Fraud & Security Center

Stay ahead of fraud

Trailhead is here to protect you from fraud and scams.

Keep an eye out for these common scams

Imposter Scam

Trailhead will never call, email, or text you to ask for sensitive personal information including your username, password, debit or credit card number, PIN, or CVV code. If someone asks you for this information, it is a scam!

Phishing/Spoofing

Fake emails, texts, or phone calls that may appear to be legitimate can trick you into revealing personal and sensitive financial info. Never click on links in unsolicited emails or texts; instead go directly to Trailhead’s website or call us 503.220.2592.

Overpayment Scam

Scammers will try to send a fake check for more than the agreed-upon amount and then ask you to refund the difference. Never accept a check for more than the amount you are owed. Do not deposit checks from unknown sources and then send money back to them.

Prevent fraud before it happens

Fradsters are becoming more sophisticated with their schemes, putting members at risk. Let’s work together to help protect your accounts.

Monitor your account

Regularly check your accounts and cards via digital banking and look for any unfamiliar transactions.

Set up account alerts

Use digital banking to set up text or email alerts for balance levels and transactions on each of your accounts.

Keep contact information updated

Go to your profile in digital banking and ensure all contact information is current so we can reach you if we detect unusual activity.

Download the Mobile Banking App

Identity Theft Protection

Receive a discounted price on identity theft protection and remediation services through Trailhead’s partnership with IDSafeChoice.

Learn about our ID Protection Services

Here are some tips to protect yourself from fraud

We encourage our members to use strong passwords. Digital banking passwords must meet the following requirements:

Must be between 12 and 20 characters in length
Must contain at least one letter, number, and special character
Must contain both uppercase and lowercase letters
Cannot contain the following special characters: . @ : ~ (Period, At, Colon & Tilde)
Cannot be one of your last 3 passwords

Passwords should never be personal names, birth dates, or words found in a dictionary. Passwords should be kept secret and they should also be changed occasionally. The same password should not be used for multiple sites.

Be mindful that your email address is the most important digital account you have since it often is used as a way to reset passwords for all sorts of other accounts. It is very important to have a strong & unique password in place on your email account to prevent fraudsters from resetting your other passwords that have access to your email account.

Card Security

Manage your cards through digital banking and temporarily disable them if your card(s) have been lost or stolen. Then call 1-877-599-5617 to report your card as lost or stolen.

Add a Travel Notice

Visa Fraud Prevention Services

In the case of unusual activity on your debit or credit card, you will receive a text or phone call from Visa Fraud Prevention Services to verify the transaction(s). Please be aware that they will never ask for your entire card number, expiration date, or CVV (security) code. They may ask:

Your zip code
The last four digits of your Social Security Number
The phone number of the primary member
Your date of birth
The amount of your last transaction or payment

