Privacy & Security

Footer Page

Ensuring the privacy of your financial information ranks among our highest priorities. Learn about how your information can be used, and customize your personal privacy preferences.

expand +Privacy Policy
Effective 04/2015

FACTSWHAT DOES CIT Group Inc. (“CIT”) DO WITH YOUR PERSONAL INFORMATION?
Why?Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What? The types of personal information we collect and share depends on the product or service you have with us. This information can include:
  • Social Security number and income
  • Account balances and payment history
  • Credit history and credit scores
  • Transaction or loss history
  • Overdraft History
When you are no longer our customer, we continue to share your information as described in this notice.
How?All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons CIT chooses to share; and whether you can limit this sharing.

Reasons we can share your personal informationDoes CIT share?Can you limit this sharing?
For our everyday business purposes - such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureausYesNo
For our marketing purposes - to offer our products and services to youYesNo
For joint marketing with other financial companiesNoWe don't share
For our affiliates' everyday business purposes- information about your transactions and experiencesYesNo
For our affiliates' everyday business purposes- information about your creditworthinessNoWe don't share
For non-affiliates to market to youNoWe don't share
Questions?For CIT Bank, N.A. call: 1.855.462.2652
For OneWest Bank, a division of CIT Bank, N.A. call: 1.888.846.3433
For OneWest Bank Mortgage Servicing, a division of CIT Bank, N.A. call: 1.800.781.7399
For Financial Freedom, a division of CIT Bank, N.A. call: 1.800.441.4428

Who we are
Who is providing this notice?CIT Group Inc.’s subsidiaries that own or service consumer products, including CIT Bank, N.A. and its divisions OneWest Bank, OneWest Bank Mortgage Servicing, and Financial Freedom.

What we do
How does CIT protect my personal information?To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does CIT collect my personal information? We collect your personal information, for example, when you:
  • Open an account or make deposits
  • Pay your bills or apply for a loan
  • Use your debit or credit card
  • Enter into an investment advisory contract

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.

Why can't I limit all sharing? Federal law gives you the right to limit only:
  • Sharing for affiliates' everyday business purposes - information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.


Definitions
Affiliates Companies related by common ownership or control which includes IndyMac Venture, LLC.
Nonaffiliates Companies not related by common ownership or control. They can be financial and non-financial companies.
  • We do not share with nonaffiliates so they can market to you.
Joint marketingA formal agreement between nonaffiliated financial companies that together market financial products or services to you.
  • We do not have joint marketing partners.

Other important information

For California Residents: In accordance with California law, we will not share nonpublic personal information about you with our affiliates or any nonaffiliated third party, other than permitted by law, unless we receive your consent.

Vermont Residents: In accordance with Vermont law, we will not share nonpublic personal financial information about you with our affiliates or any nonaffiliated third party, other than permitted by law, unless we receive your consent.

Nevada Residents:
Nevada law requires that we provide you with the following contact information regarding "do-not-call" lists: (a) Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Telephone 702.486.3132; email: BCPINFO@ag.state.nv.us; and (b) If you wish to be placed on our internal "do-not-call" list contact CIT Bank, N.A., P.O. Box 7211, Pasadena, CA 91109-7311; Telephone: 800.669.2300; email: PrivacyEmail@owb.com

Additional Information: This privacy notice applies to individuals only and does not apply to business entities or business transactions. It is effective upon publication. We reserve the right to make changes to this notice. You may review our policy and practices with respect to your personal information at www.cit.com/utility/privacy-policy or we will mail you a free copy of the notice upon request. This notice is for general guidance and does not constitute a contract nor does it modify or amend any agreement we have with you.

expand +Customer ID Notice
The USA PATRIOT Act, a federal law, requires all financial institutions to obtain sufficient information to verify your identity when creating a new banking relationship. You may be asked several questions including your name, address, date of birth, Social Security number or other government-issued identification number, and to provide one or more forms of identification to fulfill this requirement. In some instances, we require other identifying documents and/or use a third party information provider for verification purposes. Our established Privacy Policy helps protect your personal information

We're committed to securing your nonpublic personal information with top-notch federal regulations and informing you about smart ways to protect yourself from identity theft, online fraud and other scams.

expand +Online Security and Privacy Policy (Effective 12/31/2013)

Protecting Your Online Financial Privacy

OneWest Bank values your privacy. This Online Security and Privacy Policy pertains to your use of websites owned or operated by OneWest Bank, including any mobile applications (“Website”or “Websites”). If we make any changes to this Policy we will post the updated version to this website and identify the effective date of the revised Policy. We will protect the privacy of your personal and financial information. To safeguard your nonpublic personal information, we maintain physical, electronic and procedural safeguards that comply with federal regulations. We update and test our technology regularly to ensure we maintain commercially-acceptable standards in securing your financial privacy.

