header image of man with mobile phone and bank card

Online Security Tips

Remember: Never provide your account information or password/pin # over the phone or in response to an unsolicited Internet request.
 
A financial institution would never ask you to verify your account information or confirm a password online. Thieves armed with this information and your account number can help themselves to your money.
 

The virtual world is a dangerous place.

Cyber attacks, phishing scams, and identity theft are just a few of the very real threats you potentially face every time you are online. Identity theft continues to be one of the fastest-growing crimes in the United States and has ranked as one of the top consumer concerns for the past several years. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even a driver's license in your name. They can do damage to your financial history and personal reputation that can take years to unravel. 

This page includes tips to help protect yourself, as well as actions to take if you become a victim of identity theft.

E-mail, phone, and social media scams related to the virus are on the rise. Find out what the Federal Trade Commission is doing to keep scammers at bay by reading the FTC Consumer Information Page.

The FBI has created a publicly available section on its website that warns of various COVID-19 related scams and provides tips and resources to help protect against COVID-19 related scams. Read the FBIs warnings here.

Increase in Phishing Events

Financial organizations have seen an increase in phishing events during the COVID-19 pandemic. Phishing events are when a fraudster attempts to steal a person’s data, mainly login credentials, and card information. The fraudster then uses this information to process fraudulent card transactions or ATM withdrawals. Fraudsters often utilize social media or information bought on the Dark Web to initiate scams.

Keep in mind your financial institution will never contact a cardholder to ask for the following:

  • Account Number/Card Number
  • CVV
  • PIN
  • Passwords
  • Social Security Number
  • Online Banking Credentials
  • Or advise a cardholder to transfer or withdraw money

The cardholder should always reply NO if they are unaware of the transactions when an alert is received via a text or email.

COVID-19 Vaccine Fraud

COVID-19 fraud may include the sale of unapproved and illegally marketed vaccines, the sale of counterfeit versions of approved vaccines, and illegal diversion of legitimate vaccines. Fraudsters have reportedly offered, for a fee, to provide potential victims with the vaccine sooner than permitted under the applicable vaccine distribution plan.

SMISHING - SMS/Text Phishing
We have received reports of fraudulent text messages that appear very similar to legitimate card fraud alerts provided by Union State Bank. When a customer responds, an unknown individual calls them in an attempt to steal card and other personal identifying information. As of now these text messages show a transaction at Target in North Carolina but could be adjusted at any time. If you receive a text alert, look at it closely to determine if it’s suspicious. Some red flags could include not listing the last 4 digits of your card number or receiving the alert from a different phone number when compared with previous alerts. If you are suspicious, do not respond to the alert or disclose any information to the caller. Hang up and call Union State Bank at the number on the back of your card or at 1-866-557-0060 to confirm the alert is legitimate.

Love Me/Love Me Not

Dating and romance fraud often happens through popular dating sites, but these scammers use social media as well. These professional manipulators go to great lengths to gain your trust and your interest, often using details from your social media accounts to their advantage. Once they’ve gained your trust they will ask you for money, gifts, or bank account details. Often, they play up some sort of personal emergency, or claim they want to visit you but lack the funds to do so–and once you’re emotionally invested, these stories seem believable. Never send money to someone you haven’t met in person. Emotional investment can cloud your judgement, remember to follow your head and not your heart when it comes to online dating.

Social Media Quizzes 
"Take this short quiz to find out what this color/vegetable/pet/etc. means about you." The simple questions in these quizzes could be phishing attempts used by cyber criminals to gain valuable information for identity theft. Never share any information online that you wouldn't want to make public.

Deepfake Videos
Deepfake technology uses AI and machine learning to create realistic audio and video spoofs. These spoofs combine real footage of one person with the words or actions of another. There are a number of ways that the bad guys could use deepfake technology.  Celebrity impersonation to spread disinformation, or even impersonations from your company executives asking you to forward money or confidential information are potential concerns.  Always verify before taking action.

