Thursday morning, November 30th, at approximately 9:45 am UnitedBankky.com was taken offline intentionally due to a malware exploit on our vendor hosted website.  If you viewed the United Bank website between 7:26 am Eastern Standard Time and 9:45 am Eastern Standard Time, you may have been exposed to this malware. Your up-to-date antivirus or endpoint protection software should have been triggered to identify any attempt to install malware on your system.  

Security and Support teams have conducted a thorough forensic analysis and have isolated the specific code used and determined that the malware script fails when executed on a computer.  The analysis indicates that nothing was actually placed on an end user’s system resulting in there being no danger of malware being installed and no action is needed by our customers.  There was also no impact to the security of your banking data or online banking login credentials.

United Bank & Capital Trust Co. is committed to ensuring the security of your personal and financial information. One of the most important and effective ways we can meet this commitment is to educate you about a variety of ways you can fall victim and different steps you can take to help protect yourself.

The security of our customers' information is extremely important to us.  We understand the importance of the trust you place in us to protect this information, and we assure you that we take extensive measures to make sure we maintain that security at all times.  Thank you for trusting United Bank with your financial needs.

Check our information below regularly to read about ALERTS that are occurring, COMMON SCAMS you need to be aware of, and other tips below to protect your personal and financial information.

Remember: We will never ask you to send personal or financial information by, in response to, or via a link in an email or social media posting.

Alerts

If you've been asked to send iTunes gift cards as payment, beware!

One thing we know about scammers — they want money, and they want it fast. That’s why, whatever the con they’re running, they usually ask people to pay a certain way. They want to make it easy for themselves to get the money — and nearly impossible for you to get it back.

Their latest method? iTunes gift cards. To convince you to pay, they might pretend to be with the IRS and say you’ll be arrested if you don’t pay back taxes right now. Or pose as a family member or online love interest who needs your help fast. But as soon as you put money on a card and share the code with them, the money’s gone for good.

If you’re not shopping at the iTunes store, you shouldn’t be paying with an iTunes gift card.

Read the entire article and explore what you can do if you get targeted on the FTC website.

 

United Bank is committed to ensuring the security of your personal and financial information. If we need to communicate notices or alerts to our customers, this is where we will publish the details online. United Bank will monitor and provide information concerning data breaches as they occur. As always, please regularly check your statement and online banking for suspicious activity and alert us immediately if you notice anything unusual.

Common Scams

While there are an endless number of ways thieves may try to get your information almost all scams involve some type social engineering. Social engineering is when thieves use something you are comfortable with or trust in order to get you to act without thinking your actions through. Common scams include:

Phishing - Thieves will send out bogus messages that appear to be from a company or government agency you may or may not do business with. These messages will attempt to convince you to either click on a link or call a number in order to get you to reveal information that can be used to steal your identity and/or access your accounts. Phishing messages may come through email, instant messages, and even text messages. The best thing to do if you believe a message may be legitimate is to contact the company using contact information that you know is valid such as a number from the phone book or by typing the company’s web address into your browser's address bar.

Vishing - is the use of social engineering tactics over the telephone system in an attempt to gain personal information for fraudulent uses. Vishing is successful because it is hard for law enforcement to track and because the phone system is very trusted by the general public. Features like caller ID can now be forged and faked using modern tools to make the calls more believable. Customers should be very suspicious when receiving calls asking for personal information and should call the bank directly using a number they know is good if they question the validity of a request. 

Spoofing - A “spoofed” site is one that appears to belong to a legitimate company. The site may even look like the legitimate company’s site utilizing their colors and, perhaps, their logo. Typically a bogus email is received that asks you to supply, confirm or update sensitive personal information by clicking on a link in the email. The goal of the criminal is to get you to enter the requested information so that they can steal it for their purposes.

Helpful Resources

We use Secure Access Codes as an additional layer of security in our Online Banking. Learn more about them by clicking here

The following sites offer valuable information related to fraud and identity theft:

OnlineOnGuard.Gov
Practical tips from the federal government and the technology industry to help you be on guard against internet fraud, secure your computer, and protect your personal information.

StaySafeOnline.org
Information and tools from the National Cyber Security Alliance to help home users and small businesses stay safe.

FTC.GOV/idtheft
Resource to learn about identity theft with detailed information to help you deter, detect, and defend against identity theft.

BBB.org/data-security
Resource for small businesses to learn more about securing their sensitive data.

USChamber.com
Information and tools to help business owners, managers, and employees understand and adopt basic internet security practices.

PCISecurityStandards.org
A great resource for business customers to learn how to enhance their payment card data security. The Payment Card Industry (PCI) Security Standards Council manages security standards related to card processing.

Tips to Protect Yourself

Being proactive and taking a few simple steps can help you protect yourself from becoming a victim.

