HOW TO SPOT FRAUD

Be alert for these warning signs:

• Missing bills or statements

  You did not receive a bill or statement you expected to receive in the mail.

• Unexpected charges

  Unfamiliar charges show up on your credit card, checking, savings or other account.

• Denied credit

  You are unexpectedly denied credit or given unfavorable terms.

• Unsolicited credit cards

  You receive credit cards that you never applied for.

• Collection calls

  Creditors or collection agencies are attempting to collect money for unfamiliar purchases or services.

If you suspect fraud, contact us immediately at 877.595.6256. We are available 24 hours a day to protect you from theft and fraud.

What is phishing?

"Phishing" (pronounced "fishing") is when someone tries to trick you into giving them confidential banking information so they can steal your money and identity. Phishing may be done using email, phone calls or voicemail (referred to as "vishing"), or text messages ("smishing"). In each case the goal is to lure you into revealing confidential information such as bank account numbers, credit card information, your Social Security number or your Personal Identification Number (PIN).

How email phishing works:

1. Criminals create a fraudulent email that looks like it came from U.S. Bank or another trustworthy company or person.
2. Clicking on the link takes you to a fraudulent website designed to look exactly like the real U.S. Bank website or another familiar site.
3. Once there, you'll be asked for confidential information (such as your account numbers or Social Security number). The cyber thieves will use the information you enter to steal from you.

Fraudulent websites may also download malware onto your computer that can be used for identity theft. Emails may be sent to actual account holders whose addresses were obtained illegally, or they may be sent to random email addresses.

IMPORTANT! U.S. Bank will never call or email you to ask for your account number or other confidential information. The only time we might ask for personal information (such as the last four digits of your Social Security Number) is when you contact us.

Signs of a fraudulent email:

This is an example of a fraudulent email. It's designed to get you to click on the link. Clicking on the link may download malware onto your computer or lead you to a fraudulent website. Below are some clues that indicate this is a fraudulent email.

1. Beware of links in email.
   Clicking on a link in a phishing email or pasting it into your browser may take you to a fraudulent website. 
   • Look for clues in the link like a misspelled company name – this example uses "usbanks" instead of "usbank."
2. Don’t fall for scare tactics. 
   

   Fraudulent emails try to make you believe something bad will happen (for example, your account will be suspended) if you don’t respond to the email and provide your account number or other confidential information. 

3. Protect your confidential information.
   As a rule of thumb, never include any information in an email that you wouldn't write on a postcard. 
   • It's critical to know that U.S. Bank will never ask you to provide confidential information (your account number, Social Security number, name, address, password, etc.) in emails or text messages.
   • We will only ask for confidential information to verify your identity when you call one of our toll-free Customer Service numbers.
   • If you get a phishing email that claims to be from U.S. Bank, please call 877.595.6256 to report it to U.S. Bank.
4. Watch for misspelled words.
   • Fraudulent emails often contain bad grammar and misspelled words.
5. Make sure you’re greeted by name.
   • Fake e-mail messages are usually  not personalized.
   • Emails from U.S. Bank to you will always use your name.

How to tell if a website is real.

Fraudulent websites look like the real thing and can fool you if you don’t know what to look for. To check whether a website is real:

1. Look for the “S”.
   • Every U.S. Bank web page that reveals personal information will have https: in the address. 
   • The "s" after http indicates the connection between your computer and the website is “secure.” 
   • Informational pages that do not reveal personal information (like our home page) will not have the "s."
2. Look for security indicators
   • In addition to the “s,” certain browsers will display a small lock icon in the browser address bar to indicate a secure site. If you use Internet Explorer or Google Chrome, look for this icon.
   • When you click on the lock, a certificate window should appear.
   • If no window appears, you may be on a fraudulent website.
   • Different browsers, such as Apple Safari or Mozilla Firefox, indicate a secure site in different ways. For details, refer to the help pages for your browser.
3. View the certificate.
   • Click on the lock icon to see the digital certificate.
   • The certificate should have "usbank.com" as part of the "issued to" name.

How to spot fraudulent websites and pop-up windows

This pop-up window is an example of the kind created by online criminals for the purpose of collecting your personal information. Notice that the colors, graphics and style follow the look and feel of the real U.S. Bank website.

Fraudulent website

Pop-up window asks you to enter:

• Checking account number 
• Cardholder name
• Credit card number
• Bank routing number
• Expiration dates
• Social Security number
• Personal Identification Number (PIN)

Smishers

Smishers are fraudsters who send text messages to your phone, instructing you to call a certain number or go to a specified website immediately. Generally, the smishers warn that something bad will happen to your account (such as it will be frozen or terminated) if you don’t follow their instructions.

Never respond to these texts. Do not call the numbers they provide or click on the links they send to you via text message or email. U.S. Bank will only send you text messages if you have signed up for U.S. Bank Alerts.

Vishers

Vishers are fraudsters who reach out to you by phone instead of email. They’re after the same thing as phishers – your confidential banking information. Fraudsters can spoof caller ID to make it look like a call is actually originating from U.S. Bank. So how can you tell whether a caller is the real deal?

It’s simple. U.S. Bank will never call you and ask you for your account numbers, Personal Identification Numbers (PINS), or any confidential information. Do not provide any confidential information over the phone unless you initiated the phone call. Hang up and call U.S. Bank at 877.595.6256 if you suspect fraud. Call 800-US-BANKS (800.872.2657) for all other customer service concerns.