Union Bank Privacy & Security
Privacy and security center
Cyber Crime, COVID and Working Remotely
As many of us have been working from home more due to the pandemic, and may continue to do so more in the future, it is important to stay connected and plugged in, as well as cyber safe. Please take the time to ensure you’re brushing up on your cyber-hygiene. Cybercriminals are now using vaccine scams to lure users into providing sensitive information and clicking on malicious links. Stay safe through ongoing education around COVID-19 cyber scams (alert) from the Cybersecurity and Infrastructure Agency, and keep these important tips in mind while working remotely.
MUFG Privacy Policy
Last Updated: March 12, 2021
MUFG Union Bank, N.A. including PurePoint Financial, which is a division and tradename of MUFG Union Bank, and MUFG Bank, Ltd, and their U.S. affiliates and subsidiaries, (collectively, “MUFG”) respect your privacy. This MUFG Privacy Policy describes the types of personal information we collect, how we use the information, with whom we may share it and the choices available to you regarding our use of the information. We also describe measures we take to protect the security of the information and how you can contact us about our privacy practices.
This MUFG Privacy Policy applies to all the products and services offered by MUFG (including on our websites (“Sites”), product portals (“Portals”) and mobile applications (“Apps”) (collectively, the “Digital Properties”)), except where a product or service has a separate privacy notice that does not incorporate this MUFG Privacy Policy. MUFG also provides certain individuals with supplemental privacy notices, as described below:
Other websites, products, and services of MUFG entities both within and outside of the United States of America contain different privacy statements to this MUFG Privacy Policy, and you are advised to review the privacy statement on each MUFG website.
Information We Obtain
We obtain personal information about you in various ways, such as when you visit our Digital Properties. We also may obtain personal information about you offline, such as when you call, mail or fax us, or interact with us at one of our office or branch locations. In addition, we may obtain information about you when you send or receive payments to or from one of our customers.
The types of personal information we may obtain includes:
When you visit our Sites and Portals, we may obtain certain information by automated means, such as cookies, web beacons, web server logs and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag or clear GIF, links web pages to web servers and cookies and may be used to transmit information collected through cookies back to a web server. The information we collect in this manner may include your device IP address, unique device identifier, web browser characteristics, device characteristics, operating system, language preferences, referring URLs, clickstream data, and dates and times of website visits.
When you use our Apps, we also may collect certain information by automated means, such as through device logs, server logs and other technologies. The information we collect in this manner may include the device type used, the mobile operating system, device identifiers and similar unique identifiers, device settings and configurations, IP addresses, battery and signal strength, usage statistics, referring emails and web addresses, dates and times of usage, actions taken on the App, and other information regarding use of the App. In addition, as indicated above, we may collect your device’s geolocation information. Your device’s operating platform may provide you with a notification when the App attempts to collect your precise geolocation. Please note that if you decline to allow the App to collect your precise geolocation, you may not be able to use all of the App’s features or the offers available through the App.
We may use these automated technologies on our Digital Properties to collect information about your equipment, browsing actions, and usage patterns. These technologies help us (1) remember your information so you do not have to re-enter it; (2) track and understand how you use and interact with our Digital Properties; (3) tailor the Digital Properties around your preferences; (4) measure the usability of our Digital Properties and the effectiveness of our communications; and (5) otherwise manage and enhance our products and services, and help ensure they are working properly.
Your browser may tell you how to be notified about certain types of automated collection technologies and how to restrict or disable them. Please note, however, that without these technologies, you may not be able to use all of the features of our Digital Properties. For mobile devices, you can manage how your device and browser share certain device data by adjusting the privacy and security settings on your mobile device.
As part of our ongoing efforts to enhance our online security and protect your information, we may place a private key on your device to help us identify the device as belonging to you. The use of a private key on your device assists you in conducting your online banking transactions.
How We Use the Information We Obtain
We may use the personal information we obtain to:
We also may use the information in other ways for which we provide specific notice at the time of collection.
Third-Party Analytics Services
We may use third-party analytics services on our Digital Properties, such as Google Analytics. The information we obtain through the Digital Properties may be disclosed to or collected directly by these services. To learn more about Google Analytics, please visit https://www.google.com/policies/privacy/partners/.
Interest-Based Advertising
On our Digital Properties, we may obtain information about your online activities to provide you with advertising about products and services that may be tailored to your interests. This section of our MUFG Privacy Policy provides details and explains how to exercise certain choices.
You may see our ads on other websites because we use third-party ad services. Through these ad services, we can target our messaging to users considering demographic data, users’ inferred interests and browsing context. These services track your online activities over time and across multiple websites and apps by collecting information through automated means, including through the use of cookies, web server logs, web beacons and other similar technologies. The ad services use this information to show you ads that may be tailored to your individual interests. The information that ad services may collect includes data about your visits to websites that serve MUFG advertisements, such as the pages or ads you view and the actions you take on the websites or apps. This data collection takes place both on our Digital Properties and on third-party websites and apps that participate in these ad services. This process also helps us track the effectiveness of our marketing efforts.
The Digital Properties are not designed to respond to “do not track” signals from browsers.
To learn how to opt out of interest-based advertising, please visit the Digital Advertising Alliance, the Network Advertising Initiative and TRUSTe Advertising Choices.
Information We Share
We may share the information we obtain about you with our affiliates and subsidiaries and with our joint marketing or business partners. We also may share the information we obtain about you with third-party vendors and other entities to perform services on our behalf, such as website hosting, data analytics, advertising, payment processing and other services. In addition, we may share personal information with (1) other companies in connection with co-branded products, services or programs and (2) consumer reporting agencies.
