Union Bank Privacy & Security
Privacy and security center
Cyber crime and COVID-19
As social distancing keeps more and more of us at home, it’s never been more important to stay connected and plugged in. Cyber criminals are taking advantage of the situation and they are creating fraudulent messages, websites and apps concerning the virus. Just as you are taking extra precautions by washing your hands more often and using hand sanitizer, please take the time to ensure you’re brushing up on your cyber-hygiene. Stay safe through education and review this alert on COVID-19 cyber scams from The Cybersecurity and Infrastructure Agency.
Privacy Policy
Our privacy practices are designed to protect your information and provide you with choices on how we manage your information.
This Privacy Policy (the "Privacy Policy") outlines the online privacy practices of MUFG Union Bank, N.A. ("MUFG Union Bank" or "Union Bank"), including PurePoint Financial, which is a division and tradename of MUFG Union Bank, our affiliates and subsidiaries with respect to our websites, online and mobile applications, and social media pages that run on tablets, smart phones, and mobile devices (together, "Websites"). This Privacy Policy also outlines our privacy practices for consumers who apply for and/or obtain services from us, such as loans, deposits, investments, insurance, or a safe deposit box. These practices also apply to our family of companies, including but not limited to, MUFG Union Bank, N.A., UnionBanc Investment Services LLC, and HighMark Capital Management, Inc.
Your privacy is important to us. This Privacy Policy explains how we collect, share, use, and protect information when you visit our sites, and any online services offered by MUFG Union Bank (which includes PurePoint Financial).
The Privacy Notice
Special Notices for California Residents
Please review our Privacy Notice, which is incorporated into this Privacy Policy by reference. California residents should also review their Important Privacy Choices. Please also see the Terms of Use, which govern your use of our Websites and is also incorporated into this Privacy Policy by reference.
The services covered under this Privacy Policy, including our Websites, are intended for individuals in the United States. If you visit the Websites or use mobile applications or other services from outside the United States, you acknowledge and agree that your information will be transferred and/or processed in the United States, which may be subject to different legal and regulatory privacy and data protections standards than those of your home jurisdiction.
The Information We May Collect from You
If you are our customer or have begun to apply for a product or service, the types of personal information we collect depends on the product or service. We collect your personal information when you open an account or apply for a loan; use Online Banking or enroll in a service; enter into an investing relationship or purchase a mutual fund; or use one of our other financial products or services.
This information can include, for example, your name, Social Security Number, home address and other personal information; financial history and transactions, account balances, and payment history; consumer report information; assets; and investment experience. We also may receive information about you from information services and consumer reporting agencies.
On our Websites, you remain anonymous unless you register for, apply for or use a product or service or otherwise choose to disclose your identity to us (for example, by logging into Online Banking). We may collect information generated by your computer or device, including the IP address (a numeric address assigned automatically to computers and mobile devices when they access the Internet) or other identifiers. We also may collect your location when you log on or when you register to receive or request location-based content.
Our Social Media Pages
When you engage with MUFG Union Bank (including with PurePoint Financial) on our social media pages, you can make certain information from your social media profile, postings, and other interactions available to us as well as other participants on these platforms. You may be able to control what data you share, and with whom, through the privacy settings on these social media sites. Any information you share or interactions you may have while participating on those platforms is subject to the privacy policies and terms of use of those social media platforms. MUFG Union Bank may but is not obligated to monitor and archive conversations with MUFG Union Bank social media accounts and on MUFG Union Bank social media pages. MUFG Union Bank monitors and may archive the conversations you have with our Mortgage Consultants and/or other representatives. Please note that when you visit MUFG Union Bank's pages on social media sites where your information is shared with us, the use of that information is subject to these Privacy Practices, as well as to our Terms of Use.
Third Parties
Third parties may offer services on our websites. If you provide these third parties with information, the collection and use of that information will be subject to their privacy policies and will not be subject to this policy. If you accept third-party goods or services advertised at our sites, a third party may be able to determine that you have a relationship with us, for example, if the particular offer was made only through our Online Banking sites.
We also may use third parties to provide other services on our behalf. For example, third-parties may host microsites and moderate our social media pages. These third parties are contractually obligated to comply with MUFG Union Bank privacy and security standards and are limited in their use of information collected on our behalf.
Third-Party Applications, Plug-Ins, Widgets and Links to Third-Party Websites
Within our Websites, there may be embedded applications, plug-ins, widgets, as well as links to third-party sites that may offer you goods, services, or information. Some of these sites may appear within our site. When you click on one of these applications, plug-ins, widgets, or links, you will leave our site and will no longer be subject to MUFG Union Bank's Privacy Policy and privacy practices. We are not responsible for the information collection practices of the other sites that you visit, and we urge you to review their privacy policies before you provide them with any personally identifiable information. Third-party sites may collect and use information about you in ways that are different from the practices of MUFG Union Bank.
Cookies and Similar Technologies
When you visit our Websites or use our mobile applications, we and our service providers (including advertising providers) may place cookies or other similar technologies on your computer or device. A cookie is a piece of data stored on your hard drive. It takes up very little room on your system and helps us to tailor our Websites and applications. You can set your web browser to inform you when cookies are placed on your computer or mobile device, or you can prevent them from being placed. However, if you choose to prevent cookies from being placed, some of our Website or application banking functions may not work properly. Unless you register with us for a service (such as our Online Banking service), the cookies do not link to any personally identifying information about you. You can find more information about cookies here.
In addition, we and our service providers (including advertising providers) may collect information using cookies or other similar technologies about your browsing activities over time and across other Websites after you visit our Websites and applications. For information on how to opt-out of interest-based advertising, please visit the Digital Advertising Alliance's Consumer Choice page.
Cookies that we and our service providers (including advertising providers) may be setting on our Websites include Conversant, Coremetrics, DataXu, Dotomi, DoubleClick, Foresee, Google Analytics, Kenshoo, Simpli.fi, and Turn.
