Coast Capital Savings reassures clients after cyber theft impacts over 100 accounts

Jan 17 2019, 7:03 pm

After cyber thieves stole large amounts of cash from over 100 Coast Capital Savings members late last year, the Credit Union said it is in the final stages of its investigation, and that other members should not be alarmed.

“This is not a wide-spread issue… this is a case of cyber fraud, not a system breach or system hack,” said Coast Capital spokesperson Erin McKinley.

McKinley told Daily Hive that in the case of the recent thefts, the accounts were accessed using “using legitimate online credentials,” and were not a result of unauthorized access to the Coast Capital system.

McKinley said at this point in the investigation, “those members affected are being made aware of the outcome of our investigation at this very moment.”

In the coming days, she added, “all affected members will have resolution.”

See also

While any amount of cyber-theft is troubling, McKinley noted it’s important to keep things in perspective when it comes to cases like this. She stressed she’s not trying to minimize the impact to those involved, but noted the thefts “affected 140 members out of our 550,000 members. That comes out to a fraction of 1% of our total membership.”

At the end of the day, she added, “our systems are safe.”

On its website, Coast Capital advises customers how to recognize – and protect themselves from – scams and fraud such as this most recent incident.

The company notes that Phishing scams are circulating using the name and logo of Coast Capital Savings in an email and/or text with a link to a false Coast Capital Savings website.

“These emails and texts are fraudulent and not from Coast Capital Savings,” the advisory reads. “It is important to note that Coast Capital Savings would never email or text our members asking for their confidential banking or personal information.”

Those who receive such emails or texts should “not respond in any way or use the link to visit the fraudulent site.”

How the scam works

The messages generally have a Coast Capital Savings logo, or one of their partners such as Visa Desjardins, at the top and may come from an address such as “[email protected]

The emails and texts ask the recipient to click on a link to verify security information. The link then connects to a website that looks very much like the actual Coast Capital Savings website.

This email and text entice the recipient to log in as they normally would by entering an account number and Personal Access Code. The recipient may then be asked to enter their Social Insurance Number/ Social Security Number, date of birth and their email address. The information is then used to commit fraud.

“If you receive such an email or text, do not click on the link or respond to the email in any way as it may compromise your computer or smartphone,” the company warns.