Collection of Information

When you visit our Websites, we may collect personally identifiable information about you, including but not limited to your name, your home or physical address, a social security number, your e-mail address, a telephone number, other identifiers that enable physical or electronic contact with you, and/or information concerning you that our Websites collect, which we may maintain in personally identifiable form in combination with any of the preceding information for tracking or marketing purposes. For more information about this, see the section entitled “Cookies.”

Third parties who assist in the operation of our Websites or who serve our ad banners to sites on which we have paid to advertise may collect such information from you for such purposes as fulfilling your online requests, processing your transactions or to gather anonymous user data, such as how many people clicked through a particular ad.

We have designed our systems to ensure that your Personal Identification Number (PIN), password and other access codes remain private and confidential. To further ensure your privacy, please do not share your PIN, password or other access codes with anyone other than joint account holders.

Sharing of Information

We may share this information with our affiliates and third parties for our, or our affiliates’, everyday business purposes - such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus; and for marketing our or our affiliates’ products or products offered jointly with another financial company , subject to choices you may make to limit this sharing, as specified in our Privacy Policy.

Changing or Updating Information

Customers who have established online accounts in order to view information and/or conduct transactions related to products or services offered by OneWest Bank may be able to review and update their personally identifiable financial information after securely logging in to our Website.

“Do Not Track” Signals

Our Websites do not accept web browser “Do Not Track” signals or similar mechanisms that may provide you the ability to exercise choice regarding the collection of personally identifiable information about your online activities over time and across third-party websites or online services we may use.

Retention of Information

The length of time we retain information varies depending on the product, service and/or the nature of the information. This period may extend beyond the end of your relationship with us.

Cookies

To provide better service and more effective Websites, we use "cookies” as part of our interaction with your browsers. A "cookie" is a small text file placed on your hard drive by our web server. Our cookies cannot retrieve any other data from your hard drive, pass on computer viruses, or capture your e-mail address. Cookies are commonly used on websites and do not harm your system.

We use cookies on parts of our Websites where you need to register, such as online banking, or where you are able to customize the information you see. Recording a cookie at such points makes your online experience easier and more personalized.

We may also use cookies to record information regarding:

  • Visitors' preferences
  • User sessions on our Websites
  • Which web pages users visit on our website
  • Past activity on Websites in order to provide better service when visitors return, such as:
    • to alert visitors to new areas that we think might be of interest to them when they return to our Website;
    • to ensure that visitors are not repeatedly sent the same banner ads; and/or
    • to customize web page content based on visitors' browser type or other information.

Our cookies do not collect personally-identifiable information, and we do not combine information collected through cookies with other personal information to determine your identity or e-mail address. We may combine personal information with cookies for other purposes, such as tracking or marketing preferences. By configuring your preferences or options in your browser, you determine if and how a cookie will be accepted. However, if you configure your web browser so that cookies are turned off, our website will not be able to process your transaction. If this happens, please turn your cookies back on and log onto our site again.

Web Beacons

A web beacon is a graphic image (such as a pixel tag or clear GIF) that is placed on a web page or in an e-mail message to monitor user activity (such as whether the web page or e-mail message is read or clicked). They are often invisible and may be very small in size. They are also used on many web pages for alignment purposes. We sometimes use web beacons to provide an independent accounting of how many people visit our Websites or to gather statistics about web browser usage on our Websites. Some of our web pages and HTML-formatted e-mail newsletters use web beacons in conjunction with cookies. It is difficult for you to limit the use of web beacons because there is no easy way to distinguish their use from alignment and other purposes. They may be loaded from a different web server than the rest of the page.

Protecting Children's Privacy Online

The safety of children online is very important to us. We do not knowingly collect Personal Information from children under the age of 13 online. If we become aware that we have inadvertently received Personal Information online from a user under the age of 13, we will attempt to delete the information as soon as possible. Because we do not knowingly collect Personal Information from children under the age of 13 online, we also do not knowingly distribute such information to third parties.