We also may disclose personal information (1) if we are required to do so by law or legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement authorities, or self-regulatory organizations; (3) to establish, exercise or defend our legal rights, and those of our affiliates, subsidiaries or business partners; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity or (6) otherwise with your consent or as directed by your representative.
We reserve the right to transfer any personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution or liquidation).
Your Rights and Choices
We offer you certain choices in connection with the personal information we collect from you. To update your preferences, limit the communications you receive from us, or submit a request, please contact us as indicated in the How To Contact Us section of this MUFG Privacy Policy. You can unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails.
You may update certain aspects of your account details and settings by logging into your account on our Digital Properties.
How We Protect Personal Information
We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure, disposal or use.
When deleting personal information, MUFG takes reasonable precautions to dispose of the personal information through a secure method.
Social Security Numbers
It is MUFG’s policy to protect the confidentiality of Social Security Numbers that we collect in the course of our business. This includes maintaining administrative, technical and physical safeguards against unauthorized access to Social Security Numbers. It is MUFG’s policy to prohibit the unlawful disclosure of Social Security Numbers.
Children’s Privacy
Our Digital Properties are designed for a general audience and are not directed to children. In connection with the Digital Properties, we do not knowingly solicit or collect personal information from children under the age of 13 without parental consent. If we learn that we have collected personal information from a child under age 13 without parental consent, we will either seek parental consent or promptly delete that information. If you believe that a child under age 13 may have provided us with personal information without parental consent, please contact us as specified in the How To Contact Us section of this MUFG Privacy Policy.
Links to Third-Party Services and Features
For your convenience and information, our Digital Properties may provide links to other online services, and may include third-party features such as apps, tools, widgets and plug-ins. These online services and third-party features may operate independently from us. The privacy practices of the relevant third parties, including details on the information they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by MUFG, we are not responsible for these third parties’ information practices.
Personal Information of Other Individuals
Prior to providing another individual’s personal information to MUFG, you agree: (a) to inform the individual about the content of this MUFG Privacy Policy, and any other applicable MUFG privacy disclosure provided or made available to you; and (b) to obtain any legally-required consent for the processing (including sharing) of the individual’s personal information in accordance with this MUFG Privacy Policy and other MUFG privacy disclosures.
Updates to Our MUFG Privacy Policy
We may update this MUFG Privacy Policy from time to time and without prior notice to you to reflect changes in our personal information practices. We will indicate at the top of the policy when it was most recently updated.
How to Contact Us
You can update your preferences, ask us to remove your information from our mailing lists, submit a request or ask us questions about this MUFG Privacy Policy by calling us or writing to us at:
MUFG Union Bank
1980 Saturn Street
Mail Code V03-955
Monterey Park, CA 91755-7417
Telephone: 1-800-652-1062, option 6
For general inquiries about our privacy practices, you may also contact us at privacy@unionbank.com.
Looking to cyber-secure your business?
Businesses are vulnerable to cyber threats and have unique cyber security needs. Learn how to keep your business protected from cybercriminals.
Online security
At Union Bank®, we believe in investing in your security. We consider your information to be a critical and valued asset, entrusted to our bank: The confidentiality and integrity of your information and financial assets are of primary concern and we are committed to safeguarding that information. We maintain enterprise-wide information security programs in good faith compliance with applicable laws and regulations, including Gramm-Leach-Bliley Act (GLBA). And, our teams work hard to ensure that all financial transactions, data transmissions, and communications are conducted in a secure online environment.
To this end, we have created a multilayered security program. Here are some of the steps we take to protect your information:
Our approach to security strives to create an advanced web of protection that safeguards your private information and financial assets, while providing the banking services you need.
Federal Regulation E provides certain protections against loss resulting from unauthorized Online Banking or Mobile Banking transfers from your personal account, such as bill payments or transfers to other accounts. These protections do not apply to business purpose accounts, regardless of account ownership.
If you give your online PIN or access code to another person, you take responsibility for all transactions made by that person or by anyone else to whom that person gives the PIN or code, directly or indirectly, until you notify us to cancel your online service. If you download account information to your computer, you take responsibility for protecting the downloaded information from access by unauthorized persons.
You will not be responsible for any unauthorized online transaction if you report the first incident to us within 60 calendar days after the date of the first statement where the transaction is shown. If you do not report it to us within that time period, you could be held responsible for unauthorized transactions that occur after the 60 days. Thus, it is important for you to check your statement or Online Banking Account Detail screen regularly and report any unauthorized activity to us immediately.
If your online PIN or access code is lost or stolen and you tell us within 2 Business Days after you learn of the loss or theft, you can lose no more than $50 due to unauthorized activity using your PIN or code. If you do not tell us within 2 Business Days, you could lose as much as $500 if we can prove that we could have stopped the unauthorized activity if you had told us.
If you believe there has been an error with an online transfer or payment and you notify us within 60 calendar days after the transaction first appears on your account statement, we will either:
Review our “Personal Accounts & Services Disclosure and Agreement and Fee Schedule" for more information.
If you, or any user of the Online Banking service designated by you, give the online PIN or User ID to another person, you take responsibility for all transactions made by that person or anyone else to whom that person gives the PIN or User ID, directly or indirectly, until you notify us to cancel your online service. If you or any designated user downloads account information from the Online Banking service to your computer, you take responsibility for protecting the downloaded information from access by unauthorized persons.
If your statement shows transactions that you did not make, notify us at once. If you do not notify us within 30 days after the date of the first statement where the transaction is listed, your statement will be considered correct and we will have no further responsibility to you with respect to online transactions shown on that statement.