Local Share Objects or "Flash" Cookies
As part of our ongoing efforts to enhance our online security and protect your information, we may use Local Share Objects (LSOs, or Flash cookies). The use of LSOs assists you in conducting your Online Banking transactions. You can find more information on LSOs here. Please be advised that you can remove LSOs, but doing so may mean you will be prompted for additional forms of authentication during your online sessions.
Private Security Keys
As part of our ongoing efforts to enhance our online security and protect your information, we may place a private key on your PC or mobile device to help us identify the device as belonging to you. The use of a private key on your device assists you in conducting your Online Banking transactions.
Use of Customer Biometrics
As part of our ongoing efforts to enhance our online security and protect your information, we may use some customer biometric information. We may ask you to authenticate an online transaction with the use of your fingerprint, facial, or eye biometric information. There could be other forms of biometrics we may also choose to offer for authentication as well. Also, we may look at how you use your mouse or key board on a PC or how you move your finger over a screen on our mobile app to help determine if you are the real user during an online session. The use of biometrics on your device assists you in conducting your Online Banking transactions.
Telephone Carrier Information
As part of our ongoing efforts to enhance our online security and protect your information, we may access your operator (AT&T, Sprint, T-Mobile, US Cellular, Verizon, or any other branded operator) to use your regular phone number, your mobile phone number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber status details, if available, to allow verification of your identity and to compare information you have provided to Union Bank with your wireless operator account profile information for the duration of the business relationship. The use of mobile carrier data on your device assists you in conducting your Online Banking transactions.
Web Browser 'Do Not Track' Signals
We do not respond to Web browser 'do not track' signals at this time.
Web Analytics
We may use web analytics tools that use cookies, including, but not limited to Coremetics, and Google Analytics, to collect anonymous information about pages visited, links that are clicked, and other information about the use of our websites. We aggregate and use this information to better understand site activity and to improve our products and services.
How We Use Your Information: Non-Identifying Information
The following are some of the ways in which we may use non-identifying information:
How We Use Your Information: Identifying Information
If you are a MUFG Union Bank or PurePoint Financial customer or have begun to apply for a product or service, the reasons we use your information may include: we may contact you about your account, including to resolve issues around transactions, handle maintenance of your account, alert you about fraud or unusual activity on your account, or for debt collection purposes. Because we need to be able to contact you to run our businesses and offer you services, you cannot opt out of this contact. We may use any phone number, including any mobile phone number you have given us to contact you about these or other issues. If you give us a mobile number, please be aware that you may incur additional fees from your carrier. By giving us your mobile number, you also agree that we may contact you by text message (carrier charges may apply). You further agree that we may call the phone number you have provided to us to contact you about your account using an automated dialer and/or pre-recorded message.
Other ways we may use personal information we collect from you alone or in combination with information we have collected from other sources include:
How We May Share Your Information
We may share our customers' and potential customers' personal information for our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus. We may share our customers' personal information to offer our products and services to you; for joint marketing with other financial companies; for our affiliates' everyday business purposes; and for our affiliates to market to you. We may also share your information in the event of a sale or transfer of all or some of our assets.
Telephone and Electronic Communication Monitoring or Recording
You agree that we, including our agents and service providers, may monitor, record electronically, and retain telephone conversations and electronic communications between you (including anyone acting on your behalf) and us.
Your Choices
MUFG Union Bank Online Banking customers may tell us not to share personal and financial information with our affiliates (companies we own or control) and outside companies that we do business with by logging on to Online Banking at unionbank.com and changing your Affiliate Information Sharing preferences.
MUFG Union Bank customers also may exercise these choices by calling 1-888-283-6699 (our menu will prompt you through your choices). For TDD hearing-impaired assistance through Relay Service, dial 7-1-1, provide the Relay Operator with 1-800-238-4486 or Teletypewriter (TTY) 1-800-826-7345. To opt out of receiving MUFG Union Bank email marketing, follow the directions at the bottom of the marketing email or send a message with the word Unsubscribe in the subject line.
PurePoint Financial customers may tell us not to share personal and financial information with our affiliates (companies we own or control) and outside companies that we do business with by calling 1-855-788-7873 or sending a secure message in Online Banking. For TDD hearing-impaired assistance through Relay Service, dial 7-1-1, provide the Relay Operator with 1-855-488-7873.
To opt out of receiving PurePoint Financial email marketing, follow the directions at the bottom of the marketing email.
How We Protect Your Information
We use standard security measures to protect your personal information from unauthorized access and use. These measures include device safeguards and secured files and buildings, as well as oversight of our third party service providers and employee training.
We also ask that you do your part by taking precautions such as keeping your User ID and password safe, running an updated version of your virus protection software, and notifying us immediately if you suspect fraudulent activity.
You can learn more about safeguarding your information below.
Protecting Children
We feel strongly about protecting the privacy of children. As such, we do not knowingly collect personally identifiable information from children under the age of 13.
Changes to Our Online Privacy Policy
We may add to or change this Policy from time to time and will post the revised Policy on this site. Your continued use of our site or any online service following changes to the Policy will constitute your agreement to any changes.
How to Reach Us
If you have any questions about our practices, or would like to review or request changes to personally identifiable information you have provided to us, please contact MUFG Union Bank at 800-652-1062, option 6, or write us at:
MUFG Union Bank, N.A.
1980 Saturn Street
Mail Code V03-955
Monterey Park, CA 91755-7417
© 2020 MUFG Union Bank, N.A. All rights reserved. Member FDIC. Union Bank is a registered trademark and brand name of MUFG Union Bank, N.A. PurePoint and the PurePoint logo are trademarks and brand names of MUFG Union Bank, N.A.
Effective date 12/19/2016
Looking to cyber-secure your business?
Businesses are vulnerable to cyber threats and have unique cyber security needs. Learn how to keep your business protected from cybercriminals.
Online security
At Union Bank®, we believe in investing in your security. We consider your information to be a critical and valued asset, entrusted to our bank: The confidentiality and integrity of your information and financial assets are of primary concern and we are committed to safeguarding that information. We maintain enterprise-wide information security programs in good faith compliance with applicable laws and regulations, including Gramm-Leach-Bliley Act (GLBA). And, our teams work hard to ensure that all financial transactions, data transmissions, and communications are conducted in a secure online environment.