Security

Access to our systems containing Non-Personal Information or Personal Information is only provided to those employees and agents whom we determine need it for the purpose of providing products or services to you. We maintain physical, electronic and procedural safeguards that comply with applicable federal and state standards to protect your information. We use industry-standard security measures to protect your information so that it is not made available to unauthorized parties, including using Secure Socket Layer (SSL) technology for encryption and transmittal of information (including your personal Information) on or through our Websites. However, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, we cannot and do not guarantee or warrant the security of any information you transmit on or through our Websites, and you do so at your own risk.

Third-Party Advertisements

When browsing the Internet, you may see a banner ad for a OneWest Bank product or service. These ads may appear on non-OneWest Bank websites. We use third-party advertisement serving companies to serve our ad banners to sites on which we have paid to advertise. If you click on one of our ads, you will be directed to the OneWest Bank Website offering that particular product or service. Sometimes, these ads may contain web beacons or cookies to gather anonymous user data, such as how many people clicked through a particular ad. Our policy does not cover any use of information that a third-party advertisement-serving company may collect from you. The companies that distribute our ads are prohibited by contract from using information other than for the agreed-upon purpose, which is to help us market our products and services and to measure response rates.

Links to Third-Party Websites

We are not responsible for the information collection practices of the non-OneWest Bank links available on our Websites. We cannot guarantee how these third parties use cookies or whether they place on your computer cookies that may identify you personally. We urge you to review the privacy policies of each of the linked websites you visit before you provide them with any information.

Encryption

Your password, as well as all information relating to your accounts and your enrollment, are scrambled using some of the strongest forms of encryption commercially available for use over the World Wide Web.

How does encryption work?

Everything that travels through the Internet during your online banking session, from your password to online bill pay, becomes a string of unrecognizable numbers (also known as algorithms) before entering the Internet. Both OneWest Bank's computers and the browser you use to surf the Web understand the mathematical formulas, called algorithms, which turn your banking session into numeric code, and then back again into meaningful information.

These algorithms serve as locks on the doors of your account information. While OneWest Bank and your computer can easily translate this code back to meaningful language, this process is nearly impossible to decipher by unauthorized intruders. These complex algorithms are randomized in such a way that billions of attempts would need to be conducted to crack a single formula. Each time you begin an online banking session, your computer and OneWest Bank's systems agree on a random number that serves as the key for the rest of the session. Your browser’s encryption settings will most likely determine the algorithm.

OneWest Bank ensures that all OneWest Bank online banking sessions via the Internet are encrypted. If for any reason your secure session ends, your Online Banking session terminates.

For maximum protection, OneWest Bank encourages you to use browsers offering 256-bit encryption. This is also known as high or strong encryption. It means there are 2 to the 256th power possible keys that could fit into the lock that holds your account information. In other words, a hacker attempting to get to your account information would need to use a computer with exponentially more processing power than for 40-bit or 56-bit encryption to find the correct key.

All browsers provide detailed information on encryption and other forms of security. Consult your browser’s security options for more information.

How do I know if my banking session is encrypted?

You can determine if encryption is being used on a given web page by looking for a padlock icon. This is one example: padlock

Padlock icons vary in design and color. Generally, padlock icons are displayed on the address bar, menu bar, status bar, tab or other areas of your browser, depending on the device used (desktop or laptop tablet or smart phone) and the type of browser used (e.g. Internet Explorer, Safari, Google Chrome, etc).

expand +Notify Us about Online Security Issues

If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m. – 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

Please include your name, e-mail address, telephone number and a detailed description.

expand +How to Add OneWest Bank to your Safe Sender Email List

An increasing number of e-mail clients (Outlook, AOL, Hotmail, etc.) are including spam blockers that can affect the delivery and display of some e-mail messages. This means that sometimes those desired e-mail communications might not reach you, or they might be displayed without images.

To ensure that you continue receiving your e-mail or subscriptions and that they display properly, we recommend adding the email address or domain to your list of safe senders. Here are some instructions to help you do that:

Outlook Express

Go to "Actions" on your e-mail menu bar. Select "Junk E-mail" from your pull down menu. Select "Add Sender to Safe Senders List."
OR
Right-click in the message and select "Junk E-mail", then select "Add the Sender to Safe Senders List".
OR
Go to Tools on the menu bar. Select "Options" in the pull-down menu. Under "Preferences", select "Junk E-mail". Then click on the "Safe Sender" tab. Click the "Add" button. Type the email address of the sender in the text box.