Online security practices
At Union Bank®, we believe in investing in your security. We consider your information to be a critical and valued asset, entrusted to our bank: The confidentiality and integrity of your information and financial assets are of primary concern and we are committed to safeguarding that information. We maintain enterprise-wide information security programs in good faith compliance with applicable laws and regulations, including Gramm-Leach-Bliley Act (GLBA). And, our teams work hard to ensure that all financial transactions, data transmissions, and communications are conducted in a secure online environment.
To this end, we have created a multilayered security program. Here are some of the steps we take to protect your information:
Our approach to security strives to create an advanced web of protection that safeguards your private information and financial assets, while providing the banking services you need.
Responsibility for unauthorized transactions (personal accounts)
Federal Regulation E provides certain protections against loss resulting from unauthorized Online Banking or Mobile Banking transfers from your personal account, such as bill payments or transfers to other accounts. These protections do not apply to business purpose accounts, regardless of account ownership.
If you give your online PIN or access code to another person, you take responsibility for all transactions made by that person or by anyone else to whom that person gives the PIN or code, directly or indirectly, until you notify us to cancel your online service. If you download account information to your computer, you take responsibility for protecting the downloaded information from access by unauthorized persons.
You will not be responsible for any unauthorized online transaction if you report the first incident to us within 60 calendar days after the date of the first statement where the transaction is shown. If you do not report it to us within that time period, you could be held responsible for unauthorized transactions that occur after the 60 days. Thus, it is important for you to check your statement or Online Banking Account Detail screen regularly and report any unauthorized activity to us immediately.
If your online PIN or access code is lost or stolen and you tell us within 2 Business Days after you learn of the loss or theft, you can lose no more than $50 due to unauthorized activity using your PIN or code. If you do not tell us within 2 Business Days, you could lose as much as $500 if we can prove that we could have stopped the unauthorized activity if you had told us.
If you believe there has been an error with an online transfer or payment and you notify us within 60 calendar days after the transaction first appears on your account statement, we will either:
Review our “Personal Accounts & Services Disclosure and Agreement and Fee Schedule" for more information.
Responsibility for unauthorized transactions (business accounts)
If you, or any user of the Online Banking service designated by you, give the online PIN or User ID to another person, you take responsibility for all transactions made by that person or anyone else to whom that person gives the PIN or User ID, directly or indirectly, until you notify us to cancel your online service. If you or any designated user downloads account information from the Online Banking service to your computer, you take responsibility for protecting the downloaded information from access by unauthorized persons.
If your statement shows transactions that you did not make, notify us at once. If you do not notify us within 30 days after the date of the first statement where the transaction is listed, your statement will be considered correct and we will have no further responsibility to you with respect to online transactions shown on that statement.
Practicing your own cyber security
Online Security During COVID-19
Choosing effective passwords
Tips for safe Online and Mobile Banking
Protecting yourself from spyware and other malicious software
Staying safe on social media
Keeping your children protected online
Shopping more securely online
Smart homes and the Internet of Things
Staying secure on the go
Avoiding fraudulent emails, text messages, and phone calls
Cyber criminals are taking advantage of the current situation and they are creating fraudulent messages, websites and apps concerning the virus. The Cybersecurity and Infrastructure Agency has put forth an alert on COVID-19 cyber scams. The Federal Trade Commission warns of scams, which include but are not limited to:
Some best practices to protect yourself from these scams:
Your identity is one of your most valuable resources. That is one reason why we want to help you take extra precautions to protect it. We recommend that you help safeguard your identity and personal information by engaging in effective username and password creation, protection and management.
Cybercriminals are savvy, and may engage in large-scale automated cyber-attacks where they test different usernames and passwords (credentials) on legitimate websites (email, financial, social media etc.) to access accounts and obtain valuable information about users. This is called credential stuffing and this type of attack may have wide consequences for those affected. In addition to obtaining your personal or financial information, once cybercriminals learn your credentials on one site, they may try to use those same credentials on other sites. If you have the same username and password across online accounts you may be more susceptible to becoming a target of this type of cyber-attack.
Creating secure and unique passwords along with using different usernames and email addresses for registrations across online services can help keep you protected. Here are some additional suggestions:
Learn more from the National Cyber Security Alliance.
Although we invest in technology and processes to secure the electronic environment for all of your financial transactions, data transmissions, and communications, online security and protection of your identity and personal information is a team effort. That’s why we recommend you take steps to shield yourself and your computer from attempts to obtain your personal information electronically:
If you have any questions or concerns about your accounts, please contact us.
Spyware, which includes keystroke loggers, screen and mouse recorders, and other types of malware, allows hackers to extract sensitive data from your computer. These programs often slow down your computer and send harvested information to criminals. You can follow the tips below to help protect your computer and private information from these dangerous programs. Be careful of other forms of malicious software (malware) such as viruses, which also slow down and disrupt your systems.
Learn more from the National Cyber Security Alliance.
As we are more digitally interconnected than ever, social media has become an important communication tool. When not managed properly, it can provide personal information to cyber criminals that can easily be exploited to engage in fraud and other dangerous crimes.
When communicating on social media, you and your family should actively manage the security and privacy of your information. Consider the following suggestions:
Learn more from the National Cyber Security Alliance.
Help keep your children safe online too. Consider these tips:
Learn more from the National Cyber Security Alliance.
Like anything else you do on the Internet, when you shop online you open yourself to the perils of cyber space. It is important to actively manage your behavior and keep your personal and financial information secure while shopping online. Here are some tips:
Learn more from the National Cyber Security Alliance.