To this end, we have created a multilayered security program. Here are some of the steps we take to protect your information:
Our approach to security strives to create an advanced web of protection that safeguards your private information and financial assets, while providing the banking services you need.
Federal Regulation E provides certain protections against loss resulting from unauthorized Online Banking or Mobile Banking transfers from your personal account, such as bill payments or transfers to other accounts. These protections do not apply to business purpose accounts, regardless of account ownership.
If you give your online PIN or access code to another person, you take responsibility for all transactions made by that person or by anyone else to whom that person gives the PIN or code, directly or indirectly, until you notify us to cancel your online service. If you download account information to your computer, you take responsibility for protecting the downloaded information from access by unauthorized persons.
You will not be responsible for any unauthorized online transaction if you report the first incident to us within 60 calendar days after the date of the first statement where the transaction is shown. If you do not report it to us within that time period, you could be held responsible for unauthorized transactions that occur after the 60 days. Thus, it is important for you to check your statement or Online Banking Account Detail screen regularly and report any unauthorized activity to us immediately.
If your online PIN or access code is lost or stolen and you tell us within 2 Business Days after you learn of the loss or theft, you can lose no more than $50 due to unauthorized activity using your PIN or code. If you do not tell us within 2 Business Days, you could lose as much as $500 if we can prove that we could have stopped the unauthorized activity if you had told us.
If you believe there has been an error with an online transfer or payment and you notify us within 60 calendar days after the transaction first appears on your account statement, we will either:
Review our “Personal Accounts & Services Disclosure and Agreement and Fee Schedule" for more information.
If you, or any user of the Online Banking service designated by you, give the online PIN or User ID to another person, you take responsibility for all transactions made by that person or anyone else to whom that person gives the PIN or User ID, directly or indirectly, until you notify us to cancel your online service. If you or any designated user downloads account information from the Online Banking service to your computer, you take responsibility for protecting the downloaded information from access by unauthorized persons.
If your statement shows transactions that you did not make, notify us at once. If you do not notify us within 30 days after the date of the first statement where the transaction is listed, your statement will be considered correct and we will have no further responsibility to you with respect to online transactions shown on that statement.
Online security practices
At Union Bank®, we believe in investing in your security. We consider your information to be a critical and valued asset, entrusted to our bank: The confidentiality and integrity of your information and financial assets are of primary concern and we are committed to safeguarding that information. We maintain enterprise-wide information security programs in good faith compliance with applicable laws and regulations, including Gramm-Leach-Bliley Act (GLBA). And, our teams work hard to ensure that all financial transactions, data transmissions, and communications are conducted in a secure online environment.
To this end, we have created a multilayered security program. Here are some of the steps we take to protect your information:
Our approach to security strives to create an advanced web of protection that safeguards your private information and financial assets, while providing the banking services you need.
Responsibility for unauthorized transactions (personal accounts)
Federal Regulation E provides certain protections against loss resulting from unauthorized Online Banking or Mobile Banking transfers from your personal account, such as bill payments or transfers to other accounts. These protections do not apply to business purpose accounts, regardless of account ownership.
If you give your online PIN or access code to another person, you take responsibility for all transactions made by that person or by anyone else to whom that person gives the PIN or code, directly or indirectly, until you notify us to cancel your online service. If you download account information to your computer, you take responsibility for protecting the downloaded information from access by unauthorized persons.
You will not be responsible for any unauthorized online transaction if you report the first incident to us within 60 calendar days after the date of the first statement where the transaction is shown. If you do not report it to us within that time period, you could be held responsible for unauthorized transactions that occur after the 60 days. Thus, it is important for you to check your statement or Online Banking Account Detail screen regularly and report any unauthorized activity to us immediately.
If your online PIN or access code is lost or stolen and you tell us within 2 Business Days after you learn of the loss or theft, you can lose no more than $50 due to unauthorized activity using your PIN or code. If you do not tell us within 2 Business Days, you could lose as much as $500 if we can prove that we could have stopped the unauthorized activity if you had told us.
If you believe there has been an error with an online transfer or payment and you notify us within 60 calendar days after the transaction first appears on your account statement, we will either:
Review our “Personal Accounts & Services Disclosure and Agreement and Fee Schedule" for more information.
Responsibility for unauthorized transactions (business accounts)
If you, or any user of the Online Banking service designated by you, give the online PIN or User ID to another person, you take responsibility for all transactions made by that person or anyone else to whom that person gives the PIN or User ID, directly or indirectly, until you notify us to cancel your online service. If you or any designated user downloads account information from the Online Banking service to your computer, you take responsibility for protecting the downloaded information from access by unauthorized persons.
If your statement shows transactions that you did not make, notify us at once. If you do not notify us within 30 days after the date of the first statement where the transaction is listed, your statement will be considered correct and we will have no further responsibility to you with respect to online transactions shown on that statement.
Practicing your own cyber security
Online Security During COVID-19
Choosing effective passwords
Tips for safe Online and Mobile Banking
Protecting yourself from spyware and other malicious software
Staying safe on social media
Keeping your children protected online
Shopping more securely online
Smart homes and the Internet of Things
Staying secure on the go
Avoiding fraudulent emails, text messages, and phone calls
Cyber criminals are taking advantage of the current situation and they are creating fraudulent messages, websites and apps concerning the virus. The Cybersecurity and Infrastructure Agency has put forth an alert on COVID-19 cyber scams. The Federal Trade Commission warns of scams, which include but are not limited to:
Some best practices to protect yourself from these scams:
Your identity is one of your most valuable resources. That is one reason why we want to help you take extra precautions to protect it. We recommend that you help safeguard your identity and personal information by engaging in effective username and password creation, protection and management.
