header image of man with mobile phone and bank card

Online Security Tips

The virtual world is a dangerous place.

Cyber attacks, phishing scams, and identity theft are just a few of the very real threats you potentially face every time you are online. Identity theft continues to be one of the fastest-growing crimes in the United States and has ranked as one of the top consumer concerns for the past several years. This page includes tips to help protect yourself, as well as actions to take if you become a victim of identity theft.

E-mail, phone, and social media scams related to the virus are on the rise. Find out what the Federal Trade Commission is doing to keep scammers at bay by reading the FTC Consumer Information Page.

The FBI has created a publicly available section on its website that warns of various COVID-19 related scams and provides tips and resources to help protect against COVID-19 related scams. Read the FBIs warnings here.

Increase in Phishing Events

Financial organizations have seen an increase in phishing events during the COVID-19 pandemic. Phishing events are when a fraudster attempts to steal a person’s data, mainly login credentials, and card information. The fraudster then uses this information to process fraudulent card transactions or ATM withdrawals. Fraudsters often utilize social media or information bought on the Dark Web to initiate scams.

Keep in mind your financial institution will never contact a cardholder to ask for the following:

  • Account Number/Card Number
  • CVV
  • PIN
  • Passwords
  • Social Security Number
  • Online Banking Credentials
  • Or advise a cardholder to transfer or withdraw money

The cardholder should always reply NO if they are unaware of the transactions when an alert is received via a text or email.

Paycheck Protection Program Phishing Attack
Cybercriminals are attempting to take advantage of business owners who applied for a Paycheck Protection Program (PPP) loan through a fake Small Business Administration (SBA) loan update. The phishing email states that the loan application has been approved and it includes a link to "start the funding process". The link takes you to a phony login page that is nearly identical to the SBA's official website for the relief fund. The bad guys are phishing for specific login credentials to gain access to sensitive data, such as your organization's federal tax ID and banking information. 

Web and Teleconference Risks
The use of web conferencing and teleconference applications provide another vector for malicious cyber attackers to propagate attacks. Whether in the office or working from home, create non-public, private conferences that require username and password credentials. Do not publicly post meeting access links and credentials, and at the end of the conference session close the application and browser windows used to access the application.

PayPal Text Scam
In a recent trend, online scammers are sending text messages claiming to be from PayPal, warning of unusual activity on your account. If you click on the link in the text, you’re taken to a fake site that looks very similar to PayPal’s login page. You are prompted to enter private information such as your email address, password, mother’s maiden name, home address, and financial details. Do not enter any of your information! If you do, your details are immediately sent to the attackers, and your account and your identity are at risk.

Windows 7 Scam Alert!
Microsoft announced they will no longer be supporting their Windows 7 operating system. This means there will be no further updates to Windows 7. The bad guys are using this situation to their advantage. They will randomly contact you by phone, emails, or pop-ups and try to convince you to pay yearly fees, or they’ll insist that they need remote access to your computer so they can install “necessary” software. Remember Microsoft support does not call customers. Do not share your credit or debit card information with anyone that calls you. If a computer pop-up urgently claims that your computer needs an update to its version of Windows 7...don’t fall for it! 

Phishing (Don't get caught in the net!)
Phishing is a criminal act where you receive a fraudulent email from what appears to be a reputable company or well-known individual in order to get you to reveal personal information, such as passwords and credit card numbers. Be sure you are checking the message for any unusual signs, such as odd requests, inaccurate domain names, or other clues of suspicious behavior.

Free Flash Drives
Never pick up a random thumb drive that you found in a public place. The drive may be coded with software that automatically installs on the connected device, allowing criminals access to confidential and personal information.

Phone If You Think It's Phony
Scammers are known to pretend to be someone you work with or know personally, luring you to click on unsafe email links or download dangerous attachments. This is called "spear phishing." Be sure to read your emails closely. Look for spelling errors, unfamiliar email addresses, or unusual requests. If you question the legitimacy of an email, make a quick call to the supposed sender to ensure the email is safe.

Help! I'm Being Blackmailed via Email
Extortion means big money for cybercriminals. Protect yourself by never sharing compromising photos or videos, and cover any web cameras when not in use. Keep in mind the criminals behind the threat don't actually have negative content on you. They are attempting to scare you into sending money. Don't open any attachments and delete the email immediately. 