Outlook 2003 or Outlook 2007

Go to "Actions" on your e-mail menu bar. Select "Junk E-mail" from your pull-down menu. Select "Add Sender to Safe Senders List."
OR
Right-click in the message and select "Junk E-mail", then select "Add the Sender to Safe Senders List".
OR
Go to Tools on the menu bar. Select "Options" in the pull-down menu. Under "Preferences", select "Junk E-mail". Then click on the "Safe Sender" tab. Click the "Add" button. Type the email address of the sender in the text box.

Outlook.com (Formerly MSN Hotmail)

  1. Click on the Gear icon next your username
  2. Select Options
  3. Select Safe and Blocked Senders
  4. Select Safe Sender
  5. Add email or domain to mark as safe

Gmail

  1. Open the e-mail
  2. Click "More Options" in the e-mail header.
  3. Click "Add Sender to Contact List"
  4. The email address will be entered into your Gmail contacts list.

AOL Mail

  1. Open the email.
  2. Hover over the From address to give a small dropdown. Select "Add contact"

Yahoo! Mail

Use the "Not Spam" button to report messages you want in your Inbox that were delivered to your Bulk folder.

Earthlink

If you have the e-newsletter e-mail address in your Address Book, Earthlink will not block it.

Go to your Address Book, click the "Add" button. You only need to enter the e-mail address under Internet Information.

Apple Mail

  1. Add the email address to your address book.
  2. In Training mode, emails will arrive in the INBOX highlighted in brown. In Automatic mode, junk emails will arrive in the Junk box. To add an email that arrived in the JUNK folder, highlight the email message.
  3. Choose Message > Mark > As Not Junk Mail

At OneWest Bank, we are committed to the security of your financial information. However, you must also take every step to ensure the safety and privacy of your information. In order to help educate you on identity theft, online fraud and lottery scams on all fronts, we've detailed the major threats on the Internet today, as well ways to take action to both prevent and manage these issues if they occur.

expand +Phishing Website Scam

Be aware of Phishing Website Scams

OneWest Bank has created this webpage to inform and warn consumers about a type of fraud called "phishing." The term "phishing" - as in fishing for confidential information - refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information. This is how it works:

  • A consumer receives an e-mail that appears to originate from a financial institution, government agency, or other well-known/reputable entity.
  • The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
  • The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.
  • Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
  • When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.

Recently, criminals have been using the OneWest Bank's name and reputation to perpetrate various "phishing" schemes. It is important to note that OneWest Bank will never ask for personal or confidential information in this manner. One “phishing” scheme was perpetrated using the following domain name: www.onewstbk.com

Please do not attempt to transact any business or submit any personal information through the above web site.

Any genuine OneWest Bank communication will only utilize links to the official OneWest web page located at www.onewestbank.com Any genuine link will commence with that URL as in the example below:

Phishing Website Scam

If you click on a link that takes you to a website whose address begins with something else, or which includes apparent abbreviations of our bank name, it’s not a genuine OneWest Bank site – even if it looks familiar. You should refrain from using any links or information found at such fraudulent sites.

If you suspect an e-mail or Web site is fraudulent, please report this information to OneWest Bank, using this number 1.877.741.9378. If you suspect that you have been a victim of identity theft, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you see unauthorized charges on your credit card, immediately contact OneWest Bank and, if necessary, close existing accounts and open new ones. Also contact the police and request a copy of any police report or case number for later reference. In addition, call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.

expand +Bash Shellshock Bug

Your online security is always a priority to OneWest Bank.
Given the recent news of the Bash "Shellshock" bug, we want you to know what we're doing to protect your information.

First, what is the Bash Shellshock Bug?
The Shellshock bug refers to a coding flaw housed in utility program called "Bash," which affects computers and websites running operating systems such as Mac OS and Linux. Bash enables computer programs to connect, and one of its chief uses is in connecting web server software to underlying operating systems. It also enables individual computers to execute commands like "run my Web browser" and "open this application," etc. Generically, programs like Bash are called "shells," and that's how the bug was given its name.

Bash has been in use all over the world for well over 20 years, but in September 2014, it was discovered that modifications to the code in the early 1990s inadvertently created a flaw that allows malicious code execution to take over an operating system and access confidential information. As a result, lots of companies with an internet presence are potentially at risk from the Shellshock bug. Certain personal computers may also be at risk.

What is OneWest Bank doing about it?
OneWest is using both automated and manual protocols to detect Bash vulnerabilities in our own systems and swiftly deploy the appropriate patches. We are also working with our vendors to detect and eliminate vulnerabilities.

