Privacy & Security

Footer Page

At OneWest Bank we're committed to securing your personal information.

expand +Privacy Policy (Effective 6/30/2016)

Last updated: June 2016

Introduction

CIT Bank, N.A. and its affiliates (collectively "CIT," "we," "us," or "our") respect your privacy and are committed to treating and using personal information (as defined below) about you responsibly.

This Online Privacy Policy ("Policy") explains CIT's online practices to collect, use, and share personal information from or about you except as otherwise provided in this Policy. This Policy applies both to any CIT site and/or mobile application that links to this Policy (such sites and/or mobile applications, and all activities thereon, constituting "the Services"). This Policy applies regardless of what computer or device ("computer") you use to access the Services.

Throughout this Policy, we refer to nonpublic personal information that can directly and without additional information identify you or your accounts as "personal information." "Personal information" includes information such as your name, address, email address, or phone number, and other information that is not otherwise publicly available (such as your date of birth, Social Security number, and financial information). Please read this Policy carefully. When you visit this site, you consent to the terms of this Policy and the information described herein.

Any dispute related to this Policy will be governed by our Terms of Use.

Back to top

Personal information we collect

We collect personal information from and about you in order to identify you as our customer, establish and manage customer accounts (including collection activity), complete customer transactions, and understand our customers and their needs. We also collect this information to improve how we market products and services, learn about our markets and design, and improve our products and services. Furthermore, the collection of this information helps us to comply with legal and regulatory requirements, and protect the rights, property, or safety of CIT, its employees, customers, visitors to the Services, and others.

We may also collect personal information from you if you:

(1) apply for employment through the Services (which may include your name, address, references, and employment history);

(2) use the Services to check the status of your accounts (such as your name, account number, and login password); and

(3) send us an email to inquire about your account or to request information (such as your name, email address, and any other personal information you supply in your message).

Back to top

How we use the personal information we collect

We may use the personal information that you provide to us as follows:

(1) if you apply for a job, to consider you for the position and to contact references (please note that your references may be contacted without prior notice to you); or

(2) if you apply for credit, to assess your creditworthiness, including retrieving credit reports, and to approve or reject your application; or

(3) to respond to inquiries you may have about your account and other related matters; or

(4) if you send us an email for information, to reply to your request.

Back to top

How we may share personal information you provide to us

CIT may share your personal information under the following circumstances:

Affiliates: We may share your name, address, and information about your transactions and experiences with us (such as your payment history or other facts about your account) with our affiliates.

Agents and service providers: To establish, administer, and manage our customers' accounts, evaluate credit, provide customer service and benefits, process account transactions and account statements, engage in collections activities, or process job applications, we may disclose your personal information to companies that work with us to perform services or business operations on our behalf. We may also share your personal information with companies that perform marketing services on our behalf, or with other financial institutions (including insurance companies) with whom we have joint marketing agreements.

Nonaffiliated third parties: In certain instances, we are permitted or even required to disclose your personal information to nonaffiliated third parties. For example, reporting your transaction history and information with us to credit reporting agencies, responding to regulators or auditors, to protect against fraud, or to provide information in connection with proposed or actual business transactions involving CIT companies or accounts. We may also disclose your personal information to third parties when legally compelled to do so, such as to comply with the law, to enforce our terms of use, or to protect the rights, property, or safety of CIT, its employees, customers, visitors to these Services, and others. Please be aware that these disclosures are permitted by law without your consent.

Other third parties: We may also share, as permitted by law, your personal information with other third parties with whom we do not have joint marketing agreements, such as other financial services providers and insurance companies, or with nonfinancial companies, such as service organizations, retailers, travel services and direct marketers. We require these companies to adhere to CIT's confidentiality standards with respect to your personal information.

USA Patriot Act Section 326 compliance: When you open an account with us, we will ask for your name, address, and other identifying documents such as your driver's license, that will allow us to identify you. We do this to help the government fight the funding of terrorism and money laundering activities. U.S. federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.

Business transfers: As we develop our business, we may sell or buy businesses or assets, or be involved in mergers or other corporate reorganization. In transactions such as these, your personal information may be shared in connection with any of the foregoing types of transactions, even prior to the existence of a final, binding agreement to buy, sell, merge, or reorganize.