“Fakebook?”
The average internet user now has seven social media accounts. That is a lot of possible access to personal information that can be used against you in a cyber attack. This information is used to create fake profiles, business or activity relevant spear phishing attacks, or more. Be sure to keep your social media account settings on private and be cautious when sharing personal information online.

Putting the “Ad" in "Bad"
Clicking on advertisements, even on well-known websites, can place your computer at risk for infection. Be sure to have the most recent security updates installed and consider downloading an adblocker program. It is also recommended to change the settings of Adobe Flash to prevent automatic infections.

"Password" is NOT a password
Your password is one of the most important ways to protect your online confidential information. Be sure to use passwords that are easy for you to remember but hard for others to guess. Passphrases containing upper and lowercase letters, numbers, and symbols are even better. For even greater protection consider password management software with a random password generator, or two-factor authentication. Never use very basic passwords such as "1234" or "password", store your passwords on paper, or store your passwords on an unsecured document within your computer. 

Vishing (A New Twist on an Old Game)
Similar to "phishing", vishing is the criminal act of attempting to gain confidential information from you through the telephone by posing as a known company or individual. These attacks can be initiated by criminals calling using "spoofed" numbers, or by the victim calling a number listed in a fake e-mail or online ad. Always be aware of the personal or potentially sensitive information you are providing.

Typically, you'll receive an email that appears to come from a reputable company that you recognize and may do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, perhaps a federal financial institution regulatory agency.

The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases such as "Immediate attention required," or "Please contact us immediately about your account." The e-mail may also state that unless you provide certain confidential information your account will be deactivated or closed. The e-mail will encourage you to click a link to go to the institution's Website.

In a phishing scam, you could be redirected to a phony Website that may look exactly like the real thing. Sometimes, in fact, it may be the company's actual Website. In those cases, a pop-up window will quickly appear for the purpose of collecting your financial information.

You may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to your financial institution, such as your mother's maiden name or your place of birth.

If you provide the requested information, you may find yourself a victim of identity theft.

  • Never provide your personal information in response to an unsolicited request, whether it is over the phone or on the Internet. Emails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, do not provide any information.
  • If you are unsure whether a contact is legitimate, contact the financial institution. You can find phone numbers and Websites on the monthly statements you receive from your financial institution, or you can look up the company in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using information that you have verified yourself.
  • Never provide your account information and/or password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information or confirm a password online. Thieves armed with this information and your account number can help themselves to your money.
  • Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving or does not arrive, call us immediately to find out why. If you have online account access, check your account activity online regularly to catch suspicious activity.
  • Contact your financial institution immediately and alert it to the situation.
  • Close accounts you think have been tampered with or opened fraudulently. Call the security or fraud department of each associated company or financial institution. Follow-up in writing and supply copies of supporting documents.
  • It is important to notify credit card companies and financial institutions in writing. Send your letters by certified mail, return receipt requested, so you can document when and what the company received. Keep copies of your correspondence and enclosures.
  • Report all suspicious contacts to the Federal Trade Commission through the Internet at http://www.ftc.gov/ or by calling 1-877-IDTHEFT (1-877-438-4338).
  • Check with your state Attorney General's office to find out if state law requires the police to take reports for identity theft. Check the Blue Pages of your telephone directory for the phone number, or check www.naag.org for a list of state Attorneys General.

If possible, file a report with local police or police in the community where the identity theft took place. Obtain a copy of the police report or the report number. It can help you deal with creditors who need proof of the crime. If the police are reluctant to take your report, ask to file a "Miscellaneous Incidents" report.

If you disclose sensitive information in a phishing attack, contact one of the three major credit bureaus listed below and discuss whether to place a fraud alert on your file. A fraud alert will help prevent thieves from opening a new account in your name.

Equifax
800-525-6285
PO Box 740250
Atlanta, GA 30374
www.equifax.com

Experian
888-397-3742
PO Box 1017
Allen, TX 75013
www.experian.com

TransUnion
800-680-7289
PO Box 6790
Fullerton, CA 92634
www.transunion.com

Did you recently get a notice that says your personal information was exposed in a data breach? Did you lose your wallet? Or learn that an online account was hacked? Depending on what information was lost, there are steps you can take to help protect yourself from identity theft. 

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Learn More

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

The above information is a message from the following agencies: Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency and the Office of Thrift Supervision. By accessing the above links you will be entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Union State Bank's website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Union State Bank's.