Blog   Tagged ‘phishing’

Phishing Alert and “Heartbleed” security issue

  |  Posted by

Did “Heartbleed” affect UMB?

“Heartbleed” is a bug that has affected many popular websites and “could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years,” according to‡

None of UMB’s computer systems were impacted by the Heartbleed bug.

As soon as these hackers were exposed, UMB took immediate action. We were able to find that none of our banks were vulnerable to this issue. We also added specific, proactive monitoring. Although UMB was not affected by the issue, our customers do need to be cautious since the bug could still harm you through other websites where you saved your card numbers or used the same password you use for online banking.

What action do customers need to take?

  • Change your passwords – If you utilize the same password for your online banking services that you utilize on other sites, we strongly recommend that you change the password for your online banking services immediately, in case your username or password were compromised on another site.
  • As always – use different passwords for all online services which contain personal or financial information.
  • To find out if other password-protected sites you use were compromised, we recommend contacting those website providers directly. They may advise to wait to change your passwords until they have installed the latest fixes to this Heartbleed bug, but the only way to know for sure is to receive information from those specific sites.
  • If you run a website and need advice on how to protect it, we recommend visiting‡

Phishing Alert

phishing scam

Some of our customers may have received text messages yesterday or today that we identified as a phishing attempt. The message states that there has been a security breach and gives a number to call. If you call the number, it will ask you for your credit card number or account information. Do not respond to this request for information.

What you need to know:

  • UMB will NEVER contact you via text, email or phone for the purpose of requesting any kind of personal or bank information.
  • Phishing scams are common. These attacks use e-mail or malicious websites to solicit personal, often financial, information. Attackers may send e-mail seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
  • Check out some more Security FAQs from our security experts.

What you need to do:

  • Never respond to suspicious messages or click on suspicious links.
  • Check with your financial institutions before sharing any type of private or financial information.
  • Remember to use online and mobile banking. Why?
    • Secure (protected by multiple layers of security)
    • Saves time – quick access from any computer anywhere
    • Hinders identity theft – if you check your accounts frequently, potential fraud is discovered early.
  • Already a mobile banking user? Here are some tips:
    • Save UMB’s short code (50106) in your address book as a Contact, so that when you receive a Text/SMS message from us, you will know immediately that UMB has sent you a communication.
    • Make sure you know who has sent you any message – if in doubt, delete it.
    • Never click on any links if you are not sure of the sender.
    • Never send any confidential information to anyone – the bank will never ask you to “go here and fill in this information” or “please send us this information.”
    • The bank will also never ask you to respond with your password unless you are signing into one of our applications.
    • Never respond to a request for your password and alert us immediately should you receive a message requesting your password or any other confidential information at 888-782-4325. You may contact us Monday through Friday, 8 a.m. to 10 p.m. or on Saturday from 8 a.m. to 5 p.m.
Continue Reading

When you click links marked with the “‡” symbol, you will leave UMB’s website and go to websites that are not controlled by or affiliated with UMB. We have provided these links for your convenience. However, we do not endorse or guarantee any products or services you may view on other sites. Other websites may not follow the same privacy policies and security procedures that UMB does, so please review their policies and procedures carefully.

UMB Financial Corporation (Nasdaq: UMBF) is a financial services holding company headquartered in Kansas City, Mo., offering complete banking, payment solutions, asset servicing and institutional investment management to customers. UMB operates banking and wealth management centers throughout Missouri, Illinois, Colorado, Kansas, Oklahoma, Nebraska and Arizona. It also has a loan production office in Texas. Subsidiaries of the holding company include mutual fund and alternative investment services groups, single-purpose companies that deal with brokerage services and insurance, and a registered investment advisor that manages the company's proprietary mutual funds and investment advisory accounts for institutional customers.

Leave a Comment

Tagged: , , , , ,

Wait a minute…who’s been sending emails from my account?

  |  Posted by

Did you know every day thousands of webmail accounts (Gmail, Yahoo, AOL, etc.) are taken over by cyber criminals? Compromised webmail can be used to make purchases, transfer money from bank accounts or even trick friends and family into giving out information that allows access to their webmail – in a matter of minutes.

Take time to do a few simple things to ensure your webmail accounts are as secure as possible:

Continue Reading


Weak passwords can be easily hacked and used to access your account.

  • Avoid using the same password on numerous accounts. This may make your email vulnerable if another site is compromised.
  • Change your password often.
  • Use strong passwords. For example, think of a special phrase and use the first letter of each word as your password. For more tips, visit

Security Questions

Even a strong password can be compromised if security questions are easy to guess.

  • Make sure answers can’t be researched on social media sites.
  • Pick a question that only you know the answer to.
  • Choose the custom security question option if available.

Phishing Email

Phishing scams use a convincing message to trick you into clicking a link, downloading attachments or other “bait” that can be used to log your online activity, give a cyber criminal control of your computer or even direct you to a phony website where you’re asked to enter your username and password. All of these can be used to commit online crimes. To avoid phishing scams:

  • Look for misspellings or grammatical errors.
  • Question suspicious email; don’t click questionable links or download attachments that appear out of the ordinary, even if from a friend or company you’re familiar with.
  • If you aren’t sure, provides help for identifying phishing scams.

