend to be someone they’re not in order to steal our personal information, log into our accounts, and ultimately, steal our money.

The holidays, in particular, can make us even more likely to fall prey to their schemes: We’re more distracted than usual as we cram a flurry of holiday-related activities into our already packed schedules. We also tend to travel more to be with family and friends, tempting us to join a bunch of unfamiliar wifi networks on the fly.

“Every purchase online over a non-secure network is a chance for bad actors to gain access to your financials,” said Charlie Williams BluPeak’s SVP, Chief Risk Officer. “Take a common-sense approach to protecting yourself, and you’ll be in good holiday spirits all season long.”

And of course, who among us will be keeping track of every single package that we’ve sent or will be delivered to us between now and the end of the year?

Make no mistake—we still believe your heart should be filled with joy this season. Just be wary of the ding coming from your pocket. That notification on your phone might just send you to a website with some very naughty intentions for your personal data.

Here are three holiday fraud-prevention tips to reduce your risk of being duped out of your precious data this season:

Tis the season for fake package-tracking texts

During the season of gift giving – and yes, incredible deals on items on our own wish list – online shopping goes into overdrive. And that means each one of us sets in motion a blizzard of package deliveries headed to your home and others’.

So beware the sudden text on some silent night that claims to be from FedEx, providing you with a tracking code and a link to update your delivery preferences. In the scheme unwrapped by the Federal Trade Commission, that link will take you to a fake Amazon website that presents you with a customer-satisfaction survey. And hey, you could win a prize for answering the questions–as long as you provide your credit-card information for “shipping fees.”

If you get a suspicious-looking text like this:

  • Don’t click on any links, which could open the door to your personal data.
  • Double-check deliveries directly via phone numbers and websites you know are real.

Aww, someone sent me an e-card!

Oh, the double-edged sword of digitization. We love sending greeting cards to those closest to us, and we love receiving them. But before opening an e-card notification sitting sweetly in your inbox with a subject line saying it’s from a “friend” or a former “classmate,” know that one click or finger tap can unleash malicious code that will install data-leaching programs on your device.

If you get a phishy e-card:

  • Don’t click any links unless you know the sender. Even then, if it looks a little off, it probably is.
  • You may even recognize the supposed “sender.” But they may have just fallen victim, and you might want to let them know.

The allure of “Lie”-fi

Web browsers are better than ever at alerting us if we’re on an unsecure network while on the go. And with unlimited data usage being a common feature of many cell-phone-service packages, there’s little need to hook up with some strange wifi network while you’re at the airport waiting to catch your connecting flight.

But what if you need to crack open the laptop to quickly send an urgent email with a massive file attached? Or, you’re at a swanky holiday soiree and want to share video of the scene while waiting in the bathroom line? In those moments, you may just feel bold enough to connect to an open wifi network.

Unfortunately, hackers are known to gain access to routers broadcasting open networks and create wifi hotspots from their mobile device. These days, you can’t even assume that a wifi network that asks for a password is secure. A hacker could just as easily obtain the password to join the network or create a fake wifi hotspot with an identical name and password.

As reported by the National Cybersecurity Alliance, research shows nearly two of every five wifi hotspots in the U.S. is inadequately secured.

Bottom line:

  • Heed your device’s security warnings and make sure URLs you visit start with “https.”
  • The only network you should trust is the one you set up yourself.

Scammers pretending to be us!

Among our members, some have received texts and calls from scammers claiming to be BluPeak employees who are supposedly trying to verify fraud activity. What they’re really trying to do is hack into the member’s Online Banking account, and when the scammer clicks the “Forgot Password” link while trying to log in, the member receives a text with a one-time passcode.

That’s why we include a warning in these text messages to never share the passcode with anyone, especially someone claiming to be one of our employees.

In the digital age, our devices and personal data are the keys to our accounts. And as a digital-first financial institution, BluPeak wants to make sure you protect what matters most from scammers using today’s technology to commit fraud at scale. If you’re a BluPeak member and have experienced fraud or noticed suspicious activity on your credit card, here’s what to do.

About BluPeak Credit Union

Founded in 1936, BluPeak Credit Union empowers its nearly 60,000 members to achieve financial wellness through a full range of financial products and services, including checking and savings options, credit cards, loans, mortgages and more. BluPeak has more than $1.2 billion in assets and members can access their accounts through six California branches, nearly 30,000 surcharge-free ATMs nationwide, and 24/7 online and mobile banking.

BluPeak membership is open to all Californians who live, work or worship in Alameda, Sacramento, San Diego, Santa Clara and Yolo counties, as well as those employed by the state of California, and California university employees and students. Formerly known as University & State Employees Credit Union (USECU), we changed our name to BluPeak in 2022. The new name reflects our California roots, is more inclusive to our field of membership, and better conveys our passion for going above all others in our relationships with members.

As a community leader, BluPeak partners with local causes, events and organizations that speak to our commitment to health, wellness and inclusiveness. Learn more at


Time Stamp:

More from Computer Security