What should I do?
There are two things you can do to protect yourself, and they are not new:

First, the best way to limit your exposure to computer bugs that target internet-based activity is to have different passwords for different websites, and to make those passwords appropriately complex, using upper- and lower-case letters, numbers and if allowed, symbols. Change your passwords periodically.

Second, it's always wise to watch for and promptly implement operating system updates or patches designed to enhance security. Bash is used in personal computers running the Mac operating system, though Apple has explained that OS X is safe for all but those running advanced Unix services. A patch is coming for those users, according to Apple. Bash is not native to Windows-based computers, but there is a window-based version in use on some machines, that is reportedly vulnerable. So stay up to date on security patches for your machine(s)!

Why you can feel confident.
We're serious about security. Your online account with OneWest Bank is protected with a sophisticated information security program. Our multi-layered defense system consists of preventive, detective and response controls managed by a team dedicated to tracking threats such as the Shellshock bug.

We are vigilantly monitoring this situation and will take additional steps, as needed, to guard against the Shellshock bug and safeguard your information.

expand +Voice Phishing Phone Call Scam

Calls Claiming to Come from OneWest Bank’s Security Department:

Recently, some of our customers have received telephone calls featuring a recorded message that claims to be from OneWest Bank’s Security Department. The recorded message asks the called party to enter their debit card number. These calls are not from OneWest Bank. The imposters placing these calls are engaging in a practice known as "vishing" or "voice phishing," through which they attempt to obtain a called party’s debit or credit card and security information.

Do not become a victim! If you receive a call like the one described above, or any other suspicious phone call inquiring about your account(s) with OneWest, do not provide your card number(s) or security information. If you have any questions, please contact our Customer Call Center (at 1.877.741.9378) or use our branch locator to contact your local branch to report such activities.

expand +Caller ID Spoofing

We are aware that there are companies engaging in telemarketing activities that will spoof (or manipulate) the caller ID to make it appear that the call is coming from OneWest Bank. These companies are performing this illegal activity for purposes of enticing the called party to pick up the phone, after which they proceed to pitch the service they are offering. We encourage any customer receiving this type of call or any other suspicious call in which the caller claims to be a representative of OneWest to ask for the name of the caller and then contact our Call Center (at 1.877.741.9378) or use our branch locator to contact their local branch to report such activities.

If you receive a suspicious call from someone claiming to be OneWest Bank, please be vigilant and follow the guidelines below:

  1. Do NOT provide any personal information to these callers
  2. Contact OneWest Bank at 1.877.741.9378
  3. OneWest Bank has filed a complaint with Federal Communications Commission (FCC) reference #14-T01346568 and will add the information you provide to our complaint.
  4. Customers can also file a complaint with the FCC, directly. The FCC can be reached at 1-888-CALL-FCC (888-225-5322) or www.fcc.gov/complaints (you can reference OneWest’s complaint ID # within your complaint to the FCC).
expand +Heartbleed Bug

Your online security is always a priority to OneWest Bank.
Given the recent news of the Heartbleed bug, we want you to know what we're doing to protect your information.

First, what is the Heartbleed Bug?
The Heartbleed bug is a coding flaw that has potentially exposed information on some web sites, including user names and passwords.

The best thing to do...
This site is not vulnerable to Heartbleed. However, it’s a good idea to change your password regularly and turn on your Online Banking account alerts. Those, along with other online account tools, will add another layer of coverage to your account.

Why you can feel confident.
We're serious about security. Your online account with OneWest Bank is protected with a sophisticated information security program. Our multi-layered defense system consists of preventive, detective and response controls managed by a team dedicated to tracking threats such as the Heartbleed bug.

You can be confident we are vigilantly monitoring this situation.

expand +Fraudulent FDIC E-mails

Updated July 18, 2011

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent emails that have the appearance of being from the FDIC.

The emails appear to be sent from various "@fdic.gov" email addresses, such as "protection@fdic.gov," "admin@administration.fdic.gov," or "service@admin.fdic.gov." The messages have various subject lines that read: "Update for your banking account" or "ACH and Wire transfers disabled," and "Banking security update."

The fraudulent emails are addressed to "Dear clients" and state "Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored." The message concludes with, "Best regards, Online security department, Federal Deposit Insurance Corporation."

An example of a fraudulent FDIC e-mail can be seen below:

Fraudulent FDIC Emails

These emails and links are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the emails and should NOT, under any circumstances, provide any personal financial information through this media.

Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.

