Avoid Phishing Attacks

Early indications are that fraudsters may be increasing phishing attacks in an effort to exploit the current COVID-19 pandemic. The Risk Office has observed fraudster emails and voice mails sent directly to cardholders asking for personally identifiable information (PII) and impersonating the financial institution (FI), health groups, and federal government agencies.

Additionally, criminals in possession of card details and other forms of PII are spoofing the phone number from financial institutions to fool cardholders into thinking that text messages and phone calls are actually from the fraud department of their financial institution.

It makes a difference when cardholders remain vigilant. If something sounds suspicious, question it. As a reminder, it’s important that you remain diligent in reviewing your accounts daily and quickly reporting any unauthorized activity.

There is a lot that you can do to protect your own financial accounts and information in order to avoid being compromised. Here is some important information for you to remember:

  • Neither First United Bank nor the fraud department will ever ask you over the phone for your PIN, CV2 codes or Expiration Dates.
  • A text alert warning of suspicious activity on a card will NEVER include:
    • A link to be clicked. Cardholders should never click on a link in a text message that is supposedly from us.
    • Vague reference to a “Merchant” transaction; details should be included.
    • Requests for cardholder data such as card numbers, PINs, CV2 Codes, Expiration Date.
  • A text alert from us will always be from a 5-digit number and NOT a 10-digit number resembling a phone number.
    • A valid notification will provide information about the suspect transaction and ask you to reply to the text message with answers such as ‘yes’, ‘no’, ‘help’, or ‘stop’.
    • A text caller ID will be 20733 if you use the standard call center, or 37268 if you use the premium call center.
  • A phone call from one of our Call Center agents will only include a request for the cardholder ZIP code, and no other personal information, unless the cardholder confirms that a transaction is fraudulent.
    • Only then will the cardholder be transferred to an agent, who will ask questions to confirm the cardholder’s identity before going through the transaction history. If, at any point the cardholder is uncertain about questions being asked or the call itself, they should hang up and call us directly.
  • If a call is received by the cardholder, claiming to be your Call Center and asking to verify transactions, no information should have to be provided by the cardholder other than their ZIP code, and a ‘yes’ or ‘no’ to the transactions provided.