Online fraud occurs when someone illegitimately obtains your sensitive personal information (such as your name, Social Security number, account numbers, or online banking login and password) and conducts unauthorized transactions on your bank, loan, or credit card accounts. Often called "phishing" or "spoofing," the most current methods of online fraud are fake emails, websites and pop-up windows.
Always remember that Umpqua Bank will never send email containing attachments, or require you to send personal information to us via email or pop-up windows. Treat any unsolicited request for Umpqua Bank account information you receive through emails, websites, or pop-up windows should be considered fraudulent and reported to us immediately.
What is phishing?
Phishing is a form of online fraud in which attackers send an illegitimate email, claiming to be important or posing as a legitimate business.
Phishing emails will often:
- Ask you for personal information. Fake emails often contain an overly generic greeting and may claim that your information has been compromised, that your account has been frozen, or ask you to confirm the authenticity of your transactions.
- Appear to be from a legitimate source. While some emails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the "From" field, as this is easily altered.
- Contain fraudulent job offers. Some fake emails appear to be from companies offering jobs. These are often work-at-home positions which are actually schemes that victimize both the job applicant and other customers. Be sure to confirm that the job offer is from a known and trusted company before responding or sending any personal information.
- Contain prizes or gift certificate offers. Some fake emails promise a prize or gift certificate in exchange for completing a survey or answering questions. In order to collect the alleged prize or gift certificate, you might be directed to provide your personal information. Just like with job offers, be sure to confirm that the prize or gift certificate is being issued by a known and trusted company.
- Link to counterfeit web sites. Fake emails may direct you to counterfeit web sites carefully designed to look real, but which actually collect personal information for illegal use. Always check the web address in the address bar carefully to make sure you're on a legitimate website. If you're unsure whether a website legitimately belongs to Umpqua Bank, call us to verify the site.
- Contain fraudulent phone numbers. Fake emails often contain telephone numbers that are tied to the fraudsters. Never call a number featured on an email you suspect is fraudulent. Instead, call a publicly available or published number for the company you're trying to reach.
- Contain real website links or phone numbers. Some of the information listed in fake emails may be legitimate, connecting to actual companies. Fraudsters may include this real contact information in an effort to make the email appear legitimate.
How is my email obtained?
Email addresses can be obtained from publicly available sources or through randomly generated lists. So if you receive a fake email that appears to be from Umpqua Bank, this does not mean that your email address, name, or any other information was obtained from us.
What's a pop-up window?
Pop-up windows are the small windows or ads that appear suddenly above or beneath the web browser window you are currently viewing. Fraudulent pop-up windows are one way that fraudsters may try to obtain your personal information. Someone may use a pop-up window to pose as a legitimate company-like a popular shopping site, your bank or your internet service provider-to obtain sensitive personal data and use the information to access your accounts.
I've heard of Trojan horses - what are they?
Some fake emails may also contain a virus known as a "Trojan horse" which can record your keystrokes or send your personal information to a fraudster. The virus may live in an attachment or be accessed via a link in the email. Your computer may also be infected by a fraudulent website accessed during normal web browsing.
Don't forget that we do not request personal information via email or send email attachments. Never respond to emails, open attachments, or click on links from suspicious or unknown senders.
If you're not sure whether an Umpqua Bank email is legitimate, report it to us immediately, but don't reply to the email.
How about counterfeit websites?
Online thieves often direct you to fraudulent web sites via email and pop-up windows. These websites may try to collect your personal information or infect your computer with a Trojan horse or virus. In many cases, there is no easy way to determine that you are on a phony web site because the URL will contain the name of the institution it is spoofing. However, if you type, or cut and paste, the URL into a new web browser window and it does not take you to a legitimate web site, or you get an error message, it was probably just a cover for a fake Web site.
Another way to detect a phony web site is to consider how you arrived there. Generally, these sites are accessed by a link in a fake email ("phish") requesting your account information. Remember, Umpqua Bank will not request personal information from you via email. Any unsolicited request should be considered fraudulent and reported immediately.
How do I report fake e-mails, websites or pop-up windows?
If you receive a deceptive e-mail, such as a message phishing for your information forward it to the entity wrongfully being impersonated. For Umpqua "Bank-related" phishing email, forward it (as an attachment) to reportphishing@Umpquabank.com and contact us immediately at 1-866-486-7782.
If you encounter a fake web site, or pop-up window, or if you responded to one of these with personal information, call immediately at 1-866-486-7782.