Cybercriminals are savvy, and may engage in large-scale automated cyber-attacks where they test different usernames and passwords (credentials) on legitimate websites (email, financial, social media etc.) to access accounts and obtain valuable information about users. This is called credential stuffing and this type of attack may have wide consequences for those affected. In addition to obtaining your personal or financial information, once cybercriminals learn your credentials on one site, they may try to use those same credentials on other sites. If you have the same username and password across online accounts you may be more susceptible to becoming a target of this type of cyber-attack.
Creating secure and unique passwords along with using different usernames and email addresses for registrations across online services can help keep you protected. Here are some additional suggestions:
Learn more from the National Cyber Security Alliance.
Although we invest in technology and processes to secure the electronic environment for all of your financial transactions, data transmissions, and communications, online security and protection of your identity and personal information is a team effort. That’s why we recommend you take steps to shield yourself and your computer from attempts to obtain your personal information electronically:
If you have any questions or concerns about your accounts, please contact us.
Spyware, which includes keystroke loggers, screen and mouse recorders, and other types of malware, allows hackers to extract sensitive data from your computer. These programs often slow down your computer and send harvested information to criminals. You can follow the tips below to help protect your computer and private information from these dangerous programs. Be careful of other forms of malicious software (malware) such as viruses, which also slow down and disrupt your systems.
Learn more from the National Cyber Security Alliance.
As we are more digitally interconnected than ever, social media has become an important communication tool. When not managed properly, it can provide personal information to cyber criminals that can easily be exploited to engage in fraud and other dangerous crimes.
When communicating on social media, you and your family should actively manage the security and privacy of your information. Consider the following suggestions:
Learn more from the National Cyber Security Alliance.
Help keep your children safe online too. Consider these tips:
Learn more from the National Cyber Security Alliance.
Like anything else you do on the Internet, when you shop online you open yourself to the perils of cyber space. It is important to actively manage your behavior and keep your personal and financial information secure while shopping online. Here are some tips:
Learn more from the National Cyber Security Alliance.
A Smart Home is one where multiple devices ranging from central air thermostats and appliances, to security systems are connected to the Internet to allow remote control over one’s home. This interconnectedness of products on the web is often called the Internet of Things (IoT) and has led to a variety of home and task automation tools that make day-to-day activities more efficient. In the near future, for example, your fridge may have a sensor that knows when you are running out of milk, then connects to the Internet and purchases milk from an online store. Currently, smart fridges with tablets already exist and provide access to calendars and the ability to create notes and shopping lists on the fridge itself. You may already be a consumer of smart home gadgets like Internet-connected voice assistants that allow you to request to stream a song or a movie, or get the latest weather forecast.
A smart home may make life easier but also opens your home to cyber threats. Even more mainstream gadgets, such as voice-activated assistants, webcams, or wireless printers, are susceptible to hacking as they are all dependent on an Internet connection. A cybercriminal may hack into your personal home network or the application that you use on your device to control the gadget and obtain personal information. They could, for example, hack the webcam that you use to communicate with your loved ones, intercept communications, and monitor your movement 24/7. But even more dangerous, cybercriminals can hack into cameras, smart locks, smart doorbells and other devices actively used for security purposes that are connected to the Internet. Criminals can completely disable them to access your home and commit a physical crime. As a consumer you should be aware as well that smart devices are collecting and potentially sending information back to the vendor´s network or cloud – creating more vulnerability.
It is also important to be mindful of other applications, such as smart cars. Cybercriminals can access your car system and take control of the wheel by hacking an application connected to the car’s web service.
Below are some suggestions to consider when purchasing Smart Home technology:
Learn More from the US-CERT webpage.
If you use your mobile phone or tablet to stay connected, like most of us, consider these tips.
Take Care of Your Devices and Data:
Be Careful with How You Connect Your Mobile Device to the Web:
Be mindful of your apps:
If you are traveling also keep in mind the following:
Learn more from the National Cyber Security Alliance.
"Phishing" refers to fraudulent electronic communication via email, text message, or instant message that appears to come from a legitimate business like a bank, insurance company, or regulatory agency, and asks you to provide personal information. Fraudsters can use your information to commit identity theft or lure you into additional scams.
Phishing may also be called “spoofing” as the fraudster masquerades as a user, website or email to gain access to your information.
Remember, Union Bank® does not request personal information by email, text, or instant message. Beware of any unsolicited requests for personal information and do not respond; instead, report it to abuse@unionbank.com.
The following tips can help you spot fraudulent messages:
If you are ever unsure of the origin of a Union Bank email, or believe it is not legitimate, avoid clicking on the links. Instead, call Union Bank at 1-800-238-4486 or reach out to your branch or Relationship Manager to verify. As a general rule of thumb, avoid clicking on emails that seem suspicious or that are unsolicited and do your best to verify the sender when in doubt.
Be mindful of other forms of fraudulent communications:
“Vishing,” or voice phishing is a technique that combines text messages, phone recordings, and email to persuade someone to dial a telephone number or respond to a telephone call for financial gain. Fraudsters tell you to contact their bank at a fraudulent telephone number, which is provided in an email, a text message, or by a recording using Voice over Internet Protocol (VoIP) technology. During the call, targets are asked to provide their card number and other personal or banking account information.
And finally, “SMiShing” is the text message version of phishing. It is an attack that uses text messages (SMS) to incite the target to divulge private, sensitive or confidential information. The SMS may have a link requiring you to input information; it may have a link that, when clicked, downloads malicious software to the mobile phone; or the text may have a malicious attachment itself.
Since fraudsters constantly vary their scams, it is important to be careful with text messages, emails, and telephone calls or recordings requesting confidential data.
Learn more from the National Cyber Security Alliance.
Online Security During COVID-19
Cyber criminals are taking advantage of the current situation and they are creating fraudulent messages, websites and apps concerning the virus. The Cybersecurity and Infrastructure Agency has put forth an alert on COVID-19 cyber scams. The Federal Trade Commission warns of scams, which include but are not limited to:
Some best practices to protect yourself from these scams:
Choosing effective passwords
Your identity is one of your most valuable resources. That is one reason why we want to help you take extra precautions to protect it. We recommend that you help safeguard your identity and personal information by engaging in effective username and password creation, protection and management.