Don’t reveal personal information via email, text message, or social media messaging. Phishing scams are becoming more sophisticated and can be masked to look like they are coming from a trusted sender or a legitimate company. Be cautious of requests for passwords, social security numbers, or financial information, regardless of the platform. Always verify the sender’s identity through a separate, trusted channel before providing any information.
Be cautious with attachments and links. Never open files or click links from an email, text, or message from someone you don’t know. Malicious attachments can download harmful malware or viruses, and links can lead to phishing sites. Even if you recognize the sender, be suspicious of unexpected attachments or links, and verify with them through a separate communication channel before proceeding. This includes links to cloud documents (e.g., Google Docs, Dropbox) that may contain malicious content.
Never log in from a link that is embedded in an email or text message. Criminals can create fake email addresses and deceptive websites that mimic legitimate login pages. To avoid their trap, always go to the site directly by typing the official URL into your browser. Better yet, use a password manager, which can auto-fill your credentials only on the legitimate site, providing an extra layer of protection. Always enable multi-factor authentication (MFA) whenever it’s available for your accounts.
Always verify the URL. If you click on a link, take a moment to double-check the URL in your browser’s address bar. Malicious websites often use subtle misspellings (e.g., ‘amaz0n.com’ instead of ‘amazon.com’) or different domain endings. Make sure the Web page you’re visiting matches exactly with the official URL you expect, and look for the padlock icon indicating a secure connection (HTTPS).
Use strong, unique passwords for every account. Don’t reuse the same password across multiple sites. A single data breach could compromise all your accounts if you do. The best way to manage this is to use a password manager, which can generate and securely store complex, unique passwords for you, and automatically fill them in only on the legitimate website.
Always enable multi-factor authentication (MFA) whenever it’s available. MFA requires a second form of verification—like a code sent to your phone or an authentication app—in addition to your password. Even if a criminal steals your password, they can’t access your account without that second factor, making it one of the most effective security measures you can use.
Be wary of anything that seems too good to be true. This includes emails, texts, or social media messages that promise free prizes, large sums of money, or incredible deals on products. These are classic bait to get you to click a malicious link, download a file, or provide personal information. If an offer sounds unrealistic, it’s almost always a scam.
Keep Software and Apps Updated. Software updates aren’t just for new features; they often contain critical security patches that fix vulnerabilities. Make sure your operating system, web browser, and all your apps are set to update automatically to protect your devices from known security flaws.
Regularly check and adjust your privacy settings on social media and other apps. Take a few minutes to review who can see your profile, posts, and personal information. Limiting what you share publicly can reduce the amount of information that scammers and identity thieves can use against you.

FAQs

Contact us immediately either in-person, by calling 503-220-2592, or by sending a secure message through Digital Banking. Outside normal business hours please call 866-599-5617 and select option 2 for immediate assistance with blocking your card, then follow up with us during normal business hours to assist with any card replacements or transaction disputes. You can also use Digital Banking to toggle your card on or off to stop transactions from authorizing.

A credit freeze, also known as a security freeze, is the best way to help prevent new accounts from being opened in your name. You may do so by contacting each of the three credit bureaus:

TransUnion: www.transunion.com | 1-800-680-7289
Equifax: www.equifax.com | 1-800-525-6285
Experian: www.experian.com | 1-888-EXPERIAN (397-3742)

If you suspect that your personal information has been used to commit fraud or theft, take the following steps right away:

Visit the Federal Trade Commissions Identity Theft website at www.identitytheft.gov to file a report and get a recovery plan. They will provide a list of steps to take base on the type of identity fraud you experienced.
Contact the fraud departments of each of the three major credit bureaus below and tell them you have been a victim of identity theft. Ask them to place a “fraud alert” in your file, as well as a “victim statement.”
- Equifax: 1-800-525-6285
- Experian: 1-888-EXPERIAN (397-3742)
- TransUnion: 1-800-680-7289
Contact Trailhead, any other financial institutions you use, and your creditors to protect your accounts and close them if necessary. You may want to report stolen checks to the following agencies:
- TeleCheck: 800-710-9898
- Equifax Check Systems: 800-437-5120
- ChexSystems: 800-428-9623
File a report with your local police or the police in the community where the identity theft took place. Keep a copy of the report because you may need it to validate your claims to creditors.
Report stolen mail to your local postal inspector at 503-279-2060.
Report your incident to the Social Security Fraud Hotline at 800-269-0271.
Learn more about Identity Theft Protection.

Monitor your credit report by pulling one report a year for each of the three credit reporting agencies at annualcreditreport.com. Pull one in the spring, one in the summer, and one in the fall. That way you will be able to see if there are any unauthorized credit accounts or application. Then file disputes with each agency when/if you find any.
Keep a close eye on the balances and transaction details of your accounts (Checking, Savings, Credit Card, etc) by reviewing your monthly statements and using Online and Mobile Banking. If you see a charge on your account you aren’t familiar with report any unauthorized transactions immediately.
Pay attention to your billing cycles. Follow up with creditors if your bills don’t arrive on time. A missing bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks.