Online fraud occurs when someone illegitimately obtains your sensitive personal information (such as your name, Social Security number, account numbers, or online banking login and password) and conducts unauthorized transactions on your bank, loan, or credit card accounts.
There are three prevalent methods of online fraud,
- "Phishing" or "spoofing", is online fraud frequently executed via fake emails, websites and pop up windows. This is still by far the number one method used by hackers to gain unauthorized access to your systems because it is quite successful and easy to perpetrate; it requires your constant awareness!
- "Vishing" refers to the act of fraud via Voice calling. This is social engineering at its most basic because it is often a real con-artist who has the goal to get money or sensitive information from you. This method closely follows phishing in popularity, and is very successful at duping even the most diligent people and trusted companies
- "Smishing" is TEXT messaging, or Short Message Service, and fakes senders again, by creating some urgency that you must respond. This is gaining in popularity because we almost all have smart phones these days.
Always remember that Umpqua Bank will never send email containing attachments, or require you to send personal information to us via email or pop-up windows, and will never INITIATE text messages or calls for purposes of obtaining confidential information or initiating transactions. Any unsolicited request for Umpqua Bank account information you receive through emails, websites, or pop-up windows, text messages or phone calls should be considered fraudulent and reported to us immediately at 1-866-486-7782.
What is phishing?
Phishing is a form of online fraud in which attackers send an illegitimate email, claiming to be important or posing as a legitimate business.
Phishing emails will often:
- Ask you for personal information. Fake emails often contain an overly generic greeting and may claim that your information has been compromised, that your account has been frozen, or ask you to confirm the authenticity of your transactions.
- Appear to be from a legitimate source. While some emails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the "From" field, as this is easily altered.
- Contain fraudulent job offers. Some fake emails appear to be from companies offering jobs. These are often work-at-home positions which are actually schemes that victimize both the job applicant and other customers. Be sure to confirm that the job offer is from a known and trusted company before responding or sending any personal information.
- Contain prizes or gift certificate offers. Some fake emails promise a prize or gift certificate in exchange for completing a survey or answering questions. In order to collect the alleged prize or gift certificate, you might be directed to provide your personal information. Just like with job offers, be sure to confirm that the prize or gift certificate is being issued by a known and trusted company.
- Link to counterfeit web sites. Fake emails may direct you to counterfeit web sites carefully designed to look real, but which actually collect personal information for illegal use. Always check the web address in the address bar carefully to make sure you're on a legitimate website. If you're unsure whether a website legitimately belongs to Umpqua Bank, call us to verify the site.
- Contain fraudulent phone numbers. Fake emails often contain telephone numbers that are tied to the fraudsters. Never call a number featured on an email you suspect is fraudulent. Instead, call a publicly available or published number for the company you're trying to reach.
- Contain real website links or phone numbers. Some of the information listed in fake emails may be legitimate, connecting to actual companies. Fraudsters may include this real contact information in an effort to make the email appear legitimate.
What is vishing?
Vishing is one of the most prevalent forms of fraud in which you receive a call on your home phone or mobile device, the caller claiming to be important or posing as a legitimate business. The term Vishing borrows from the well-known "Phishing" and is essentially Voice-calls fishing, or social engineering, for information.
Scammers can spoof the number they're calling from so that it seems realistic and authoritative, just like in phishing where the email sender appears to be from a friend or known business associate. Frequently the caller claims to be from a very high-profile company such as the IRS or your bank, urging the need for confidential identity information and/or payments, or else... The caller may have bits of information about you that is true or at least very familiar. Vishing callers also make other exuberant claims of high-stakes urgency like a Sweepstakes or Lottery win and asks for the fee necessary for you to collect winnings.
Always remember that Umpqua Bank will never initiate text messages or calls for purposes of obtaining confidential information or require that you initiate transactions (pay fees or penalties etc). Any unsolicited request for Umpqua Bank account information you receive through emails, websites, or pop-up windows, text messages or phone calls should be considered fraudulent and reported to us immediately at 1-866-486-7782.
ALWAYS USE CAUTION to protect yourself and your family's sensitive information!
What is smishing?
Smishing uses the SMS or text messaging service component of phone, Web, or mobile communication device, and is simply short messages that are read on your smart device. You probably text family and friends most often, but financial institutions are also using this service for account alerts or multi-factor authentication, to communicate one-time passwords for Web site authentication. But this social engineering attempt tries to convince you to share sensitive information or visit fraudulent websites via text that looks familiar and/or has some urgency.
As with other technologies there is danger in Smishing as well. Texts can be used to send malware and information theft tools the same as could be contained in any email. Therefore the same considerations used to protect your identity and confidential information in emails or calls should be made when examining texts.
Always remember that Umpqua Bank will never initiate text messages or calls for purposes of obtaining confidential information or require that you initiate transactions (pay fees or penalties etc). Any unsolicited request for Umpqua Bank account information you receive through emails, websites, or pop-up windows, text messages or phone calls should be considered fraudulent and reported to us immediately at 1-866-486-7782
ALWAYS USE CAUTION to protect yourself and your family's sensitive information!
How is my email obtained?
Email addresses can be obtained from publicly available sources or through randomly generated lists. So if you receive a fake email that appears to be from Umpqua Bank, this does not mean that your email address, name, or any other information was obtained from us.
What's a pop-up window?
Pop-up windows are the small windows or ads that appear suddenly above or beneath the web browser window you are currently viewing. Fraudulent pop-up windows are one way that fraudsters may try to obtain your personal information. Someone may use a pop-up window to pose as a legitimate company-like a popular shopping site, your bank or your internet service provider-to obtain sensitive personal data and use the information to access your accounts.
I've heard of Trojan horses - what are they?
Some fake emails may also contain a virus known as a "Trojan horse" which can record your keystrokes or send your personal information to a fraudster. The virus may live in an attachment or be accessed via a link in the email. Your computer may also be infected by a fraudulent website accessed during normal web browsing.
Don't forget that we do not request personal information via email or send email attachments. Never respond to emails, open attachments, or click on links from suspicious or unknown senders.
If you're not sure whether an Umpqua Bank email is legitimate, report it to us immediately, but don't reply to the email.
How about counterfeit websites?
Online thieves often direct you to fraudulent web sites via email and pop-up windows. These websites may try to collect your personal information or infect your computer with a Trojan horse or virus. In many cases, there is no easy way to determine that you are on a phony web site because the URL will contain the name of the institution it is spoofing. However, if you type, or cut and paste, the URL into a new web browser window and it does not take you to a legitimate web site, or you get an error message, it was probably just a cover for a fake Web site.
Another way to detect a phony web site is to consider how you arrived there. Generally, these sites are accessed by a link in a fake email ("phish") requesting your account information. Remember, Umpqua Bank will not request personal information from you via email. Any unsolicited request should be considered fraudulent and reported immediately.
How do I report fake e-mails, websites or pop-up windows?
If you receive a deceptive e-mail, such as a message phishing for your information forward it to the entity wrongfully being impersonated. For Umpqua "Bank-related" phishing email, forward it (as an attachment) to reportphishing@Umpquabank.com and contact us immediately at 1-866-486-7782.
If you encounter a fake web site, or pop-up window, or if you responded to one of these with personal information, call immediately at 1-866-486-7782.