A Smart Home is one where multiple devices ranging from central air thermostats and appliances, to security systems are connected to the Internet to allow remote control over one’s home. This interconnectedness of products on the web is often called the Internet of Things (IoT) and has led to a variety of home and task automation tools that make day-to-day activities more efficient. In the near future, for example, your fridge may have a sensor that knows when you are running out of milk, then connects to the Internet and purchases milk from an online store. Currently, smart fridges with tablets already exist and provide access to calendars and the ability to create notes and shopping lists on the fridge itself. You may already be a consumer of smart home gadgets like Internet-connected voice assistants that allow you to request to stream a song or a movie, or get the latest weather forecast.
A smart home may make life easier but also opens your home to cyber threats. Even more mainstream gadgets, such as voice-activated assistants, webcams, or wireless printers, are susceptible to hacking as they are all dependent on an Internet connection. A cybercriminal may hack into your personal home network or the application that you use on your device to control the gadget and obtain personal information. They could, for example, hack the webcam that you use to communicate with your loved ones, intercept communications, and monitor your movement 24/7. But even more dangerous, cybercriminals can hack into cameras, smart locks, smart doorbells and other devices actively used for security purposes that are connected to the Internet. Criminals can completely disable them to access your home and commit a physical crime. As a consumer you should be aware as well that smart devices are collecting and potentially sending information back to the vendor´s network or cloud – creating more vulnerability.
It is also important to be mindful of other applications, such as smart cars. Cybercriminals can access your car system and take control of the wheel by hacking an application connected to the car’s web service.
Below are some suggestions to consider when purchasing Smart Home technology:
Learn More from the US-CERT webpage.
If you use your mobile phone or tablet to stay connected, like most of us, consider these tips.
Take Care of Your Devices and Data:
Be Careful with How You Connect Your Mobile Device to the Web:
Be mindful of your apps:
If you are traveling also keep in mind the following:
Learn more from the National Cyber Security Alliance.
"Phishing" refers to fraudulent electronic communication via email, text message, or instant message that appears to come from a legitimate business like a bank, insurance company, or regulatory agency, and asks you to provide personal information. Fraudsters can use your information to commit identity theft or lure you into additional scams.
Phishing may also be called “spoofing” as the fraudster masquerades as a user, website or email to gain access to your information.
Remember, Union Bank® does not request personal information by email, text, or instant message. Beware of any unsolicited requests for personal information and do not respond; instead, report it to abuse@unionbank.com.
The following tips can help you spot fraudulent messages:
If you are ever unsure of the origin of a Union Bank email, or believe it is not legitimate, avoid clicking on the links. Instead, call Union Bank at 1-800-238-4486 or reach out to your branch or Relationship Manager to verify. As a general rule of thumb, avoid clicking on emails that seem suspicious or that are unsolicited and do your best to verify the sender when in doubt.
Be mindful of other forms of fraudulent communications:
“Vishing,” or voice phishing is a technique that combines text messages, phone recordings, and email to persuade someone to dial a telephone number or respond to a telephone call for financial gain. Fraudsters tell you to contact their bank at a fraudulent telephone number, which is provided in an email, a text message, or by a recording using Voice over Internet Protocol (VoIP) technology. During the call, targets are asked to provide their card number and other personal or banking account information.
And finally, “SMiShing” is the text message version of phishing. It is an attack that uses text messages (SMS) to incite the target to divulge private, sensitive or confidential information. The SMS may have a link requiring you to input information; it may have a link that, when clicked, downloads malicious software to the mobile phone; or the text may have a malicious attachment itself.
Since fraudsters constantly vary their scams, it is important to be careful with text messages, emails, and telephone calls or recordings requesting confidential data.
Learn more from the National Cyber Security Alliance.
Online Security During COVID-19
Cyber criminals are taking advantage of the current situation and they are creating fraudulent messages, websites and apps concerning the virus. The Cybersecurity and Infrastructure Agency has put forth an alert on COVID-19 cyber scams. The Federal Trade Commission warns of scams, which include but are not limited to:
Some best practices to protect yourself from these scams:
Choosing effective passwords
Your identity is one of your most valuable resources. That is one reason why we want to help you take extra precautions to protect it. We recommend that you help safeguard your identity and personal information by engaging in effective username and password creation, protection and management.
Cybercriminals are savvy, and may engage in large-scale automated cyber-attacks where they test different usernames and passwords (credentials) on legitimate websites (email, financial, social media etc.) to access accounts and obtain valuable information about users. This is called credential stuffing and this type of attack may have wide consequences for those affected. In addition to obtaining your personal or financial information, once cybercriminals learn your credentials on one site, they may try to use those same credentials on other sites. If you have the same username and password across online accounts you may be more susceptible to becoming a target of this type of cyber-attack.
Creating secure and unique passwords along with using different usernames and email addresses for registrations across online services can help keep you protected. Here are some additional suggestions:
Learn more from the National Cyber Security Alliance.
Tips for safe Online and Mobile Banking
Although we invest in technology and processes to secure the electronic environment for all of your financial transactions, data transmissions, and communications, online security and protection of your identity and personal information is a team effort. That’s why we recommend you take steps to shield yourself and your computer from attempts to obtain your personal information electronically:
If you have any questions or concerns about your accounts, please contact us.
Protecting yourself from spyware and other malicious software
Spyware, which includes keystroke loggers, screen and mouse recorders, and other types of malware, allows hackers to extract sensitive data from your computer. These programs often slow down your computer and send harvested information to criminals. You can follow the tips below to help protect your computer and private information from these dangerous programs. Be careful of other forms of malicious software (malware) such as viruses, which also slow down and disrupt your systems.
Learn more from the National Cyber Security Alliance.