Cybercriminals are savvy, and may engage in large-scale automated cyber-attacks where they test different usernames and passwords (credentials) on legitimate websites (email, financial, social media etc.) to access accounts and obtain valuable information about users. This is called credential stuffing and this type of attack may have wide consequences for those affected. In addition to obtaining your personal or financial information, once cybercriminals learn your credentials on one site, they may try to use those same credentials on other sites. If you have the same username and password across online accounts you may be more susceptible to becoming a target of this type of cyber-attack.
Creating secure and unique passwords along with using different usernames and email addresses for registrations across online services can help keep you protected. Here are some additional suggestions:
Learn more from the National Cyber Security Alliance.
Tips for safe Online and Mobile Banking
Although we invest in technology and processes to secure the electronic environment for all of your financial transactions, data transmissions, and communications, online security and protection of your identity and personal information is a team effort. That’s why we recommend you take steps to shield yourself and your computer from attempts to obtain your personal information electronically:
If you have any questions or concerns about your accounts, please contact us.
Protecting yourself from spyware and other malicious software
Spyware, which includes keystroke loggers, screen and mouse recorders, and other types of malware, allows hackers to extract sensitive data from your computer. These programs often slow down your computer and send harvested information to criminals. You can follow the tips below to help protect your computer and private information from these dangerous programs. Be careful of other forms of malicious software (malware) such as viruses, which also slow down and disrupt your systems.
Learn more from the National Cyber Security Alliance.
Staying safe on social media
As we are more digitally interconnected than ever, social media has become an important communication tool. When not managed properly, it can provide personal information to cyber criminals that can easily be exploited to engage in fraud and other dangerous crimes.
When communicating on social media, you and your family should actively manage the security and privacy of your information. Consider the following suggestions:
Learn more from the National Cyber Security Alliance.
Keeping your children protected online
Help keep your children safe online too. Consider these tips:
Learn more from the National Cyber Security Alliance.
Shopping more securely online
Like anything else you do on the Internet, when you shop online you open yourself to the perils of cyber space. It is important to actively manage your behavior and keep your personal and financial information secure while shopping online. Here are some tips:
Learn more from the National Cyber Security Alliance.
Smart homes and the Internet of Things
A Smart Home is one where multiple devices ranging from central air thermostats and appliances, to security systems are connected to the Internet to allow remote control over one’s home. This interconnectedness of products on the web is often called the Internet of Things (IoT) and has led to a variety of home and task automation tools that make day-to-day activities more efficient. In the near future, for example, your fridge may have a sensor that knows when you are running out of milk, then connects to the Internet and purchases milk from an online store. Currently, smart fridges with tablets already exist and provide access to calendars and the ability to create notes and shopping lists on the fridge itself. You may already be a consumer of smart home gadgets like Internet-connected voice assistants that allow you to request to stream a song or a movie, or get the latest weather forecast.
A smart home may make life easier but also opens your home to cyber threats. Even more mainstream gadgets, such as voice-activated assistants, webcams, or wireless printers, are susceptible to hacking as they are all dependent on an Internet connection. A cybercriminal may hack into your personal home network or the application that you use on your device to control the gadget and obtain personal information. They could, for example, hack the webcam that you use to communicate with your loved ones, intercept communications, and monitor your movement 24/7. But even more dangerous, cybercriminals can hack into cameras, smart locks, smart doorbells and other devices actively used for security purposes that are connected to the Internet. Criminals can completely disable them to access your home and commit a physical crime. As a consumer you should be aware as well that smart devices are collecting and potentially sending information back to the vendor´s network or cloud – creating more vulnerability.
It is also important to be mindful of other applications, such as smart cars. Cybercriminals can access your car system and take control of the wheel by hacking an application connected to the car’s web service.
Below are some suggestions to consider when purchasing Smart Home technology:
Learn More from the US-CERT webpage.
Staying secure on the go
If you use your mobile phone or tablet to stay connected, like most of us, consider these tips.
Take Care of Your Devices and Data:
Be Careful with How You Connect Your Mobile Device to the Web:
Be mindful of your apps:
If you are traveling also keep in mind the following:
Learn more from the National Cyber Security Alliance.
Avoiding fraudulent emails, text messages, and phone calls
"Phishing" refers to fraudulent electronic communication via email, text message, or instant message that appears to come from a legitimate business like a bank, insurance company, or regulatory agency, and asks you to provide personal information. Fraudsters can use your information to commit identity theft or lure you into additional scams.
Phishing may also be called “spoofing” as the fraudster masquerades as a user, website or email to gain access to your information.
Remember, Union Bank® does not request personal information by email, text, or instant message. Beware of any unsolicited requests for personal information and do not respond; instead, report it to abuse@unionbank.com.
The following tips can help you spot fraudulent messages:
If you are ever unsure of the origin of a Union Bank email, or believe it is not legitimate, avoid clicking on the links. Instead, call Union Bank at 1-800-238-4486 or reach out to your branch or Relationship Manager to verify. As a general rule of thumb, avoid clicking on emails that seem suspicious or that are unsolicited and do your best to verify the sender when in doubt.
Be mindful of other forms of fraudulent communications:
“Vishing,” or voice phishing is a technique that combines text messages, phone recordings, and email to persuade someone to dial a telephone number or respond to a telephone call for financial gain. Fraudsters tell you to contact their bank at a fraudulent telephone number, which is provided in an email, a text message, or by a recording using Voice over Internet Protocol (VoIP) technology. During the call, targets are asked to provide their card number and other personal or banking account information.
And finally, “SMiShing” is the text message version of phishing. It is an attack that uses text messages (SMS) to incite the target to divulge private, sensitive or confidential information. The SMS may have a link requiring you to input information; it may have a link that, when clicked, downloads malicious software to the mobile phone; or the text may have a malicious attachment itself.
Since fraudsters constantly vary their scams, it is important to be careful with text messages, emails, and telephone calls or recordings requesting confidential data.
