KNOWLEDGE TO KEEP YOU PROTECTED
United Bank is committed to protecting your accounts from cyberattacks and identity theft. The products and services we offer come with tools and resources to help keep you and your accounts safe. However, in some cases that may not be enough. We rely on you to take all necessary steps to ensure your accounts are protected on your end, as well. Check out the security information below for tips on how to stay safe online.
If you are concerned about the Equifax breach, please see below for FAQs to learn more about the breach and how to protect yourself.
Frequently Asked Questions
I’ve been hearing about the Equifax breach in the news. What happened?
Equifax, one of the three major credit bureaus, experienced a massive data breach. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.
Was my information stolen?
If you have a credit report, there’s a good chance it was. Go to a special website set up by Equifax to find out: https://www.equifaxsecurity2017.com/. Scroll to the bottom of the page and click on “Potential Impact,” enter some personal information and the site will tell you if you’ve been affected. Be sure you’re on a secure network (not public wi-fi) when you submit sensitive data over the internet.
How can I protect myself?
- Enroll in Equifax’s services. Equifax is offering one year of free credit monitoring and other services, whether or not your information was exposed. You can sign up at https://www.equifaxsecurity2017.com/.
- Monitor your credit reports. In addition, you can order a free copy of your credit report from all three of the credit reporting agencies at annualcreditreport.com. You are entitled to one free report from each of the credit bureaus once per year.
- Monitor your bank accounts. We also encourage you to monitor your financial accounts regularly for fraudulent transactions. Use online and mobile banking to keep a close eye on your accounts.
- Watch out for scams related to the breach. Do not trust e-mails that appear to come from Equifax regarding the breach. Attackers are likely to take advantage of the situation and craft sophisticated phishing e-mails.
Should I place a credit freeze on my files?
Before deciding to place a credit freeze on your accounts, consider your personal situation. If you might be applying for credit soon or think you might need quick credit in an emergency, it might be better to simply place a fraud alert on your files with the three major credit bureaus. A fraud alert puts a red flag on your credit report which requires businesses to take additional steps, such as contacting you by phone before opening a new account.
How do I contact the three major credit bureaus to place a freeze on my files?
- Equifax: Call 800.349.9960 or visit their website.
- Experian: Call 888.397.3742 or visit their website.
- TransUnion: Call 888.909.8872 or visit their website.
Where can I get more information about the Equifax breach?
You can learn more directly from Equifax at https://www.equifaxsecurity2017.com/. You can also learn more by visiting the Federal Trade Commission’s web page on the breach at https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do. To learn more about how to protect yourself after a breach, visit https://www.identitytheft.gov/Info-Lost-or-Stolen.
- Please be aware that customers have reported receiving phone calls and text messages from 1-877-230-4454, asking them to verify suspicious check card activity. The calls are automated and provide a message stating “This is the Fraud Department and we believe your card has been compromised”. The customer is then instructed to verify the activity by entering the full card number, expiration date and 3-digit security code on the back of the card.
- If you receive a phone call or text message like this please DO NOT release any information about the card, as this is NOT our fraud monitoring services. We will never ask you to enter your full account number, expiration date and/or 3-digit security code. If you have released this information about your check card, please contact our Customer Service department at 1-800-327-9862 and a representative will assist you in getting a new card issued right away.
Protecting Yourself Against Identity Theft
Set up strong passwords
- Choose combinations of upper- and lower-case letters, numbers and symbols that are hard for a hacker to guess.
- Do not use your birthdate, address or names a hacker may easily guess.
- Do not use the same password for multiple accounts; if you do, once a hacker guesses your password correctly, he or she will have access to all your accounts.
Monitor your bank account transactions
- Check accounts for fraudulent activity at least once or twice a week. Federal laws and industry practices protect account holders when criminals make unauthorized purchases using stolen payment card numbers or other information in certain situations. For more information, review the FDIC’s article, How Federal Laws and Industry Practices Limit Losses From Cyberattacks
Use a designated mobile device or computer for online banking and shopping
- Some individuals purchase an old PC or designate one device for online banking and shopping. Devices are less vulnerable to cyberattacks when they are not used for web surfing, emailing, social media or playing games.