Back to top

How we protect the confidentiality and security of your personal information

CIT uses reasonable measures to protect personal information from unauthorized access, deletion, or alteration. In addition, we have physical, electronic, and procedural safeguards to protect your personal information. As part of our security practices, CIT does not send requests for personal information to our customers. Any personal information you request CIT to send you via email, such as your account balance, is encrypted. However, standard email communications are not. Therefore, you should not transmit your personal information to us through email. Please note that no company can guarantee perfect online security, and please remain careful and vigilant in your online activities.

Back to top

Children

CIT operates general audience online Services that are accessible to the public. These Services are not intended for visitors under 16 years of age. We do not knowingly market our products or services to children, nor do we knowingly collect personal information from children.

Back to top

Information we automatically collect (not personal information)

When you visit or browse our Services, we and our advertising, marketing, or service partners may collect information such as your Internet Protocol or "IP" address and the "URL" of the web pages you visit, and may use "cookies," web beacons, or other objects to collect statistical and other information about your use of our Services. The purpose of collecting this information is to improve the effectiveness of our Services and to conduct targeted advertising or marketing. The collected information may include, for example, information about your computer, its unique identifiers, and its configuration, the web pages you visited or mobile applications used; the date and time of your visit; the websites you visited immediately before and after visiting our website; your language preference; demographic and/or location-based information; and the popularity of various advertising words and phrases used by us. The collection of this information allows for the compilation of aggregate and anonymous information about the usage of our Services, and can help us improve your use of our Services, by, for example, providing quick login, streamlining site navigation, and maintaining up-to-date content for all users. Should you configure your browser to reject cookies, you may disable some of our Service's features.

Back to top

Do-not-track signals

We currently do not employ technology that recognizes "do-not-track" signals from your browser. As stated above, we engage third parties, such as advertising, marketing, service, or analytics partners, who may collect information about your online activities over time and across different websites when you use our Sites.

Back to top

Changes to this Policy, and contact information

CIT may update this Policy from time to time. CIT may notify you of an update to this Policy by any reasonable means, including by email, online account notification, mobile application pop-up, or regular mail. You agree that if you choose to continue to use the Services after CIT sends you such an email, online account notification, mobile application pop-up, or regular mail (allowing one week from the sent date for delivery of regular mail), you are bound to the most recent version of the Policy. You should periodically check the effective date at the top of this Policy to be sure that you are aware of the most recent version of this Policy and the important information described in it.

Back to top

If you have questions about this Online Privacy Policy, please email us at privacy.questions@cit.com.

Back to top

expand +Notify Us about Online Security Issues

If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m. – 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

Please include your name, e-mail address, telephone number and a detailed description.

expand +How to Add OneWest Bank to your Safe Sender Email List

An increasing number of e-mail clients (Outlook, AOL, Hotmail, etc.) are including spam blockers that can affect the delivery and display of some e-mail messages. This means that sometimes those desired e-mail communications might not reach you, or they might be displayed without images.

To ensure that you continue receiving your e-mail or subscriptions and that they display properly, we recommend adding the email address or domain to your list of safe senders. Here are some instructions to help you do that:

Outlook Express

Go to "Actions" on your e-mail menu bar. Select "Junk E-mail" from your pull down menu. Select "Add Sender to Safe Senders List."
OR
Right-click in the message and select "Junk E-mail", then select "Add the Sender to Safe Senders List".
OR
Go to Tools on the menu bar. Select "Options" in the pull-down menu. Under "Preferences", select "Junk E-mail". Then click on the "Safe Sender" tab. Click the "Add" button. Type the email address of the sender in the text box.

Outlook 2003 or Outlook 2007

Go to "Actions" on your e-mail menu bar. Select "Junk E-mail" from your pull-down menu. Select "Add Sender to Safe Senders List."
OR
Right-click in the message and select "Junk E-mail", then select "Add the Sender to Safe Senders List".
OR
Go to Tools on the menu bar. Select "Options" in the pull-down menu. Under "Preferences", select "Junk E-mail". Then click on the "Safe Sender" tab. Click the "Add" button. Type the email address of the sender in the text box.

Outlook.com (Formerly MSN Hotmail)

  1. Click on the Gear icon next your username
  2. Select Options
  3. Select Safe and Blocked Senders
  4. Select Safe Sender
  5. Add email or domain to mark as safe

Gmail

  1. Open the e-mail
  2. Click "More Options" in the e-mail header.
  3. Click "Add Sender to Contact List"
  4. The email address will be entered into your Gmail contacts list.

AOL Mail

  1. Open the email.
  2. Hover over the From address to give a small dropdown. Select "Add contact"

Yahoo! Mail

Use the "Not Spam" button to report messages you want in your Inbox that were delivered to your Bulk folder.