For more information about these fraudulent emails, click here to view the FDIC consumer alert website.

expand +Text (SMS) Scam

A recent text message (SMS) scam has been identified in the banking industry in which online banking customers receive fraudulent text messages claiming to be from their financial institution. OneWest Bank does not currently send text messages to its customers. If we begin to include mobile banking functionality in the future, you will be able to find information on this service by logging into your Online Banking account.

If you recently received the text message below on your mobile device, please delete it immediately and DO NOT call the telephone number or open any links. This message is an attempt to obtain your bank account number and was not sent by OneWest Bank.

Fraudulent Text Message:
Customer Issue, Bank of the West Service frozen, please call at 562-923-9916.

If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

Please include your name, e-mail address, telephone number and a detailed description.

expand +Phishing/Malware Email Scam

Don't be fooled by this e-mail scam!

If you recently received the e-mail below claiming to be from IndyMac, please delete it immediately and DO NOT click on any links. This e-mail was not sent from IndyMac Mortgage Services or OneWest Bank, and it is an attempt to steal your personal information.

Remember, we will never send you an e-mail with sensitive account information.

An example of the fraudulent e-mail is shown below to help you identify this and other scams.

Malware E-mail

If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

Please include your name, e-mail address, telephone number and a detailed description.

expand +E-mail Scam Alert

Don't be fooled by this e-mail scam!

You may have received a fraudulent e-mail claiming that your access to "Online Services" with OneWest Bank has been suspended. This e-mail is false and was NOT sent by OneWest Bank.

We have effectively prevented the scam from reaching further customers, but you may still be at risk if you already received it. If you received an e-mail with the subject line "Access Suspended" claiming to be from OneWest Bank, please DO NOT open it or click any of the links inside. Promptly delete the e-mail or mark it as "Spam."

Remember, we will never send you an e-mail with sensitive account information.

An example of the fraudulent e-mail is shown below to help you identify this and other scams.

OWB Scam Alert

If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

Please include your name, e-mail address, telephone number and a detailed description.

expand +Identity Theft

Identity theft consists of any situation in which you have unintentionally given your information in a phishing or other identity theft scam or your information has been used by an unauthorized party to conduct transactions, business or other enterprises under your name.

If you suspect that you may be a victim of identity theft, please contact the Federal Trade Commission immediately at http://www.consumer.ftc.gov/features/feature-0014-identity-theft or 1.877.IDTHEFT.

Additionally, please take the following actions immediately to prevent damage to your finances and/or credit:

  1. Report it to your financial institutions. Let them know what has occurred and ask them to place fraud alerts on all your accounts. Contact OneWest Bank immediately by using the Notify Us link.
  2. Contact one of the three major credit bureaus and discuss placing fraud alerts on your file. This will help to prevent identity thieves from opening new accounts in your name:
    • Equifax: 1.800.525.6285
    • Experian: 1.888.397.3742
    • TransUnion: 1.800.680.7289
  3. Review your statements regularly to make certain all charges are correct. If your statement is late in arriving, call your financial institutions to find out why.

We are committed to the security of your financial information. However, you must also take every step to ensure the safety and security of your accounts and transactions.

How can I prevent identity theft?

  • Do not leave your account information where others can see or have access to it. For example, do not write down your password.
  • Do not use easy-to-guess passwords such as birth dates, first names, pet names, addresses, phone numbers or Social Security numbers (after initial registration) that can be easily obtained. Do not use a password that contains part of your online user ID, e-mail address, or a version of the word "password."
  • Do not use single words that can be found in the dictionary in any language. Strong passwords contain upper case and lower case letters, digits AND punctuation marks.
  • Never reveal or share your account access information with another person, including your builder or contractor. OneWest Bank will never ask you to confirm or provide personal information in an e-mail. Should anyone attempt to obtain your personal information, or if you have responded to one of these fraudulent e-mails, immediately contact us by using the Notify Us link.
  • At the end of your session, be sure to properly sign off by selecting "sign out" or "log off," and close your browser window. This is especially important if you are using a computer in a public location, such as an Internet café or library. Do not leave your computer unattended while you are connected.
  • For further information and practical tips from the federal government, to help protect you from Internet fraud, secure your computer, and protect your personal information, please visit http://onguardonline.gov/ and http://www.fdic.gov/quicklinks/consumers.html.

OneWest Bank is dedicated to providing a safe, secure and protected environment in which to access your online accounts. Overall, online banking and e-commerce through OneWest are safe methods of managing your finances and mortgage, and you can trust that every transaction you make is protected. If you have questions or concerns regarding a specific contact from OneWest Bank, please let us know via our Notify Us link.

expand +Online Fraud

Online fraud occurs when someone poses as a legitimate company to obtain your personal and financial information in order to illegally conducts transactions on your existing accounts. Often called "phishing" or "spoofing," the most current methods of online fraud are fake e-mails, websites and/or pop-up windows.

