How can I spot online fraud?

Online fraud occurs when someone obtains sensitive personal information (like your name, Social Security number or online banking password) and conducts unauthorized transactions on your bank, loan or credit card accounts.

These are the three most common methods of online fraud:

Phishing

"Phishing" is online fraud executed via fake emails, websites and pop-up windows. This is the top method used by hackers because it’s so easy to perpetrate.

Phishing emails will often:

• Ask you for personal information. Fake emails often contain an overly generic greeting and may claim that your information has been compromised, that your account has been frozen or ask you to confirm the authenticity of your transactions.
  
  
• Appear to be from a legitimate source. Don’t rely on the name or address in the "From" field, since it can easily be altered.
  
  
• Contain fraudulent job offers. These are often work-at-home positions that are actually schemes that victimize both the job applicant and other customers.
  
  
• Contain prizes or gift certificate offers. In order to collect the alleged prize or gift certificate, you might be asked to provide your personal information.
  
  
• Link to counterfeit web sites. Fake emails may direct you to counterfeit web sites carefully designed to look real, but which actually collect personal information for illegal use.
  
  
• Contain fraudulent phone numbers. Never call a number featured on an email you suspect is fraudulent. Instead, call a publicly available or published number for the company you're trying to reach.
  
  
• Contain real website links or phone numbers. Some of the information listed in fake emails may connect to actual companies in an effort to make the email appear legitimate.

Vishing

"Vishing" is voice calling from someone who is trying to get money or sensitive information from you. Scammers can spoof the number they're calling from so that it seems realistic.

The caller may claim to be from a high-profile company like the IRS or your bank, urging the need for personal information and/or payments. The caller may have bits of information about you that are true or at least familiar. Vishing callers also make other claims of high-stakes urgency like a sweepstakes or lottery win and ask for the fee necessary for you to collect winnings.

Smishing

“Smishing” uses SMS or text messaging to send short messages from fake senders. Fraudsters will pose as legitimate businesses to convince you to share sensitive information or visit fraudulent websites via text that look familiar.
Umpqua Bank will never initiate text messages or calls for purposes of obtaining confidential information. We will also never require that you initiate transactions (pay fees or penalties etc.).

Any unsolicited request for Umpqua Bank account information you receive through emails, websites, pop-up windows, text messages or phone calls should be considered fraudulent and reported to us immediately at (866) 486-7782.

Other things to look out for:

Pop-up windows

Pop-up windows are the small windows or ads that appear suddenly above or beneath a web browser window. Someone may use a fake pop-up window to pose as a legitimate company (like a popular shopping site, your bank or your internet service provider) to obtain sensitive personal data and use the information to access your accounts.

Trojan horses

Some fake emails may contain a virus known as a "Trojan horse" which can record your keystrokes or send your personal information to a fraudster. The virus may live in an attachment or be accessed via a link in the email. Your computer may also be infected by a fraudulent website accessed during normal web browsing. Never respond to emails, open attachments or click on links from suspicious or unknown senders.

Counterfeit websites

Online thieves often direct you to fraudulent web sites via email and pop-up windows. These websites may try to collect your personal information or infect your computer with a Trojan horse or virus. In many cases, there is no easy way to determine that you’re on a phony web site because the URL will contain the name of the institution it is spoofing. However, if you type, or cut and paste, the URL into a new web browser window and it doesn’t take you to a legitimate web site, or you get an error message, it was probably just a cover for a fake web site.

Another way to detect a phony web site is to consider how you arrived there. Generally, these sites are accessed by a link in a fake email requesting your account information. Remember, Umpqua Bank will not request personal information from you via email. Any unsolicited request should be considered fraudulent and reported immediately.