Learn more from the National Cyber Security Alliance.
Tips to keep you secure online
Use this tip sheet to stay mindful of cyber threats.
Staying secure on the go
We’ve put together tips to keep your mobile devices and travels cyber secure.
Fraud education and awareness
By incorporating prudent business practices and making use of available cybersecurity safeguards, you can reduce the risk of losses from fraud and embezzlement in your business.
There are a variety of ways in which fraudsters can attempt to access your accounts such as:
Follow these simple guidelines to improve efficiency and reduce the risk of loss:
Business email compromise (BEC) is defined as a scam targeting businesses working with foreign suppliers and customer accounts, and targeting individuals (consumers or businesses) that perform wire transfer payments. Fraudsters carry out this scam by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct money transfers. When personal accounts are targeted, the scam is called an EAC (Email Account Compromise).
BEC scams continue to evolve and target small businesses as well as large corporations. Victims deal in a wide variety of goods and services, no one sector is targeted more than another. From October 2013 to May 2018, the Federal Bureau of Investigations cited exposed losses totaling over $12 billion. (Source: https://www.ic3.gov/media/2018/180712.aspx)
Examples of Email Schemes:
Best Practices:
If you receive a suspicious email, be mindful of the following:
Filing your taxes as soon as possible is the best way to protect yourself. Criminals can gain access to personally identifiable information (PII), such as a Social Security number, bank account information, etc. and use it to file false tax returns to receive the refunds. Thousands of people have lost millions of dollars and PII to tax scams. These scams can be encountered anytime, but many peak during tax filing season. The IRS issues a list of frequently seen Tax Scams each year; here is 2019’s Dirty Dozen list.
One twist to an old tax scam involves fraudulent refunds being deposited into an individual’s actual bank account. Then, the criminal calls to collect the money they claim was transferred in error. Criminals may pose as IRS agents or debt collection agency officials to request that the money be forwarded. You may also receive an automated call with a voice recording that threatens you with criminal fraud charges then leaves you with a phone number to call to return the refund. When you follow the instructions, the criminal pockets the money.
Remember that the IRS does not initiate contact with taxpayers by email, text message or social media channels to request personal or financial information. Most communication is handled through regular mail delivered by the United States Postal Service.Review additional information from the IRS.
Reporting tax fraud
There are established procedures taxpayers should follow to return erroneous funds to the IRS. In addition to contacting the IRS, it is also recommended that you contact your bank and tax preparer, as it may be best to close your account and take other security precautions.
Follow detailed instructions from the IRS to report fraud. Make sure to indicate that you are a victim of a scam. Learn more from IRS.
To report suspicious activity on your account (ATM/Debit, Check Fraud):
Call 800-238-4486 Monday through Saturday, 8:00 a.m. to 5:00 p.m. Pacific Time
Sundays and bank holidays: Closed
To report suspicious activity on your credit card:
Consumer: 888-642-3311
Business: 888-643-9800
Available 24/7
Identity thieves are getting creative, sophisticated, and bold. One scam involves teams of fraudsters who install wireless devices, called skimmers, and cameras on legitimate bank ATMs. The fraudster's goal is to steal both your ATM card number and your personal identification number (PIN).
Here's how it works:
The skimmer and camera are disguised to look like normal ATM equipment. The skimmer is mounted to the front of the ATM card slot. It reads the ATM card number and transmits it to the fraudster. The wireless camera, which looks like a brochure holder, is mounted in a position to view the ATM keypad and film customers' PINs. The thieves make duplicate cards and use the PINs to directly access the ATM and withdraw thousands of dollars from various accounts in a short amount of time.
What to look for:
Be aware of what your ATM typically looks like as well as your surroundings. If you notice alterations to the equipment, call us at 1-800-238-4486. Do not attempt to remove the devices.
Be alert to “too good to be true” notifications of prize or lottery winnings. These can arrive through the mail, by email, or by an unsolicited telephone call, and advise the targets that they have won a prize (often for a competition they didn't enter). Victims of lottery scams have lost thousands of dollars responding to demands for payment to cover costs of redeeming prizes when, in all probability, the prize did not exist. Victims rarely, if ever, receive any winnings in return for their cash.
How to Spot Prize and Lottery Scams:
The cross-border purchase or sale of lottery tickets is a violation of U.S. law. Because these scams are generally operated outside the United States, victims have very little recourse to recover their losses.
As communicating on social media and utilizing online dating websites have become increasingly popular, scammers have capitalized on this trend. Many create fake profiles to lure victims and establish a romantic relationship for the purpose of extorting money at the end.
Modern online romance scams are premeditated, organized crimes that result in financial losses for millions of victims. The FBI's Internet Crime Complaint Center received 18,000 romance scam complaints in 2018 and reported over $360 million in losses.
There are many variations of online dating scams but all tend to follow the same trajectory. The victim is identified, a close relationship is rapidly established online; a small amount of money is asked for to test the victim's readiness; a crisis occurs and a larger amount of money is sought with the promise of it being returned quickly; a series of additional "bleeds" occur until the scammer is exposed or the victim can't get any more money.
What are signs of a scammer?
What can I do?
Report your experience to:
The American Bankers Association (ABA) in collaboration with the Federal Trade Commission (FTC) released an infographic on the growing threat of online dating scams.
Card cracking usually originates online on a social media platform and targets young consumers. The fraudster will reach out promising quick and easy cash. The customer is tricked into providing their account credentials, after which a fake check is deposited into the customer’s account. The fraudster then makes an immediate ATM withdrawal, sharing some of the funds with the customer. Meanwhile, the customer is instructed to report the incident as lost/stolen card or credentials so that the bank will reimburse the stolen money. This makes the customer a criminal accomplice.
Be aware and avoid online solicitations for easy money. Never share an account number or PIN and never file a false fraud claim with a bank. When in doubt, report suspicious social media posts connected to the scams.
The American Bankers Association® provides additional information about card cracking scams.