Staying safe on social media
As we are more digitally interconnected than ever, social media has become an important communication tool. When not managed properly, it can provide personal information to cyber criminals that can easily be exploited to engage in fraud and other dangerous crimes.
When communicating on social media, you and your family should actively manage the security and privacy of your information. Consider the following suggestions:
Learn more from the National Cyber Security Alliance.
Keeping your children protected online
Help keep your children safe online too. Consider these tips:
Learn more from the National Cyber Security Alliance.
Shopping more securely online
Like anything else you do on the Internet, when you shop online you open yourself to the perils of cyber space. It is important to actively manage your behavior and keep your personal and financial information secure while shopping online. Here are some tips:
Learn more from the National Cyber Security Alliance.
Smart homes and the Internet of Things
A Smart Home is one where multiple devices ranging from central air thermostats and appliances, to security systems are connected to the Internet to allow remote control over one’s home. This interconnectedness of products on the web is often called the Internet of Things (IoT) and has led to a variety of home and task automation tools that make day-to-day activities more efficient. In the near future, for example, your fridge may have a sensor that knows when you are running out of milk, then connects to the Internet and purchases milk from an online store. Currently, smart fridges with tablets already exist and provide access to calendars and the ability to create notes and shopping lists on the fridge itself. You may already be a consumer of smart home gadgets like Internet-connected voice assistants that allow you to request to stream a song or a movie, or get the latest weather forecast.
A smart home may make life easier but also opens your home to cyber threats. Even more mainstream gadgets, such as voice-activated assistants, webcams, or wireless printers, are susceptible to hacking as they are all dependent on an Internet connection. A cybercriminal may hack into your personal home network or the application that you use on your device to control the gadget and obtain personal information. They could, for example, hack the webcam that you use to communicate with your loved ones, intercept communications, and monitor your movement 24/7. But even more dangerous, cybercriminals can hack into cameras, smart locks, smart doorbells and other devices actively used for security purposes that are connected to the Internet. Criminals can completely disable them to access your home and commit a physical crime. As a consumer you should be aware as well that smart devices are collecting and potentially sending information back to the vendor´s network or cloud – creating more vulnerability.
It is also important to be mindful of other applications, such as smart cars. Cybercriminals can access your car system and take control of the wheel by hacking an application connected to the car’s web service.
Below are some suggestions to consider when purchasing Smart Home technology:
Learn More from the US-CERT webpage.
Staying secure on the go
If you use your mobile phone or tablet to stay connected, like most of us, consider these tips.
Take Care of Your Devices and Data:
Be Careful with How You Connect Your Mobile Device to the Web:
Be mindful of your apps:
If you are traveling also keep in mind the following:
Learn more from the National Cyber Security Alliance.
Avoiding fraudulent emails, text messages, and phone calls
"Phishing" refers to fraudulent electronic communication via email, text message, or instant message that appears to come from a legitimate business like a bank, insurance company, or regulatory agency, and asks you to provide personal information. Fraudsters can use your information to commit identity theft or lure you into additional scams.
Phishing may also be called “spoofing” as the fraudster masquerades as a user, website or email to gain access to your information.
Remember, Union Bank® does not request personal information by email, text, or instant message. Beware of any unsolicited requests for personal information and do not respond; instead, report it to abuse@unionbank.com.
The following tips can help you spot fraudulent messages:
If you are ever unsure of the origin of a Union Bank email, or believe it is not legitimate, avoid clicking on the links. Instead, call Union Bank at 1-800-238-4486 or reach out to your branch or Relationship Manager to verify. As a general rule of thumb, avoid clicking on emails that seem suspicious or that are unsolicited and do your best to verify the sender when in doubt.
Be mindful of other forms of fraudulent communications:
“Vishing,” or voice phishing is a technique that combines text messages, phone recordings, and email to persuade someone to dial a telephone number or respond to a telephone call for financial gain. Fraudsters tell you to contact their bank at a fraudulent telephone number, which is provided in an email, a text message, or by a recording using Voice over Internet Protocol (VoIP) technology. During the call, targets are asked to provide their card number and other personal or banking account information.
And finally, “SMiShing” is the text message version of phishing. It is an attack that uses text messages (SMS) to incite the target to divulge private, sensitive or confidential information. The SMS may have a link requiring you to input information; it may have a link that, when clicked, downloads malicious software to the mobile phone; or the text may have a malicious attachment itself.
Since fraudsters constantly vary their scams, it is important to be careful with text messages, emails, and telephone calls or recordings requesting confidential data.
Learn more from the National Cyber Security Alliance.
Tips to keep you secure online
Use this tip sheet to stay mindful of cyber threats.
Staying secure on the go
We’ve put together tips to keep your mobile devices and travels cyber secure.
Fraud education and awareness
By incorporating prudent business practices and making use of available cybersecurity safeguards, you can reduce the risk of losses from fraud and embezzlement in your business.
There are a variety of ways in which fraudsters can attempt to access your accounts such as:
Follow these simple guidelines to improve efficiency and reduce the risk of loss:
Business email compromise (BEC) is defined as a scam targeting businesses working with foreign suppliers and customer accounts, and targeting individuals (consumers or businesses) that perform wire transfer payments. Fraudsters carry out this scam by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct money transfers. When personal accounts are targeted, the scam is called an EAC (Email Account Compromise).