Earthlink

If you have the e-newsletter e-mail address in your Address Book, Earthlink will not block it.

Go to your Address Book, click the "Add" button. You only need to enter the e-mail address under Internet Information.

Apple Mail

  1. Add the email address to your address book.
  2. In Training mode, emails will arrive in the INBOX highlighted in brown. In Automatic mode, junk emails will arrive in the Junk box. To add an email that arrived in the JUNK folder, highlight the email message.
  3. Choose Message > Mark > As Not Junk Mail

OneWest Bank is committed to safeguarding your personal information. Click the links below to understand how we may collect and use your information.

expand +Privacy Notice for Consumers
Effective 08/2015

FACTSWHAT DOES CIT Group Inc. (“CIT”) DO WITH YOUR PERSONAL INFORMATION?
Why?Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What? The types of personal information we collect and share depends on the product or service you have with us. This information can include:
  • Social Security number and income
  • Account balances and payment history
  • Credit history and credit scores
  • Transaction or loss history
  • Overdraft History
When you are no longer our customer, we continue to share your information as described in this notice.
How?All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons CIT chooses to share; and whether you can limit this sharing.

Reasons we can share your personal informationDoes CIT share?Can you limit this sharing?
For our everyday business purposes - such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureausYesNo
For our marketing purposes - to offer our products and services to youYesNo
For joint marketing with other financial companiesNoWe don't share
For our affiliates' everyday business purposes- information about your transactions and experiencesYesNo
For our affiliates' everyday business purposes- information about your creditworthinessNoWe don't share
For non-affiliates to market to youNoWe don't share
Questions?For CIT Bank, N.A. call: 1.855.462.2652
For OneWest Bank, a division of CIT Bank, N.A. call: 1.888.846.3433
For OneWest Bank Mortgage Servicing, a division of CIT Bank, N.A. call: 1.800.781.7399
For Financial Freedom, a division of CIT Bank, N.A. call: 1.800.441.4428

Who we are
Who is providing this notice?CIT Group Inc.’s subsidiaries that own or service consumer products, including CIT Bank, N.A. and its divisions OneWest Bank, OneWest Bank Mortgage Servicing, and Financial Freedom.

What we do
How does CIT protect my personal information?To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does CIT collect my personal information? We collect your personal information, for example, when you:
  • Open an account or make deposits
  • Pay your bills or apply for a loan
  • Provide account information
  • Use your debit or credit card
  • Enter into an investment advisory contract

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.

Why can't I limit all sharing? Federal law gives you the right to limit only:
  • Sharing for affiliates' everyday business purposes - information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.


Definitions
Affiliates Companies related by common ownership or control which includes IndyMac Venture, LLC.
Nonaffiliates Companies not related by common ownership or control. They can be financial and non-financial companies.
  • We do not share with nonaffiliates so they can market to you.
Joint marketingA formal agreement between nonaffiliated financial companies that together market financial products or services to you.
  • We do not have joint marketing partners.

Other important information

For California Residents: In accordance with California law, we will not share nonpublic personal information about you with our affiliates or any nonaffiliated third party, other than permitted by law, unless we receive your consent.

Vermont Residents: In accordance with Vermont law, we will not share nonpublic personal financial information about you with our affiliates or any nonaffiliated third party, other than permitted by law, unless we receive your consent.

Nevada Residents:
Nevada law requires that we provide you with the following contact information regarding "do-not-call" lists: (a) Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Telephone 702.486.3132; email: BCPINFO@ag.state.nv.us; and (b) If you wish to be placed on our internal "do-not-call" list contact CIT Bank, N.A., P.O. Box 7211, Pasadena, CA 91109-7311; Telephone: 800.669.2300; email: PrivacyEmail@owb.com

Additional Information: This privacy notice applies to individuals only and does not apply to business entities or business transactions. It is effective upon publication. We reserve the right to make changes to this notice. You may review our policy and practices with respect to your personal information at www.cit.com/utility/privacy-policy or we will mail you a free copy of the notice upon request. This notice is for general guidance and does not constitute a contract nor does it modify or amend any agreement we have with you.

expand +Customer ID Notice
The USA PATRIOT Act, a federal law, requires all financial institutions to obtain sufficient information to verify your identity when creating a new banking relationship. You may be asked several questions including your name, address, date of birth, Social Security number or other government-issued identification number, and to provide one or more forms of identification to fulfill this requirement. In some instances, we require other identifying documents and/or use a third party information provider for verification purposes. Our established Privacy Policy helps protect your personal information