Effectively use anti-virus and security software
- It is important to install and constantly update anti-virus and security software. This includes basic anti-virus programs, as well as program updates. Manufacturers are consistently updating their products and services so they operate as efficiently as possible and incorporate the most up-to-date security technology. Next time a program, even as basic as Word, offers an update download it. Please note, you shouldn’t accept updates as they pop up on your computer, because those can be malware or viruses. Instead, you should go directly to the software website, find the appropriate update and download directly from the site.
Be cautious when connecting to the Internet
- A public computer in places like a hotel business center or library may not have up-to-date security software and could be infected with malware. In addition, if you are using a laptop or mobile device for online banking or shopping, avoid connecting it to a public wireless network. Criminals may intercept your device's signal and use it to collect personal information.
If you are a victim of a cyberattack and your identity has been stolen, contact the Federal Trade Commission to report identity theft and get a recovery plan.
For more tips on computer and internet security, watch the FDIC's multimedia presentation Don't Be an Online Victim: How to Guard Against Internet Thieves and Electronic Scams. Also, visit On Guard Online for information from the federal government on how to be safe online. The site includes videos from the Federal Trade Commission on what to do if your email is hacked or if malware attacks your computer.
Protecting Your Business Against Email Compromises
The FBI calls it Business Email Compromise and defines BEC as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” If your business conducts any transaction via wire, you and your company could be at risk.
From January 2015 to June 2016, the FBI reported a 1,300% rise in identified exposed losses. Most of the losses were reported in the United States and fraudulently -transferred funds typically ended up in China and Hong Kong. Unless fraudulent activity is discovered and reported within 24 hours, the chances of recovery are low. Only 4% of funds are ever retrieved.
Per research found by The Verizon 2016 Data Breach Investigations Report, employees and human error are the weakest link in any “IT system.” We recommend educating and training employees on all forms of cyberattacks, as well as asking them to use caution when sharing personal information on social media sites. We recommend educating all employees; however, human resources professionals, IT managers, C-level and senior executives and anyone with finance approval are more likely to be on the receiving end of attacks.
Those involved in large wire transfers are especially susceptible. Many companies have very lax policies when it comes to initiating a transfer. For some, the process is as simple as the CEO picking up the phone and requesting the movement of funds. Cybercriminals fish for information by sending emails to targets to glean information. Once successful, they pose as a familiar person and initiate the transfer. If multi-level safeguards are not in place, you may fall victim.
Human resources professionals are also top targets. Typically, they have access to the employee database, which includes sensitive information such as social security numbers and personal information. In addition, they receive resumes from potential applicants. Criminals may include spyware inside a resume or its delivery source, compromising the system.
What Can You Do to Protect Yourself and Your Business?
Know and guard yourself against the common methods of attack, including:
- Phishing emails are sent to many contacts simultaneously to “fish” sensitive information; hackers pose as reputable sources, such as banks, credit card providers, delivery firms, law enforcement and the IRS, to name a few.
- A more targeted form of phishing, the cybercriminal has either studied up on the group or has gleaned data from social media sites to con users. The email generally goes to one person or a small group of people who use that bank or service. Some form of personalization is included – perhaps the person’s name or the name of a client.
- Targeting top executives and administrators, criminals attempt to pull money from accounts or steal confidential data. Detailed, personal information about the executive and the business has been obtained prior to execution of this method.
- The three previous techniques fall under the broader category of social engineering. Social engineering in this application is the manipulation of people to trick them into divulging confidential information or providing access to funds. The art of social engineering might include mining information from social media sites. LinkedIn, Facebook and other venues provide a wealth of information about organizational personnel. This can include their contact information, connections, friends, ongoing business deals and more.
Fraud Prevention & Response Checklists