BEC scams continue to evolve and target small businesses as well as large corporations. Victims deal in a wide variety of goods and services, no one sector is targeted more than another. From October 2013 to May 2018, the Federal Bureau of Investigations cited exposed losses totaling over $12 billion. (Source: https://www.ic3.gov/media/2018/180712.aspx)
Examples of Email Schemes:
Best Practices:
If you receive a suspicious email, be mindful of the following:
Filing your taxes as soon as possible is the best way to protect yourself. Criminals can gain access to personally identifiable information (PII), such as a Social Security number, bank account information, etc. and use it to file false tax returns to receive the refunds. Thousands of people have lost millions of dollars and PII to tax scams. These scams can be encountered anytime, but many peak during tax filing season. The IRS issues a list of frequently seen Tax Scams each year; here is 2019’s Dirty Dozen list.
One twist to an old tax scam involves fraudulent refunds being deposited into an individual’s actual bank account. Then, the criminal calls to collect the money they claim was transferred in error. Criminals may pose as IRS agents or debt collection agency officials to request that the money be forwarded. You may also receive an automated call with a voice recording that threatens you with criminal fraud charges then leaves you with a phone number to call to return the refund. When you follow the instructions, the criminal pockets the money.
Remember that the IRS does not initiate contact with taxpayers by email, text message or social media channels to request personal or financial information. Most communication is handled through regular mail delivered by the United States Postal Service.Review additional information from the IRS.
Reporting tax fraud
There are established procedures taxpayers should follow to return erroneous funds to the IRS. In addition to contacting the IRS, it is also recommended that you contact your bank and tax preparer, as it may be best to close your account and take other security precautions.
Follow detailed instructions from the IRS to report fraud. Make sure to indicate that you are a victim of a scam. Learn more from IRS.
To report suspicious activity on your account (ATM/Debit, Check Fraud):
Call 800-238-4486 Monday through Saturday, 8:00 a.m. to 5:00 p.m. Pacific Time
Sundays and bank holidays: Closed
To report suspicious activity on your credit card:
Consumer: 888-642-3311
Business: 888-643-9800
Available 24/7
Identity thieves are getting creative, sophisticated, and bold. One scam involves teams of fraudsters who install wireless devices, called skimmers, and cameras on legitimate bank ATMs. The fraudster's goal is to steal both your ATM card number and your personal identification number (PIN).
Here's how it works:
The skimmer and camera are disguised to look like normal ATM equipment. The skimmer is mounted to the front of the ATM card slot. It reads the ATM card number and transmits it to the fraudster. The wireless camera, which looks like a brochure holder, is mounted in a position to view the ATM keypad and film customers' PINs. The thieves make duplicate cards and use the PINs to directly access the ATM and withdraw thousands of dollars from various accounts in a short amount of time.
What to look for:
Be aware of what your ATM typically looks like as well as your surroundings. If you notice alterations to the equipment, call us at 1-800-238-4486. Do not attempt to remove the devices.
Be alert to “too good to be true” notifications of prize or lottery winnings. These can arrive through the mail, by email, or by an unsolicited telephone call, and advise the targets that they have won a prize (often for a competition they didn't enter). Victims of lottery scams have lost thousands of dollars responding to demands for payment to cover costs of redeeming prizes when, in all probability, the prize did not exist. Victims rarely, if ever, receive any winnings in return for their cash.
How to Spot Prize and Lottery Scams:
The cross-border purchase or sale of lottery tickets is a violation of U.S. law. Because these scams are generally operated outside the United States, victims have very little recourse to recover their losses.
As communicating on social media and utilizing online dating websites have become increasingly popular, scammers have capitalized on this trend. Many create fake profiles to lure victims and establish a romantic relationship for the purpose of extorting money at the end.
Modern online romance scams are premeditated, organized crimes that result in financial losses for millions of victims. The FBI's Internet Crime Complaint Center received 18,000 romance scam complaints in 2018 and reported over $360 million in losses.
There are many variations of online dating scams but all tend to follow the same trajectory. The victim is identified, a close relationship is rapidly established online; a small amount of money is asked for to test the victim's readiness; a crisis occurs and a larger amount of money is sought with the promise of it being returned quickly; a series of additional "bleeds" occur until the scammer is exposed or the victim can't get any more money.
What are signs of a scammer?
What can I do?
Report your experience to:
The American Bankers Association (ABA) in collaboration with the Federal Trade Commission (FTC) released an infographic on the growing threat of online dating scams.
Card cracking usually originates online on a social media platform and targets young consumers. The fraudster will reach out promising quick and easy cash. The customer is tricked into providing their account credentials, after which a fake check is deposited into the customer’s account. The fraudster then makes an immediate ATM withdrawal, sharing some of the funds with the customer. Meanwhile, the customer is instructed to report the incident as lost/stolen card or credentials so that the bank will reimburse the stolen money. This makes the customer a criminal accomplice.
Be aware and avoid online solicitations for easy money. Never share an account number or PIN and never file a false fraud claim with a bank. When in doubt, report suspicious social media posts connected to the scams.
The American Bankers Association® provides additional information about card cracking scams.
The Internet is now a common place to look and apply for a loan. With so many lenders fighting for your business, it is easy to fall into an online loan trap. When borrowing money, be aware of scammers offering fake loans. They are skilled at convincing people that their loan offer is legitimate. Do not accept unsolicited offers of credit from unfamiliar lenders. Only deal with reputable online institutions.
Once you apply for a loan online, scammers can obtain your personal information. You may have given them all the information on an illegitimate loan website or they may have hacked/phished for your information. The scammer will contact you on the approval of the loan you just applied for. They will then request an upfront fee for vague reasons. The fake lender’s ultimate goal is getting you to wire money. They may even make mobile deposits of fraudulent checks to your online bank account and ask to send the majority of the funds back to them to pay-off the loan, for a promise to improve your credit score.
What are common signs of a fake lender?
What precautionary steps should you take?