  • Never provide your password, credit or debit card information or pin number over the phone or in response to an unsolicited Internet request unless you initiated the contact. 
  • Urgent appeals to act now should be resisted. Thieves often try to get you to act quickly before you have a chance to think about what you may be doing. 
  • Review your statements when you get them. You can also always review your accounts in real time using internet banking. If you see a transaction you cannot explain contact us immediately.
  • Contact the bank and ask to receive your statements electronically. Not only are you helping the environment, but you are keeping the paper statements out of your mailbox where they could be stolen and used to steal your identity. 
  • Don’t agree to deposit money from someone you don’t know into your account and then wire the money back or to someone else you don’t know. Wires are like sending cash, once they have been sent you can’t get your money back.
  • If something sounds too good to be true, it probably is.
  • Follow our Safe Computing Tips below. 
  • Business customers should consider performing their own risk assessment and controls evaluation periodically to determine if additional controls are necessary to address the risks of online banking. Additional information to assist you in completing this process can be found within our Helpful Resources - above. 

Remember:  United Bank will never contact you via unsolicited phone calls, emails, text messages, or over any other mediums to request your online banking credentials or personal information.  As your bank we already have that information on file and will therefore never request such information.  If you ever question the legitimacy of a request for your information you should contact the bank on your own to verify the request.

Safe Computing Tips

Install or Update Your Antivirus and Antispyware Software:
Antivirus and Antispyware software are designed to prevent and detect malicious software programs on your computer. In order to keep your computer and your identity safe all computers connected to the internet for any length of time should have both of these products installed at all times.

Run a Full Scan With Both Your Antivirus and Antispyware Software:
Full scans with your Antivirus and Antispyware software can help to catch the most recent viruses and spyware that may have been installed on your computer without your knowledge. Full scans of your entire PC should be run at least daily.

Ensure Your Operating System is Up to Date: 
Computer operating systems need to be updated to stay current with any security patches released by the maker of your operating system. In most cases people are running a Microsoft operating system that can be checked by visiting http://update.microsoft.com. Microsoft usually releases new updates once a month, but may do so more often when an update is extremely critical.

Keep Your Software Up to Date:
In addition to keeping your operating system up to date you should also look for updates for the software installed on your PC. This includes software such as Adobe products, Java, Firefox, and Apple iTunes. Software such as this can be vulnerable to hacker attacks and may lead to the compromise of your system if it isn’t updated. A good rule of thumb is that if you don’t need a piece of software don’t install it or remove it when it is no longer needed. 

Keep Your Firewall Turned On: 
A firewall helps protect your computer from hackers who may try to gain access to your computer and the information it contains. Software firewalls are available to protect single computers and are even included with many updated copies of Microsoft Windows. 

Review Accounts Regularly:
Everyone should regularly monitor their accounts for suspicious transfers and withdrawals. Businesses should monitor their accounts daily for suspicious transactions. Customers should notify United Bank immediately of any unexpected activity.

Change Your Passwords to Banking, Email, and Ecommerce Sites Regularly:
Passwords are the keys to your internet kingdom. Changing your passwords regularly will help ensure the security of all your online accounts as well as the information and the money they give you access to. When changing your password be sure to use strong passwords. Strong passwords use eight or more characters with random letters, numbers, and symbols. In addition, you should never use the same password on multiple sites. If one site is compromised your other accounts could possibly be accessed as well.

Be Careful What You Download:
You should never open email attachments or click on links in emails from people you don’t know. You should also be wary of forwarded attachments and links from people you do know. Email attachments and links can circumvent even the best Antivirus software. Additionally, you should be wary of downloads from trusted and un-trusted sites that seem new or suspicious. If the site has been poisoned or compromised by hackers you could unknowingly be installing a virus or spyware. If you question whether a download is necessary to access a site you can always contact the company for further information.

If Possible Have a PC Dedicated Only to Online Banking Activities:
Fraudsters and scam artists have learned that many small and medium sized businesses use online banking products due to their convenience. What they have also learned is that these same businesses often do not take the time to adequately protect their PCs as outlined in these tips, nor do they regularly review their accounts for fraudulent activity. Using this knowledge fraudsters and scam artists are now actively targeting small and medium sized businesses using phishing attacks, email attachments, and web sites designed to take advantage of OS and software flaws. One of the most effective controls is to use a second PC or “live disk” for your banking. This PC should not be used for regular web surfing, checking email, or other projects. These activities can increase a business’s risk of unknowingly coming into contact with malicious sites and software. You should never use the computer your kids use for your online banking.

Victim? What to do

If you believe that you have become the victim of identity theft or fraud contact your financial institution immediately. If you have disclosed sensitive information about your identity, accounts or credit cards you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file. The following is contact information for each of the bureau’s fraud division:

  • Equifax (888) 766-0008
  • Experian (888) 397-3742
  • TransUnion (800) 680-7289

The FTC has helpful resources online: https://www.identitytheft.gov/

United Bank is here to help if you ever notice any suspicious activity on one of your accounts. Please contact us immediately at 800-227-1602. 

If you suspect that you have received a fraudulent email, phone call or text message targeting United Bank customers, DO NOT RESPOND TO THE MESSAGE! Contact us at 800-227-1602.

Security Center Side Bar

 

Regulation E

Regulation E

Regulation E carries out the purposes of the Electronic Funds Transfer Act. In particular, it helps protect consumers from certain erroneous or fraudulent electronic transfers made from their account. Regulation E applies to consumer accounts only, including consumer checking and savings accounts. Regulation E does not apply to transactions on business accounts, including transactions made with Online Banking for Business.