At OneWest Bank, we are committed to the security of your financial information. However, you must also take every step to ensure the safety and privacy of your information. In order to help educate you on identity theft, online fraud and lottery scams on all fronts, we've detailed the major threats on the Internet today, as well ways to take action to both prevent and manage these issues if they occur.

expand +Phishing Website Scam

Be aware of Phishing Website Scams

OneWest Bank has created this webpage to inform and warn consumers about a type of fraud called "phishing." The term "phishing" - as in fishing for confidential information - refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information. This is how it works:

  • A consumer receives an e-mail that appears to originate from a financial institution, government agency, or other well-known/reputable entity.
  • The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
  • The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.
  • Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
  • When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.

Recently, criminals have been using the OneWest Bank's name and reputation to perpetrate various "phishing" schemes. It is important to note that OneWest Bank will never ask for personal or confidential information in this manner. One “phishing” scheme was perpetrated using the following domain name: www.onewstbk.com

Please do not attempt to transact any business or submit any personal information through the above web site.

Any genuine OneWest Bank communication will only utilize links to the official OneWest web page located at www.onewestbank.com Any genuine link will commence with that URL as in the example below:

Phishing Website Scam

If you click on a link that takes you to a website whose address begins with something else, or which includes apparent abbreviations of our bank name, it’s not a genuine OneWest Bank site – even if it looks familiar. You should refrain from using any links or information found at such fraudulent sites.

If you suspect an e-mail or Web site is fraudulent, please report this information to OneWest Bank, using this number 1.877.741.9378. If you suspect that you have been a victim of identity theft, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you see unauthorized charges on your credit card, immediately contact OneWest Bank and, if necessary, close existing accounts and open new ones. Also contact the police and request a copy of any police report or case number for later reference. In addition, call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.

expand +Bash Shellshock Bug

Your online security is always a priority to OneWest Bank.
Given the recent news of the Bash "Shellshock" bug, we want you to know what we're doing to protect your information.

First, what is the Bash Shellshock Bug?
The Shellshock bug refers to a coding flaw housed in utility program called "Bash," which affects computers and websites running operating systems such as Mac OS and Linux. Bash enables computer programs to connect, and one of its chief uses is in connecting web server software to underlying operating systems. It also enables individual computers to execute commands like "run my Web browser" and "open this application," etc. Generically, programs like Bash are called "shells," and that's how the bug was given its name.

Bash has been in use all over the world for well over 20 years, but in September 2014, it was discovered that modifications to the code in the early 1990s inadvertently created a flaw that allows malicious code execution to take over an operating system and access confidential information. As a result, lots of companies with an internet presence are potentially at risk from the Shellshock bug. Certain personal computers may also be at risk.

What is OneWest Bank doing about it?
OneWest is using both automated and manual protocols to detect Bash vulnerabilities in our own systems and swiftly deploy the appropriate patches. We are also working with our vendors to detect and eliminate vulnerabilities.

What should I do?
There are two things you can do to protect yourself, and they are not new:

First, the best way to limit your exposure to computer bugs that target internet-based activity is to have different passwords for different websites, and to make those passwords appropriately complex, using upper- and lower-case letters, numbers and if allowed, symbols. Change your passwords periodically.

Second, it's always wise to watch for and promptly implement operating system updates or patches designed to enhance security. Bash is used in personal computers running the Mac operating system, though Apple has explained that OS X is safe for all but those running advanced Unix services. A patch is coming for those users, according to Apple. Bash is not native to Windows-based computers, but there is a window-based version in use on some machines, that is reportedly vulnerable. So stay up to date on security patches for your machine(s)!

Why you can feel confident.
We're serious about security. Your online account with OneWest Bank is protected with a sophisticated information security program. Our multi-layered defense system consists of preventive, detective and response controls managed by a team dedicated to tracking threats such as the Shellshock bug.

We are vigilantly monitoring this situation and will take additional steps, as needed, to guard against the Shellshock bug and safeguard your information.

expand +Voice Phishing Phone Call Scam

Calls Claiming to Come from OneWest Bank’s Security Department:

Recently, some of our customers have received telephone calls featuring a recorded message that claims to be from OneWest Bank’s Security Department. The recorded message asks the called party to enter their debit card number. These calls are not from OneWest Bank. The imposters placing these calls are engaging in a practice known as "vishing" or "voice phishing," through which they attempt to obtain a called party’s debit or credit card and security information.