The Internet is now a common place to look and apply for a loan. With so many lenders fighting for your business, it is easy to fall into an online loan trap. When borrowing money, be aware of scammers offering fake loans. They are skilled at convincing people that their loan offer is legitimate. Do not accept unsolicited offers of credit from unfamiliar lenders. Only deal with reputable online institutions.
Once you apply for a loan online, scammers can obtain your personal information. You may have given them all the information on an illegitimate loan website or they may have hacked/phished for your information. The scammer will contact you on the approval of the loan you just applied for. They will then request an upfront fee for vague reasons. The fake lender’s ultimate goal is getting you to wire money. They may even make mobile deposits of fraudulent checks to your online bank account and ask to send the majority of the funds back to them to pay-off the loan, for a promise to improve your credit score.
What are common signs of a fake lender?
What precautionary steps should you take?
Stay away from "too good to be true" deals. There are no quick and easy fixes to difficult financial issues. And remember that legitimate lenders do not need your personal information upfront.
Cybercriminals use a variety of tactics ranging from cold-calling and web advertising to persistent and annoying pop-up windows to defraud consumers. Some call and claim to be computer techs associated with well-known companies like Microsoft or Apple. Others send pop-up messages that display Tech Support alerts, asking you to call a support number to fix your device. They say they’ve detected viruses or other malware on your computer, diagnose a non-existent problem, and ask you to pay for unnecessary services.
If you get an unexpected pop-up, phone call, spam email or other urgent message about problems with your computer, don’t click on any links, don’t give control of your computer and don’t send any money. Microsoft or Apple will never proactively reach out to you to provide unsolicited PC or technical support.
How do I protect myself from tech support scams?
What can I do if I was scammed?
The Federal Trade Commission offers additional advice on tech support scams.
Fraud protection in business
By incorporating prudent business practices and making use of available cybersecurity safeguards, you can reduce the risk of losses from fraud and embezzlement in your business.
There are a variety of ways in which fraudsters can attempt to access your accounts such as:
Follow these simple guidelines to improve efficiency and reduce the risk of loss:
Business email compromise
Business email compromise (BEC) is defined as a scam targeting businesses working with foreign suppliers and customer accounts, and targeting individuals (consumers or businesses) that perform wire transfer payments. Fraudsters carry out this scam by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct money transfers. When personal accounts are targeted, the scam is called an EAC (Email Account Compromise).
BEC scams continue to evolve and target small businesses as well as large corporations. Victims deal in a wide variety of goods and services, no one sector is targeted more than another. From October 2013 to May 2018, the Federal Bureau of Investigations cited exposed losses totaling over $12 billion. (Source: https://www.ic3.gov/media/2018/180712.aspx)
Examples of Email Schemes:
Best Practices:
If you receive a suspicious email, be mindful of the following:
Tax fraud
Filing your taxes as soon as possible is the best way to protect yourself. Criminals can gain access to personally identifiable information (PII), such as a Social Security number, bank account information, etc. and use it to file false tax returns to receive the refunds. Thousands of people have lost millions of dollars and PII to tax scams. These scams can be encountered anytime, but many peak during tax filing season. The IRS issues a list of frequently seen Tax Scams each year; here is 2019’s Dirty Dozen list.
One twist to an old tax scam involves fraudulent refunds being deposited into an individual’s actual bank account. Then, the criminal calls to collect the money they claim was transferred in error. Criminals may pose as IRS agents or debt collection agency officials to request that the money be forwarded. You may also receive an automated call with a voice recording that threatens you with criminal fraud charges then leaves you with a phone number to call to return the refund. When you follow the instructions, the criminal pockets the money.
Remember that the IRS does not initiate contact with taxpayers by email, text message or social media channels to request personal or financial information. Most communication is handled through regular mail delivered by the United States Postal Service.Review additional information from the IRS.
Reporting tax fraud
There are established procedures taxpayers should follow to return erroneous funds to the IRS. In addition to contacting the IRS, it is also recommended that you contact your bank and tax preparer, as it may be best to close your account and take other security precautions.
Follow detailed instructions from the IRS to report fraud. Make sure to indicate that you are a victim of a scam. Learn more from IRS.
How to Report Fraud
To report suspicious activity on your account (ATM/Debit, Check Fraud):
Call 800-238-4486 Monday through Saturday, 8:00 a.m. to 5:00 p.m. Pacific Time
Sundays and bank holidays: Closed
To report suspicious activity on your credit card:
Consumer: 888-642-3311
Business: 888-643-9800
Available 24/7
ATM skimming
Identity thieves are getting creative, sophisticated, and bold. One scam involves teams of fraudsters who install wireless devices, called skimmers, and cameras on legitimate bank ATMs. The fraudster's goal is to steal both your ATM card number and your personal identification number (PIN).
Here's how it works:
The skimmer and camera are disguised to look like normal ATM equipment. The skimmer is mounted to the front of the ATM card slot. It reads the ATM card number and transmits it to the fraudster. The wireless camera, which looks like a brochure holder, is mounted in a position to view the ATM keypad and film customers' PINs. The thieves make duplicate cards and use the PINs to directly access the ATM and withdraw thousands of dollars from various accounts in a short amount of time.
What to look for:
Be aware of what your ATM typically looks like as well as your surroundings. If you notice alterations to the equipment, call us at 1-800-238-4486. Do not attempt to remove the devices.
Prize and lottery scams
Be alert to “too good to be true” notifications of prize or lottery winnings. These can arrive through the mail, by email, or by an unsolicited telephone call, and advise the targets that they have won a prize (often for a competition they didn't enter). Victims of lottery scams have lost thousands of dollars responding to demands for payment to cover costs of redeeming prizes when, in all probability, the prize did not exist. Victims rarely, if ever, receive any winnings in return for their cash.
How to Spot Prize and Lottery Scams:
The cross-border purchase or sale of lottery tickets is a violation of U.S. law. Because these scams are generally operated outside the United States, victims have very little recourse to recover their losses.
Online dating scams
As communicating on social media and utilizing online dating websites have become increasingly popular, scammers have capitalized on this trend. Many create fake profiles to lure victims and establish a romantic relationship for the purpose of extorting money at the end.