Paycheck Protection Program Phishing Attack
Cybercriminals are attempting to take advantage of business owners who applied for a Paycheck Protection Program (PPP) loan through a fake Small Business Administration (SBA) loan update. The phishing email states that the loan application has been approved and it includes a link to "start the funding process". The link takes you to a phony login page that is nearly identical to the SBA's official website for the relief fund. The bad guys are phishing for specific login credentials to gain access to sensitive data, such as your organization's federal tax ID and banking information. 

Web and Teleconference Risks
The use of web conferencing and teleconference applications provide another vector for malicious cyber attackers to propagate attacks. Whether in the office or working from home, create non-public, private conferences that require username and password credentials. Do not publicly post meeting access links and credentials, and at the end of the conference session close the application and browser windows used to access the application.

PayPal Text Scam
In a recent trend, online scammers are sending text messages claiming to be from PayPal, warning of unusual activity on your account. If you click on the link in the text, you’re taken to a fake site that looks very similar to PayPal’s login page. You are prompted to enter private information such as your email address, password, mother’s maiden name, home address, and financial details. Do not enter any of your information! If you do, your details are immediately sent to the attackers, and your account and your identity are at risk.

Windows 7 Scam Alert!
Microsoft announced they will no longer be supporting their Windows 7 operating system. This means there will be no further updates to Windows 7. The bad guys are using this situation to their advantage. They will randomly contact you by phone, emails, or pop-ups and try to convince you to pay yearly fees, or they’ll insist that they need remote access to your computer so they can install “necessary” software. Remember Microsoft support does not call customers. Do not share your credit or debit card information with anyone that calls you. If a computer pop-up urgently claims that your computer needs an update to its version of Windows 7...don’t fall for it! 

Phishing (Don't get caught in the net!)
Phishing is a criminal act where you receive a fraudulent email from what appears to be a reputable company or well-known individual in order to get you to reveal personal information, such as passwords and credit card numbers. Be sure you are checking the message for any unusual signs, such as odd requests, inaccurate domain names, or other clues of suspicious behavior.

Free Flash Drives
Never pick up a random thumb drive that you found in a public place. The drive may be coded with software that automatically installs on the connected device, allowing criminals access to confidential and personal information.

Phone If You Think It's Phony
Scammers are known to pretend to be someone you work with or know personally, luring you to click on unsafe email links or download dangerous attachments. This is called "spear phishing." Be sure to read your emails closely. Look for spelling errors, unfamiliar email addresses, or unusual requests. If you question the legitimacy of an email, make a quick call to the supposed sender to ensure the email is safe.

Help! I'm Being Blackmailed via Email
Extortion means big money for cybercriminals. Protect yourself by never sharing compromising photos or videos, and cover any web cameras when not in use. Keep in mind the criminals behind the threat don't actually have negative content on you. They are attempting to scare you into sending money. Don't open any attachments and delete the email immediately. 

“Fakebook?”
The average internet user now has seven social media accounts. That is a lot of possible access to personal information that can be used against you in a cyber attack. This information is used to create fake profiles, business or activity relevant spear phishing attacks, or more. Be sure to keep your social media account settings on private and be cautious when sharing personal information online.

Putting the “Ad" in "Bad"
Clicking on advertisements, even on well-known websites, can place your computer at risk for infection. Be sure to have the most recent security updates installed and consider downloading an adblocker program. It is also recommended to change the settings of Adobe Flash to prevent automatic infections.

"Password" is NOT a password
Your password is one of the most important ways to protect your online confidential information. Be sure to use passwords that are easy for you to remember but hard for others to guess. Passphrases containing upper and lowercase letters, numbers, and symbols are even better. For even greater protection consider password management software with a random password generator, or two-factor authentication. Never use very basic passwords such as "1234" or "password", store your passwords on paper, or store your passwords on an unsecured document within your computer. 

Vishing (A New Twist on an Old Game)
Similar to "phishing", vishing is the criminal act of attempting to gain confidential information from you through the telephone by posing as a known company or individual. These attacks can be initiated by criminals calling using "spoofed" numbers, or by the victim calling a number listed in a fake e-mail or online ad. Always be aware of the personal or potentially sensitive information you are providing.

Typically, you'll receive an email that appears to come from a reputable company that you recognize and may do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, perhaps a federal financial institution regulatory agency.