OneWest Bank will never send an unsolicited request for personal information through e-mail or require customers to send personal information to us via e-mail or pop-up windows. Any unsolicited request for OneWest Bank account information you receive through e-mails, websites, or pop-up windows should be considered fraudulent and reported to us immediately via our Notify Us link.

Fake e-mails will often:

  • Ask you for personal information. Fake e-mails often contain an overly-generic greeting and may claim that your information has been compromised, that your account has been frozen, or ask you to confirm the authenticity of your transactions.
  • Appear to be from a legitimate source. While some e-mails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the "From" field, as this is easily altered.
  • Contain fraudulent job offers. Some fake e-mails appear to be from companies offering jobs. These are often work-at-home accounting positions which are actually schemes that victimize both the job applicant and other customers. Be sure to confirm that the job offer is from a known and trusted company.
  • Contain prizes or gift certificate offers. Some fake e-mails promise a prize or gift certificate in exchange for completing a survey or answering questions. In order to collect the alleged prize or gift certificate you may be directed to provide your personal information. Just like with job offers, be sure to confirm that prize or gift certificate is being issued from a known and trusted company.
  • Link to counterfeit websites. Fake e-mails may direct you to counterfeit websites carefully designed to look real, but which actually collect personal information for illegal use. Check the URL in your browser’s address bar to ensure you are visiting a legitimate website.
  • Link to real websites. In addition to links to counterfeit websites, some fake e-mails also include links to legitimate websites as supplements to fraudulent e-mails in order to make them appear real.
  • Contain fraudulent phone numbers. Fake e-mails often contain telephone numbers that are tied to the fraudsters. Never call a number featured on an e-mail you suspect is fraudulent, and be sure to cross-check any numbers you do call with companies you know and trust.
  • Contain real phone numbers. Some of the telephone numbers listed in fake e-mails may be legitimate, connecting to actual companies. Just like with links to legitimate websites (above), fraudsters include real phone numbers in an effort to make the e-mail appear legitimate.

Example of a fake email:

Fake E-mail

Trojan horses

These fake e-mails may also contain a virus known as a "Trojan horse" that can record your keystrokes. The virus may live in an attachment or be accessed via a link in the e-mail.

Again, OneWest Bank customers should keep in mind that we do not request personal information via e-mail or send e-mail attachments. Never respond to e-mails, open attachments, or click on links from suspicious or unknown senders.

If you're not sure if an OneWest Bank e-mail is legitimate, report it to us via our Notify Us link without replying to the e-mail you received.

How is my e-mail address obtained by online fraudsters?

E-mail addresses can be obtained from publicly-available sources or through randomly-generated lists. Therefore, if you receive a fake e-mail that appears to be from OneWest Bank, this does not mean that your e-mail address, name or any other information has been taken from OneWest Bank's systems.

Counterfeit websites

Online thieves often direct you to fraudulent websites via e-mail and pop-up windows and try to collect your personal information. In many cases there is no easy way to determine that you are on a phony website because the URL will contain the name of the institution it is spoofing. However, if you type (or cut and paste) the URL into a new web browser window and it does not take you to a legitimate website, or you get an error message, it was probably counterfeit website.

Another way to detect a phony website is to consider how you arrived there. Generally, you were directed by a link in a fake e-mail requesting your account information. Again, OneWest Bank will not request personal information from customers via e-mail. Any unsolicited request should be considered fraudulent and reported immediately via our Notify Us link.

How can I prevent online fraud?

With a few simple steps, you can help protect your OneWest Bank accounts and personal information from fake e-mails and websites:

  • Delete suspicious e-mails without opening them. If you do open a suspicious e-mail, do not open any attachments or click on any links it may contain.
  • Never provide sensitive account or personal information in response to an e-mail. If you have entered personal information, notify OneWest Bank immediately via our Notify Us link.

Avoiding malware:

  • Keep a “clean” machine: Set your security software, Internet browser, and operating system (like Windows or Mac operating systems) to update automatically. Ensure your Internet browser setting is set to detect unauthorized downloads.
  • Instead of clicking on a link in an e-mail, type the URL of the site you want directly into your Internet browser. Criminals send e-mails that may appear to be from known, trusted sources, but clicking them could download malware or send you to a spoofed site designed to steal your personal information.
  • Don’t open e-mail attachments unless you can confirm the sender and the content of the attachment.
  • Download and install software only from websites you know and trust.
  • StaySafeOnline.org and OnGuardOnline.gov contain user-friendly information on commonly used, free security software as well as safe computing best practices.

