Protect Your Online Banking Account Information
Please be alert!
If you receive an email, written correspondence or telephone call requesting your personal or account information from an individual, company or organization that claims to be from First United Bank or its affiliates, contact us immediately at (800) 924-4427.
While First United Bank works to protect your banking privacy, you will also play an important role in protecting your accounts. There are a number of steps you can take to ensure that your Online Banking account information is protected:
- Don't reveal your User ID or PIN to anyone else. Your User ID and PIN are designed to protect your banking information, but they will only work if you keep them to yourself.
- Change your Online Banking PINs frequently.
- Don't walk away from your computer if you are in the middle of an Online Banking session.
- Once you have finished your Online Banking session, sign off before visiting other Internet sites.
- If you notice any suspicious or unusual activity related to any of your accounts, contact us immediately at (800) 924-4427.
Login ID & Password Tips
Here are some Do’s and Don’ts for creating strong passwords. Take a moment to review these and consider strengthening your passwords and/or Login IDs if they fall short.
- Create unique passwords that use a combination of numbers, symbols, and upper and lower case letters.
- Use words from phrases or sentences, such as a line from a joke or phrase from a book. The password length is more important than the complexity.
- Change your password periodically
- Don’t choose passwords based upon details that may not be as confidential as you’d expect, i.e. birth date, Social Security or phone number, names of family members, etc.
- Don’t store passwords on or near your computer in plain text.
- Don’t use your username as part of your password.
- Don’t use easily guessed words such as “password” or “user”.
- Avoid using the same password at multiple websites.
- Avoid using simple adjacent keyboard combinations, i.e. qwerty, asdzxc, 123456, etc.
Online Banking is Private & Secure
First United Bank and Trust Company is committed to making your Online Banking experience safe and secure. We have taken many measures to ensure your privacy, including:
We use the latest encoding technology to ensure that your private information cannot be intercepted. Encryption is a way to rewrite something in code, which can be decoded later with the right "key". When you request information about your accounts, the request is sent encrypted to First United Bank. We decode your request and send the requested information back to you in an encrypted format. When you receive the information, it is decoded so that you can read it.
Personally Selected Account Names
First United Bank & Trust Company does not display your account numbers over the Internet. Instead, we ask you to choose a "pseudo" name for each of your accounts.
Individual ID & PIN Information
In order to access First United Bank & Trust Company's Online Banking, you must enter a unique User ID and PIN.
PIN Security System
To keep unauthorized individuals from accessing your account by guessing your PIN, we have instituted a PIN security system. If your PIN is entered incorrectly multiple times, the user is "locked out" of the system. Your account is not accessible via Online Banking throughout this lockout period.
If you are logged on to Online Banking but do not perform any activity for 30 minutes, you will not be able to proceed until you "re-log" on to the system.
Additional Security Measures
In addition to the above safeguards, we have sophisticated firewalls and an authentication process to ensure that only authorized individuals are allowed to enter our system.
First United Bank uses an encrypted network to communicate data between the customer and the bank. We are monitoring communication 24 hours a day.
First United Bank uses multi-factor authentication in order to help you safeguard access to your accounts in the event your password and login are compromised. The first time you logon from a new device or browser, you will be prompted to provide an out-of-band authentication code that is delivered to you via an SMS text message or an automated voice call. These one-time access codes are only valid for 15 minutes are used to ensure only you have access to your accounts online.
Mobile Device Security
Secure the device itself. Depending on what security options are available on the device, set a strong password (include a mixture of 8 or more upper and lower-case letters, numbers, and special characters) or PIN and change it regularly.
- Do not connect your device to unsecured Wi-Fi networks, such as a coffee shop, or public Wi-Fi hotspots.
- Install security software on your mobile device, just as you would your computer.
- Keep your mobile device and apps updated. Having the latest updates installed will help defend against online threats, malware, and viruses.
- Do not click on links located in emails or text messages from strangers. Those could be "phishing" messages (such as an alert that you need to "verify" bank account or other personal information) or designed to lead you to a bogus website controlled by thieves.
- Avoid clicking on ads.
- Log out of your apps, including your Online Banking, after use.
- Enable security and transactional alerts in your Online Banking profile to assist in notifying you of any unexpected activity.
- Be aware of your surroundings when you’re entering confidential information or transacting in Online Banking. A common form of information theft is observation.
- Set your device to lock after a period of inactivity, 10 minutes or less.
- Do not store sensitive information like user names, passwords, bank account information, or a social security number on your mobile device.
- Delete all information from your mobile device before you discard it. Contact your mobile phone provider for best practices. Some providers or software allow you to wipe your device remotely if it is lost or stolen.
- Contact First United Bank Customer Service at (800) 924-4427 if you notice any suspicious or unusual activity related to your Online Banking, or if you lose your mobile device or change your phone number.
Phishing is a term that describes the fraudulent use of electronic communications—most often email. Phishing happens when someone attempts to gain access to your personal information for the purposes of identity theft.
Phishers most often use email communications to encourage you to reveal your personal information. These emails falsely claim to be from a business or organization that you may deal with—for example, an Internet service provider, a bank, an online payment service, or even a government agency.
Help us protect you
Never give out personal or financial information to anyone who asks you to update, validate, or confirm your account information. Only give out your information if you’re certain you are dealing with First United Bank. If we have initiated contact with you, we will always give you the option to call us back at a phone number that is publicly available on our website so you can be certain you are speaking with First United Bank.
Things to avoid if you suspect you are being phished
Avoid replying to emails that look suspicious, or that ask for personal information such as your Social Security Number, account number, or password. Representatives of First United Bank will never ask you to confirm your password.
Business Email Compromise (BEC)
What is Business Email Compromise
Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional.
In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request, like in these examples:
- A vendor your company regularly deals with sends an invoice with an updated mailing address.
- A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
- A homebuyer receives a message from his title company with instructions on how to wire his down payment.
Versions of these scenarios happened to real victims. All the messages were fake. And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead.
How Criminals Carry Out BEC Scams
A scammer might:
- Spoof an email account or website. Slight variations on legitimate addresses (email@example.com vs. john.kelly@example_company.com) fool victims into thinking fake accounts are authentic.
- Send spear phishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.
- Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or send messages, so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.
How to Report
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
- Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don't know, and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request.
- Be especially wary if the requestor is pressing you to act quickly.