The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases such as "Immediate attention required," or "Please contact us immediately about your account." The e-mail may also state that unless you provide certain confidential information your account will be deactivated or closed. The e-mail will encourage you to click a link to go to the institution's Website.

In a phishing scam, you could be redirected to a phony Website that may look exactly like the real thing. Sometimes, in fact, it may be the company's actual Website. In those cases, a pop-up window will quickly appear for the purpose of collecting your financial information.

You may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to your financial institution, such as your mother's maiden name or your place of birth.

If you provide the requested information, you may find yourself a victim of identity theft.

  • Never provide your personal information in response to an unsolicited request, whether it is over the phone or on the Internet. Emails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, do not provide any information.
  • If you are unsure whether a contact is legitimate, contact the financial institution. You can find phone numbers and Websites on the monthly statements you receive from your financial institution, or you can look up the company in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using information that you have verified yourself.
  • Never provide your account information and/or password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information or confirm a password online. Thieves armed with this information and your account number can help themselves to your money.
  • Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving or does not arrive, call us immediately to find out why. If you have online account access, check your account activity online regularly to catch suspicious activity.
The Federal Deposit Insurance Corporation (FDIC) has produced a multimedia presentation to help consumers protect themselves from identity theft. The presentation provides information on steps consumers should take to secure their computer and protect themselves from identity theft, as well as actions consumers should take if they become a victim of identity theft. This presentation is hosted by Vodium.
 
  • Contact your financial institution immediately and alert it to the situation.
  • Close accounts you think have been tampered with or opened fraudulently. Call the security or fraud department of each associated company or financial institution. Follow-up in writing and supply copies of supporting documents.
  • It is important to notify credit card companies and financial institutions in writing. Send your letters by certified mail, return receipt requested, so you can document when and what the company received. Keep copies of your correspondence and enclosures.
  • Report all suspicious contacts to the Federal Trade Commission through the Internet at http://www.ftc.gov/ or by calling 1-877-IDTHEFT (1-877-438-4338).
  • Check with your state Attorney General's office to find out if state law requires the police to take reports for identity theft. Check the Blue Pages of your telephone directory for the phone number, or check www.naag.org for a list of state Attorneys General.

If possible, file a report with local police or police in the community where the identity theft took place. Obtain a copy of the police report or the report number. It can help you deal with creditors who need proof of the crime. If the police are reluctant to take your report, ask to file a "Miscellaneous Incidents" report.

If you disclose sensitive information in a phishing attack, contact one of the three major credit bureaus listed below and discuss whether to place a fraud alert on your file. A fraud alert will help prevent thieves from opening a new account in your name.

Equifax
800-525-6285
PO Box 740250
Atlanta, GA 30374
www.equifax.com

Experian
888-397-3742
PO Box 1017
Allen, TX 75013
www.experian.com

TransUnion
800-680-7289
PO Box 6790
Fullerton, CA 92634
www.transunion.com

Did you recently get a notice that says your personal information was exposed in a data breach? Did you lose your wallet? Or learn that an online account was hacked? Depending on what information was lost, there are steps you can take to help protect yourself from identity theft. 

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Learn More

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

The above information is a message from the following agencies: Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency and the Office of Thrift Supervision. By accessing the above links you will be entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Union State Bank's website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Union State Bank's.

Scams related to online shopping pose a persistent threat, and their potential to escalate is particularly heightened during major retail events like "Prime Days" by Amazon. These scams exploit the frenzy and excitement surrounding these events, preying upon unsuspecting shoppers eager to snag the best deals.

Scammers employ various tactics, such as creating counterfeit websites that closely resemble legitimate online stores, enticing customers with unbelievably low prices and fake promotions. Phishing emails and text messages also proliferate, luring individuals into sharing sensitive information or clicking on malicious links.

Additionally, fraudulent sellers may advertise non-existent products or send counterfeit items, leaving customers defrauded and disappointed. The sheer volume of online transactions during events such as Prime Days provide scammers with ample opportunities to deceive and exploit shoppers, making it crucial for consumers to remain vigilant and adopt robust security measures to protect themselves from these evolving threats.