Review Account(s)

The best protection against cyber crime is staying alert.

  • Check sent, trash, and other folders for suspicious incoming or outgoing mail.
  • Check advanced account options for changes you didn’t make. Your email may be forwarded to someone else and you didn’t even know it.
  • Investigate security options offered by your provider like notices for suspicious log-in attempts or two-step verification using a code that’s texted to your phone.
  • Regularly review financial accounts associated with your email address for suspicious activity.
  • Contact your bank and all other financial institutions immediately if you think your email has been compromised.

Don’t fall victim to cyber crime. Take time to secure your webmail accounts and encourage friends and family to do the same.

Ms. Matheys serves as senior vice president and Director of Corporate Information Security & Privacy, providing oversight of UMB’s information security and privacy programs. She joined UMB in 2010 and has 15 years of experience in information technology and information security. She attended Kansas State University with a focus on management information systems and is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and member of the International Association of Privacy Professionals.

Read One Comment

Tagged: , , , , , , , , , , , , , , , , , , , , , , , ,

How to get your identity stolen

  |  Posted by

You’ve read hundreds of articles about how to avoid identity theft, but if you actually want to lose your identity then just follow these ten simple steps:

Continue Reading
  1. Use your pets or child’s name as your email password
    Fluffy1234. Who would ever think of that? Identity thieves are using sophisticated technology to crack your passwords and steal your information. Using your dog’s name and a common number sequence will make it so easy that these identity thieves won’t even need a computer to figure it out.
  2. Over-share with your neighbor or a friendly stranger
    Always use the same personal identification number (PIN) or code for all your accounts, credit and debit cards. Remember when you had your neighbors watch your house and you gave them your garage code? Well now they also have your PIN for all your accounts. And what about that friendly stranger who offers to sell you a tropical vacation for pennies on the dollar? Once you give them your name, address and payment information, your identity could be as good as gone!
  3. Throw away personal documents without shredding
    Throw away receipts, old bill statements and credit card applications without shredding them. A more low-tech identity thief will just dig through your dumpster and use the information in receipts and bills to access your personal information. Then he will sign up for a credit card in your name with the application you threw away the other day. He’ll be sitting on a beach sipping a frozen drink after he spent all your money on that tropical vacation we mentioned while you spend months recovering your lost finances and clearing up your credit report.
  4. Make yourself an easy target for pickpockets
    Don’t pay attention to your surroundings in a crowd. Leave your fanny pack unzipped so anyone can reach right in and grab your wallet. This saves an identity thief from the trouble of looking for your information. He can just use your ID and credit or debit cards.
  5. Don’t password protect any personal devices
    Don’t password protect any of your personal devices (laptops, tablets, smartphones, etc.) and leave them out where anyone can access them. Why waste the time pushing buttons to unlock your smart phone when you could be taking a picture of your dinner!
  6. Respond to suspicious emails
    Even if it seems suspicious, respond to all emails asking for your personal information. Click on suspicious links too! This will route you to a website or file download that will make it really easy for you to share all of your online activity with the identity thief – user names, passwords, card numbers, you name it!
  7. Respond to suspicious requests on social media
    Easily hacked passwords on your social media sites allow identity thieves to pose as you and try to con your friends out of their personal information and even their money. Oh, and your ex really is stuck in London without a passport or money! Wire that $5,000 right away!
  8. Transfer money on an unsecure website or via email
    Speaking of sending money, be sure you give out your bank account info via email because it’s definitely a safe way to shop online. Throw in your Social Security number and your mother’s maiden name while you’re at it.
  9. Be careless with logins and personal information in public
    Openly log in to your personal accounts while you’re on a laptop or phone in a public setting. Balance your checkbook in a coffee shop and be sure you move out of the way so the identity thief can clearly read your account number.
  10. Never review your bank account statements
    They say ignorance is bliss. It’s true. If you never look at your account statements, you’ll never know if someone has your account information and is spending all your money. You’ll also never know when your spouse dropped a couple hundred dollars on a shopping spree!

Of course, we are joking and having a little fun with this post. At UMB we take privacy and security very seriously, especially when it comes to our customers. You might think identity theft can’t happen to you, but it is still very common and a few simple things can keep you protected. Just do the exact opposite of everything on this list. Or, take a look at our website to learn more tips and tricks to protect your information and your identity.


Bank deposit products provided by UMB Bank n.a., Member FDIC. Equal Housing Lender

Ms. Matheys serves as senior vice president and Director of Corporate Information Security & Privacy, providing oversight of UMB’s information security and privacy programs. She joined UMB in 2010 and has 15 years of experience in information technology and information security. She attended Kansas State University with a focus on management information systems and is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and member of the International Association of Privacy Professionals.

Read One Comment

Tagged: , , , , , , ,