Modern online romance scams are premeditated, organized crimes that result in financial losses for millions of victims. The FBI's Internet Crime Complaint Center received 18,000 romance scam complaints in 2018 and reported over $360 million in losses.
There are many variations of online dating scams but all tend to follow the same trajectory. The victim is identified, a close relationship is rapidly established online; a small amount of money is asked for to test the victim's readiness; a crisis occurs and a larger amount of money is sought with the promise of it being returned quickly; a series of additional "bleeds" occur until the scammer is exposed or the victim can't get any more money.
What are signs of a scammer?
What can I do?
Report your experience to:
The American Bankers Association (ABA) in collaboration with the Federal Trade Commission (FTC) released an infographic on the growing threat of online dating scams.
Card cracking tricks
Card cracking usually originates online on a social media platform and targets young consumers. The fraudster will reach out promising quick and easy cash. The customer is tricked into providing their account credentials, after which a fake check is deposited into the customer’s account. The fraudster then makes an immediate ATM withdrawal, sharing some of the funds with the customer. Meanwhile, the customer is instructed to report the incident as lost/stolen card or credentials so that the bank will reimburse the stolen money. This makes the customer a criminal accomplice.
Be aware and avoid online solicitations for easy money. Never share an account number or PIN and never file a false fraud claim with a bank. When in doubt, report suspicious social media posts connected to the scams.
The American Bankers Association® provides additional information about card cracking scams.
Online loan schemes
The Internet is now a common place to look and apply for a loan. With so many lenders fighting for your business, it is easy to fall into an online loan trap. When borrowing money, be aware of scammers offering fake loans. They are skilled at convincing people that their loan offer is legitimate. Do not accept unsolicited offers of credit from unfamiliar lenders. Only deal with reputable online institutions.
Once you apply for a loan online, scammers can obtain your personal information. You may have given them all the information on an illegitimate loan website or they may have hacked/phished for your information. The scammer will contact you on the approval of the loan you just applied for. They will then request an upfront fee for vague reasons. The fake lender’s ultimate goal is getting you to wire money. They may even make mobile deposits of fraudulent checks to your online bank account and ask to send the majority of the funds back to them to pay-off the loan, for a promise to improve your credit score.
What are common signs of a fake lender?
What precautionary steps should you take?
Stay away from "too good to be true" deals. There are no quick and easy fixes to difficult financial issues. And remember that legitimate lenders do not need your personal information upfront.
Tech support scams
Cybercriminals use a variety of tactics ranging from cold-calling and web advertising to persistent and annoying pop-up windows to defraud consumers. Some call and claim to be computer techs associated with well-known companies like Microsoft or Apple. Others send pop-up messages that display Tech Support alerts, asking you to call a support number to fix your device. They say they’ve detected viruses or other malware on your computer, diagnose a non-existent problem, and ask you to pay for unnecessary services.
If you get an unexpected pop-up, phone call, spam email or other urgent message about problems with your computer, don’t click on any links, don’t give control of your computer and don’t send any money. Microsoft or Apple will never proactively reach out to you to provide unsolicited PC or technical support.
How do I protect myself from tech support scams?
What can I do if I was scammed?
The Federal Trade Commission offers additional advice on tech support scams.
Identity theft awareness and prevention
Identity theft occurs when someone uses your personal information (i.e. Social Security number, credit card number) without your knowledge to commit fraud. These crimes are the most frequently reported crimes to the Federal Trade Commission today, and can be committed in person, by telephone, on the internet, or through the mail.
As technology continues to evolve, criminals are developing new ways to exploit or defraud organizations and consumers, like accessing bank and brokerage accounts online and stealing credit information or identities.
As part of Union Bank’s ongoing commitment to protecting customer information, we continuously review and strengthen our security program, processes, and procedures. Here are some examples:
Read more about ID theft and fraud.
Protect Your Computer and Use the Internet Wisely:
Be on the Alert for Fraudulent Email
Safeguard Your Cards and Accounts
Be Aware of Your Surroundings
Secure Your Devices
Read more about protecting yourself from ID theft and fraud.
If you are a victim of or suspicious about identity theft, take the following actions as soon as possible:
Equifax
Call 1-800-525-6285
Write: Equifax Fraud Assistance
P.O. Box 105069, Atlanta, GA 30348
Experian
Call 1-888-397-3742
Write: P.O. Box 949, Allen, TX 75013-0949
TransUnion
Call 1-800-680-7289
Write: Fraud Victim Assistance Department
P.O. Box 6790, Fullerton, CA 92834
Access additional government resources.
Learn the warning signs.
What is identity theft?
Identity theft occurs when someone uses your personal information (i.e. Social Security number, credit card number) without your knowledge to commit fraud. These crimes are the most frequently reported crimes to the Federal Trade Commission today, and can be committed in person, by telephone, on the internet, or through the mail.
As technology continues to evolve, criminals are developing new ways to exploit or defraud organizations and consumers, like accessing bank and brokerage accounts online and stealing credit information or identities.
As part of Union Bank’s ongoing commitment to protecting customer information, we continuously review and strengthen our security program, processes, and procedures. Here are some examples:
Read more about ID theft and fraud.
Minimizing your risk of identity theft
Protect Your Computer and Use the Internet Wisely:
Be on the Alert for Fraudulent Email
Safeguard Your Cards and Accounts
Be Aware of Your Surroundings
Secure Your Devices
Read more about protecting yourself from ID theft and fraud.
Reporting identity theft
If you are a victim of or suspicious about identity theft, take the following actions as soon as possible:
Equifax
Call 1-800-525-6285
Write: Equifax Fraud Assistance
P.O. Box 105069, Atlanta, GA 30348
Experian
Call 1-888-397-3742
Write: P.O. Box 949, Allen, TX 75013-0949
TransUnion
Call 1-800-680-7289
Write: Fraud Victim Assistance Department
P.O. Box 6790, Fullerton, CA 92834
Access additional government resources.
Learn the warning signs.