Union State Bank values your trust in banking with us and securing your personal information is of utmost importance to us. At Union State Bank, we strive to keep you informed of events happening around financial matters that may concern you. In that respect, we would like to inform you of direct mailings from companies unaffiliated with Union State Bank being received by some of our customers that mention our bank by name. Any personal information printed in these letters was obtained through publicly sourced outlets and not provided by Union State Bank.

At this time Union State Bank has not verified the legitimacy of the unaffiliated companies and are not claiming the letters are fraudulent or related to any ongoing scams. However, we want to alert you of this situation and provide you with the necessary information to make an informed decision should you choose to do business with one of these companies.

The direct mailings you may have received contain language that utilizes scare tactics, creating the appearance that some form of coverage is about to expire and urging immediate renewal. It is crucial to read these mailings carefully and fully understand the details before taking any action. We want to emphasize that these mailings, or the services offered within, are not sent by Union State Bank, and the company responsible for them is not affiliated with your financial institution.

In the fine print of the letter, there is a disclaimer stating that the company sending the notice is not associated with your mortgage provider and that not all consumers have previous coverage. This disclaimer is intentionally placed in a less prominent position, making it easy to overlook or misunderstand the true nature of the mailing. It is essential to exercise caution and scrutinize all communication related to your financial affairs.

To protect yourself from potential scams or unauthorized solicitations, we recommend the following:

Verify the Source: Whenever you receive any communication regarding your mortgage, property, or financial relationship ensure that it originates from a trusted and authorized source. Reach out to your bank or mortgage provider directly to confirm the legitimacy of any such correspondence. Do not provide any personal information to these unaffiliated companies without verifying their legitimacy.

Read Carefully: Pay close attention to the content of the mailings, including the fine print. Look for any disclaimers or statements indicating that the company sending the notice is not affiliated with your financial institution.

Seek Professional Advice: If you are unsure about the legitimacy or implications of any direct mailing, it is wise to consult with a qualified professional, such as a financial advisor or your mortgage provider's customer service.

Report Suspicious Activity: If you believe you have received a fraudulent or misleading mailing, report it to the appropriate authorities. You can also notify your bank or mortgage provider to make them aware of the situation.

We take the security and well-being of our customers seriously. Our team is monitoring these unaffiliated mailings and taking steps to mitigate their impact on our valued customers. We apologize for any confusion or concern caused by these unsolicited communications.

If you have any questions or require assistance regarding your financial needs, please do not hesitate to contact our customer service team at 866.557.0060 or visit us online at www.MyUnionState.Bank. We are here to help you navigate through any concerns or uncertainties you may have.

Thank you for choosing Union State Bank as your trusted financial partner. We appreciate your continued loyalty and assure you that we are committed to safeguarding your financial interests

As the holiday season approaches, there is a noticeable increase in fraudulent activities and cybercrimes. Scammers and fraudsters become more active, attempting to take advantage of increased shopping activity and urgent need of additional funds. 

Key Points to be Aware of:

Phishing Scams: Fraudsters often use phishing emails and text messages that appear to be from the bank, retailers, or shipping companies. They may request personal information, account details, or payment information. Verify the authenticity of any such communication before responding.

Malicious Links: Be cautious of links in emails or text messages. These links may lead to fake websites designed to steal login credentials or install malware. Always double-check URLs before clicking.

Gift Card Scams: Scammers may trick victims into purchasing gift cards as a form of payment. They may impersonate loved ones, government agencies, or utility companies. Verify the legitimacy of any such requests.

Fraudulent Transactions: Keep an eye out for unusual account activity. Check online banking, mobile banking or statements frequently and promptly report any suspicious activities to our Fraud Team.

Social Engineering: Scammers can be highly persuasive and may attempt to manipulate you through phone calls or in-person visits. Be cautious about sharing sensitive information with strangers, whether on the phone or in person.

Secure Online Shopping: Only use secure websites (look for "https://") for online shopping and ensure that your devices have up-to-date antivirus and anti-malware software.  Be cautious using any online retailer that doesn’t have a well known reputation.    

What can you do?  

If you encounter a situation that appears suspicious or fraudulent, please report it to our Fraud Team immediately. They are here to support you in handling these issues and ensuring the safety of your financial assets.