Stay away from "too good to be true" deals. There are no quick and easy fixes to difficult financial issues. And remember that legitimate lenders do not need your personal information upfront.
Cybercriminals use a variety of tactics ranging from cold-calling and web advertising to persistent and annoying pop-up windows to defraud consumers. Some call and claim to be computer techs associated with well-known companies like Microsoft or Apple. Others send pop-up messages that display Tech Support alerts, asking you to call a support number to fix your device. They say they’ve detected viruses or other malware on your computer, diagnose a non-existent problem, and ask you to pay for unnecessary services.
If you get an unexpected pop-up, phone call, spam email or other urgent message about problems with your computer, don’t click on any links, don’t give control of your computer and don’t send any money. Microsoft or Apple will never proactively reach out to you to provide unsolicited PC or technical support.
How do I protect myself from tech support scams?
What can I do if I was scammed?
The Federal Trade Commission offers additional advice on tech support scams.
Fraud protection in business
By incorporating prudent business practices and making use of available cybersecurity safeguards, you can reduce the risk of losses from fraud and embezzlement in your business.
There are a variety of ways in which fraudsters can attempt to access your accounts such as:
Follow these simple guidelines to improve efficiency and reduce the risk of loss:
Business email compromise
Business email compromise (BEC) is defined as a scam targeting businesses working with foreign suppliers and customer accounts, and targeting individuals (consumers or businesses) that perform wire transfer payments. Fraudsters carry out this scam by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct money transfers. When personal accounts are targeted, the scam is called an EAC (Email Account Compromise).
BEC scams continue to evolve and target small businesses as well as large corporations. Victims deal in a wide variety of goods and services, no one sector is targeted more than another. From October 2013 to May 2018, the Federal Bureau of Investigations cited exposed losses totaling over $12 billion. (Source: https://www.ic3.gov/media/2018/180712.aspx)
Examples of Email Schemes:
Best Practices:
If you receive a suspicious email, be mindful of the following:
Tax fraud
Filing your taxes as soon as possible is the best way to protect yourself. Criminals can gain access to personally identifiable information (PII), such as a Social Security number, bank account information, etc. and use it to file false tax returns to receive the refunds. Thousands of people have lost millions of dollars and PII to tax scams. These scams can be encountered anytime, but many peak during tax filing season. The IRS issues a list of frequently seen Tax Scams each year; here is 2019’s Dirty Dozen list.
One twist to an old tax scam involves fraudulent refunds being deposited into an individual’s actual bank account. Then, the criminal calls to collect the money they claim was transferred in error. Criminals may pose as IRS agents or debt collection agency officials to request that the money be forwarded. You may also receive an automated call with a voice recording that threatens you with criminal fraud charges then leaves you with a phone number to call to return the refund. When you follow the instructions, the criminal pockets the money.
Remember that the IRS does not initiate contact with taxpayers by email, text message or social media channels to request personal or financial information. Most communication is handled through regular mail delivered by the United States Postal Service.Review additional information from the IRS.
Reporting tax fraud
There are established procedures taxpayers should follow to return erroneous funds to the IRS. In addition to contacting the IRS, it is also recommended that you contact your bank and tax preparer, as it may be best to close your account and take other security precautions.
Follow detailed instructions from the IRS to report fraud. Make sure to indicate that you are a victim of a scam. Learn more from IRS.
How to Report Fraud
To report suspicious activity on your account (ATM/Debit, Check Fraud):
Call 800-238-4486 Monday through Saturday, 8:00 a.m. to 5:00 p.m. Pacific Time
Sundays and bank holidays: Closed
To report suspicious activity on your credit card:
Consumer: 888-642-3311
Business: 888-643-9800
Available 24/7
ATM skimming
Identity thieves are getting creative, sophisticated, and bold. One scam involves teams of fraudsters who install wireless devices, called skimmers, and cameras on legitimate bank ATMs. The fraudster's goal is to steal both your ATM card number and your personal identification number (PIN).
Here's how it works:
The skimmer and camera are disguised to look like normal ATM equipment. The skimmer is mounted to the front of the ATM card slot. It reads the ATM card number and transmits it to the fraudster. The wireless camera, which looks like a brochure holder, is mounted in a position to view the ATM keypad and film customers' PINs. The thieves make duplicate cards and use the PINs to directly access the ATM and withdraw thousands of dollars from various accounts in a short amount of time.
What to look for:
Be aware of what your ATM typically looks like as well as your surroundings. If you notice alterations to the equipment, call us at 1-800-238-4486. Do not attempt to remove the devices.
Prize and lottery scams
Be alert to “too good to be true” notifications of prize or lottery winnings. These can arrive through the mail, by email, or by an unsolicited telephone call, and advise the targets that they have won a prize (often for a competition they didn't enter). Victims of lottery scams have lost thousands of dollars responding to demands for payment to cover costs of redeeming prizes when, in all probability, the prize did not exist. Victims rarely, if ever, receive any winnings in return for their cash.
How to Spot Prize and Lottery Scams:
The cross-border purchase or sale of lottery tickets is a violation of U.S. law. Because these scams are generally operated outside the United States, victims have very little recourse to recover their losses.
Online dating scams
As communicating on social media and utilizing online dating websites have become increasingly popular, scammers have capitalized on this trend. Many create fake profiles to lure victims and establish a romantic relationship for the purpose of extorting money at the end.
Modern online romance scams are premeditated, organized crimes that result in financial losses for millions of victims. The FBI's Internet Crime Complaint Center received 18,000 romance scam complaints in 2018 and reported over $360 million in losses.