Detecting and removing malware:

  • Update your security software, and then run it to scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.
  • If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem.
  • Many companies – including some affiliated with retail stores – offer tech support on the phone, online, at their store, and in your home. Decide which is most convenient for you. Telephone and online help generally are the least expensive, but you may have to do some of the work yourself. Taking your computer to a store usually is less expensive than hiring a repair person to come into your home.
  • Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do differently to avoid it in the future.
expand +Phishing Schemes

Updated January 15, 2009

The Federal Deposit Insurance Corporation (FDIC) is warning consumers, businesses and financial institutions to be aware of fraudulent e-mails allegedly from the Federal Reserve Bank. The fraudulent e-mails claim that a phishing attack has affected the Fedwire system and that restrictions are in place. The e-mails further instruct recipients to click on links within the e-mail for additional information.

The fraudulent e-mails have included various spoofed names and addresses in the "From:" line of the messages, including "Bank System Administration," "System Administration" and "Federal Reserve Bank." The e-mails contain the following message verbatim:

Phishing Federal Reserve Scam

The message contains links to two Web pages that attempt to load malicious Trojan horse programs onto end users' computers.

Please review these helpful guidelines of what to do when you’ve received or click links within unsolicited emails:

  • If an end user received the e-mail and clicked on any of the links, fully scan the computer using updated anti-virus software. If malicious code is detected on the computer, consult with a computer security or anti-virus specialist to remove the malicious code or re-install a clean image of the computer system.
  • Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from apparent federal banking agencies. Instead, bookmark or type the agency's Web address.
  • Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed.
  • Do not open unsolicited or unexpected e-mail attachments because of the risk of malicious code or software in the attachments. Instead, call the agency using a known and appropriate telephone number to verify the legitimacy of the message and attached file.
  • Be alert to different variations of the fraudulent e-mails.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-4004, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at https://www2.fdic.gov/starsmail/index.asp.

expand +Lottery Scams

Lottery Scam

A newly-discovered scam known as the "Lottery Scam" is not committed online or by e-mail, but by regular mail. Victims of lottery scams receive a letter declaring the recipient the winner of a lottery or sweepstake (usually British or Canadian). The letter refers to an enclosed check for a small portion of the winnings which is to cover tax, fees, and/or insurance. The recipient is instructed to contact the sender to negotiate the balance of their winnings, at which time personal information is requested to "verify" the recipient's identification. The enclosed check is not valid, and the request for identification information is an attempt at identity theft.

How can I protect myself from lottery scams?

Never provide sensitive account or personal information in response to such a letter. If you have already provided personal information, please contact your local law enforcement agency immediately. If you receive a similar letter and you are unsure about its validity, either contact law enforcement or the bank that issued the enclosed check.

expand +Loan Audit Scams

Forensic Mortgage Loan Audit Scam

Similar to foreclosure rescue scams, forensic mortgage loan audit scams charge several hundred dollars to review distressed homeowners' loans to see if they may be able to use the audit report to avoid foreclosure, accelerate the loan modification process or even cancel the loan—none of which ever occur.

Forensic mortgage loan audit scams will often:

  • Guarantee to stop foreclosure on your home.
  • Advise you to cease contact with your lender, lawyer or credit or housing counselor.
  • Charge a fee before providing any services, accepts payment only by cashier’s check or wire transfer.
  • Encourage you to lease your home so you can buy it back at a later date.
  • Recommend that you make your mortgage payments directly to it, rather than your lender.
  • Urge you to transfer your property deed or title to it.
  • Offer to buy your house for cash at a fixed price that is inappropriate for the housing market.
  • Pressure you to sign papers you haven’t had a chance to read thoroughly or that you don’t understand.

How can I protect myself from forensic mortgage loan audit scams?

Never provide sensitive account or personal information to any company or individual that seems suspicious or displays one of the above warning signs. If you suspect you've encountered a forensic mortgage loan audit scam, please contact your local law enforcement agency immediately and visit the Federal Trade Commission website for information on how to report the illegal activity at www.ftc.gov.

To notify us of online fraud, identity theft or a lottery scam, please call 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

Please include your name, e-mail address, telephone number and a detailed description.

Continue