Do not become a victim! If you receive a call like the one described above, or any other suspicious phone call inquiring about your account(s) with OneWest, do not provide your card number(s) or security information. If you have any questions, please contact our Customer Call Center (at 1.877.741.9378) or use our branch locator to contact your local branch to report such activities.

expand +Caller ID Spoofing

We are aware that there are companies engaging in telemarketing activities that will spoof (or manipulate) the caller ID to make it appear that the call is coming from OneWest Bank. These companies are performing this illegal activity for purposes of enticing the called party to pick up the phone, after which they proceed to pitch the service they are offering. We encourage any customer receiving this type of call or any other suspicious call in which the caller claims to be a representative of OneWest to ask for the name of the caller and then contact our Call Center (at 1.877.741.9378) or use our branch locator to contact their local branch to report such activities.

If you receive a suspicious call from someone claiming to be OneWest Bank, please be vigilant and follow the guidelines below:

  1. Do NOT provide any personal information to these callers
  2. Contact OneWest Bank at 1.877.741.9378
  3. OneWest Bank has filed a complaint with Federal Communications Commission (FCC) reference #14-T01346568 and will add the information you provide to our complaint.
  4. Customers can also file a complaint with the FCC, directly. The FCC can be reached at 1-888-CALL-FCC (888-225-5322) or www.fcc.gov/complaints (you can reference OneWest’s complaint ID # within your complaint to the FCC).
expand +Heartbleed Bug

Your online security is always a priority to OneWest Bank.
Given the recent news of the Heartbleed bug, we want you to know what we're doing to protect your information.

First, what is the Heartbleed Bug?
The Heartbleed bug is a coding flaw that has potentially exposed information on some web sites, including user names and passwords.

The best thing to do...
This site is not vulnerable to Heartbleed. However, it’s a good idea to change your password regularly and turn on your Online Banking account alerts. Those, along with other online account tools, will add another layer of coverage to your account.

Why you can feel confident.
We're serious about security. Your online account with OneWest Bank is protected with a sophisticated information security program. Our multi-layered defense system consists of preventive, detective and response controls managed by a team dedicated to tracking threats such as the Heartbleed bug.

You can be confident we are vigilantly monitoring this situation.

expand +Fraudulent FDIC E-mails

Updated July 18, 2011

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent emails that have the appearance of being from the FDIC.

The emails appear to be sent from various "@fdic.gov" email addresses, such as "protection@fdic.gov," "admin@administration.fdic.gov," or "service@admin.fdic.gov." The messages have various subject lines that read: "Update for your banking account" or "ACH and Wire transfers disabled," and "Banking security update."

The fraudulent emails are addressed to "Dear clients" and state "Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored." The message concludes with, "Best regards, Online security department, Federal Deposit Insurance Corporation."

An example of a fraudulent FDIC e-mail can be seen below:

Fraudulent FDIC Emails

These emails and links are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the emails and should NOT, under any circumstances, provide any personal financial information through this media.

Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.

For more information about these fraudulent emails, click here to view the FDIC consumer alert website.

expand +Text (SMS) Scam

A recent text message (SMS) scam has been identified in the banking industry in which online banking customers receive fraudulent text messages claiming to be from their financial institution. OneWest Bank does not currently send text messages to its customers. If we begin to include mobile banking functionality in the future, you will be able to find information on this service by logging into your Online Banking account.

If you recently received the text message below on your mobile device, please delete it immediately and DO NOT call the telephone number or open any links. This message is an attempt to obtain your bank account number and was not sent by OneWest Bank.

Fraudulent Text Message:
Customer Issue, Bank of the West Service frozen, please call at 562-923-9916.

If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

Please include your name, e-mail address, telephone number and a detailed description.

expand +Phishing/Malware Email Scam

Don't be fooled by this e-mail scam!

If you recently received the e-mail below claiming to be from IndyMac, please delete it immediately and DO NOT click on any links. This e-mail was not sent from IndyMac Mortgage Services or OneWest Bank, and it is an attempt to steal your personal information.

Remember, we will never send you an e-mail with sensitive account information.

An example of the fraudulent e-mail is shown below to help you identify this and other scams.

Malware E-mail

If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

Please include your name, e-mail address, telephone number and a detailed description.

expand +E-mail Scam Alert

Don't be fooled by this e-mail scam!

You may have received a fraudulent e-mail claiming that your access to "Online Services" with OneWest Bank has been suspended. This e-mail is false and was NOT sent by OneWest Bank.