There are many variations of online dating scams but all tend to follow the same trajectory. The victim is identified, a close relationship is rapidly established online; a small amount of money is asked for to test the victim's readiness; a crisis occurs and a larger amount of money is sought with the promise of it being returned quickly; a series of additional "bleeds" occur until the scammer is exposed or the victim can't get any more money.
What are signs of a scammer?
What can I do?
Report your experience to:
The American Bankers Association (ABA) in collaboration with the Federal Trade Commission (FTC) released an infographic on the growing threat of online dating scams.
Card cracking tricks
Card cracking usually originates online on a social media platform and targets young consumers. The fraudster will reach out promising quick and easy cash. The customer is tricked into providing their account credentials, after which a fake check is deposited into the customer’s account. The fraudster then makes an immediate ATM withdrawal, sharing some of the funds with the customer. Meanwhile, the customer is instructed to report the incident as lost/stolen card or credentials so that the bank will reimburse the stolen money. This makes the customer a criminal accomplice.
Be aware and avoid online solicitations for easy money. Never share an account number or PIN and never file a false fraud claim with a bank. When in doubt, report suspicious social media posts connected to the scams.
The American Bankers Association® provides additional information about card cracking scams.
Online loan schemes
The Internet is now a common place to look and apply for a loan. With so many lenders fighting for your business, it is easy to fall into an online loan trap. When borrowing money, be aware of scammers offering fake loans. They are skilled at convincing people that their loan offer is legitimate. Do not accept unsolicited offers of credit from unfamiliar lenders. Only deal with reputable online institutions.
Once you apply for a loan online, scammers can obtain your personal information. You may have given them all the information on an illegitimate loan website or they may have hacked/phished for your information. The scammer will contact you on the approval of the loan you just applied for. They will then request an upfront fee for vague reasons. The fake lender’s ultimate goal is getting you to wire money. They may even make mobile deposits of fraudulent checks to your online bank account and ask to send the majority of the funds back to them to pay-off the loan, for a promise to improve your credit score.
What are common signs of a fake lender?
What precautionary steps should you take?
Stay away from "too good to be true" deals. There are no quick and easy fixes to difficult financial issues. And remember that legitimate lenders do not need your personal information upfront.
Tech support scams
Cybercriminals use a variety of tactics ranging from cold-calling and web advertising to persistent and annoying pop-up windows to defraud consumers. Some call and claim to be computer techs associated with well-known companies like Microsoft or Apple. Others send pop-up messages that display Tech Support alerts, asking you to call a support number to fix your device. They say they’ve detected viruses or other malware on your computer, diagnose a non-existent problem, and ask you to pay for unnecessary services.
If you get an unexpected pop-up, phone call, spam email or other urgent message about problems with your computer, don’t click on any links, don’t give control of your computer and don’t send any money. Microsoft or Apple will never proactively reach out to you to provide unsolicited PC or technical support.
How do I protect myself from tech support scams?
What can I do if I was scammed?
The Federal Trade Commission offers additional advice on tech support scams.
Identity theft awareness and prevention
Identity theft occurs when someone uses your personal information (i.e. Social Security number, credit card number) without your knowledge to commit fraud. These crimes are the most frequently reported crimes to the Federal Trade Commission today, and can be committed in person, by telephone, on the internet, or through the mail.
As technology continues to evolve, criminals are developing new ways to exploit or defraud organizations and consumers, like accessing bank and brokerage accounts online and stealing credit information or identities.
As part of Union Bank’s ongoing commitment to protecting customer information, we continuously review and strengthen our security program, processes, and procedures. Here are some examples:
Read more about ID theft and fraud.
Protect Your Computer and Use the Internet Wisely:
Be on the Alert for Fraudulent Email
Safeguard Your Cards and Accounts
Be Aware of Your Surroundings
Secure Your Devices
Read more about protecting yourself from ID theft and fraud.
If you are a victim of or suspicious about identity theft, take the following actions as soon as possible:
Equifax
Call 1-800-525-6285
Write: Equifax Fraud Assistance
P.O. Box 105069, Atlanta, GA 30348
Experian
Call 1-888-397-3742
Write: P.O. Box 949, Allen, TX 75013-0949
TransUnion
Call 1-800-680-7289
Write: Fraud Victim Assistance Department
P.O. Box 6790, Fullerton, CA 92834
Access additional government resources.
Learn the warning signs.
What is identity theft?
Identity theft occurs when someone uses your personal information (i.e. Social Security number, credit card number) without your knowledge to commit fraud. These crimes are the most frequently reported crimes to the Federal Trade Commission today, and can be committed in person, by telephone, on the internet, or through the mail.
As technology continues to evolve, criminals are developing new ways to exploit or defraud organizations and consumers, like accessing bank and brokerage accounts online and stealing credit information or identities.
As part of Union Bank’s ongoing commitment to protecting customer information, we continuously review and strengthen our security program, processes, and procedures. Here are some examples:
Read more about ID theft and fraud.
Minimizing your risk of identity theft
Protect Your Computer and Use the Internet Wisely:
Be on the Alert for Fraudulent Email
Safeguard Your Cards and Accounts
Be Aware of Your Surroundings
Secure Your Devices
Read more about protecting yourself from ID theft and fraud.
Reporting identity theft
If you are a victim of or suspicious about identity theft, take the following actions as soon as possible:
Equifax
Call 1-800-525-6285
Write: Equifax Fraud Assistance
P.O. Box 105069, Atlanta, GA 30348
Experian
Call 1-888-397-3742
Write: P.O. Box 949, Allen, TX 75013-0949
TransUnion
Call 1-800-680-7289
Write: Fraud Victim Assistance Department
P.O. Box 6790, Fullerton, CA 92834
Access additional government resources.
Learn the warning signs.