We have effectively prevented the scam from reaching further customers, but you may still be at risk if you already received it. If you received an e-mail with the subject line "Access Suspended" claiming to be from OneWest Bank, please DO NOT open it or click any of the links inside. Promptly delete the e-mail or mark it as "Spam."

Remember, we will never send you an e-mail with sensitive account information.

An example of the fraudulent e-mail is shown below to help you identify this and other scams.

OWB Scam Alert

If you believe that you've been the victim of online fraud, identity theft or a lottery scam, please notify us by either calling 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

Please include your name, e-mail address, telephone number and a detailed description.

expand +Identity Theft

Identity theft consists of any situation in which you have unintentionally given your information in a phishing or other identity theft scam or your information has been used by an unauthorized party to conduct transactions, business or other enterprises under your name.

If you suspect that you may be a victim of identity theft, please contact the Federal Trade Commission immediately at http://www.consumer.ftc.gov/features/feature-0014-identity-theft or 1.877.IDTHEFT.

Additionally, please take the following actions immediately to prevent damage to your finances and/or credit:

  1. Report it to your financial institutions. Let them know what has occurred and ask them to place fraud alerts on all your accounts. Contact OneWest Bank immediately by using the Notify Us link.
  2. Contact one of the three major credit bureaus and discuss placing fraud alerts on your file. This will help to prevent identity thieves from opening new accounts in your name:
    • Equifax: 1.800.525.6285
    • Experian: 1.888.397.3742
    • TransUnion: 1.800.680.7289
  3. Review your statements regularly to make certain all charges are correct. If your statement is late in arriving, call your financial institutions to find out why.

We are committed to the security of your financial information. However, you must also take every step to ensure the safety and security of your accounts and transactions.

How can I prevent identity theft?

  • Do not leave your account information where others can see or have access to it. For example, do not write down your password.
  • Do not use easy-to-guess passwords such as birth dates, first names, pet names, addresses, phone numbers or Social Security numbers (after initial registration) that can be easily obtained. Do not use a password that contains part of your online user ID, e-mail address, or a version of the word "password."
  • Do not use single words that can be found in the dictionary in any language. Strong passwords contain upper case and lower case letters, digits AND punctuation marks.
  • Never reveal or share your account access information with another person, including your builder or contractor. OneWest Bank will never ask you to confirm or provide personal information in an e-mail. Should anyone attempt to obtain your personal information, or if you have responded to one of these fraudulent e-mails, immediately contact us by using the Notify Us link.
  • At the end of your session, be sure to properly sign off by selecting "sign out" or "log off," and close your browser window. This is especially important if you are using a computer in a public location, such as an Internet café or library. Do not leave your computer unattended while you are connected.
  • For further information and practical tips from the federal government, to help protect you from Internet fraud, secure your computer, and protect your personal information, please visit http://onguardonline.gov/ and http://www.fdic.gov/quicklinks/consumers.html.

OneWest Bank is dedicated to providing a safe, secure and protected environment in which to access your online accounts. Overall, online banking and e-commerce through OneWest are safe methods of managing your finances and mortgage, and you can trust that every transaction you make is protected. If you have questions or concerns regarding a specific contact from OneWest Bank, please let us know via our Notify Us link.

expand +Online Fraud

Online fraud occurs when someone poses as a legitimate company to obtain your personal and financial information in order to illegally conducts transactions on your existing accounts. Often called "phishing" or "spoofing," the most current methods of online fraud are fake e-mails, websites and/or pop-up windows.

OneWest Bank will never send an unsolicited request for personal information through e-mail or require customers to send personal information to us via e-mail or pop-up windows. Any unsolicited request for OneWest Bank account information you receive through e-mails, websites, or pop-up windows should be considered fraudulent and reported to us immediately via our Notify Us link.

Fake e-mails will often:

  • Ask you for personal information. Fake e-mails often contain an overly-generic greeting and may claim that your information has been compromised, that your account has been frozen, or ask you to confirm the authenticity of your transactions.
  • Appear to be from a legitimate source. While some e-mails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the "From" field, as this is easily altered.
  • Contain fraudulent job offers. Some fake e-mails appear to be from companies offering jobs. These are often work-at-home accounting positions which are actually schemes that victimize both the job applicant and other customers. Be sure to confirm that the job offer is from a known and trusted company.
  • Contain prizes or gift certificate offers. Some fake e-mails promise a prize or gift certificate in exchange for completing a survey or answering questions. In order to collect the alleged prize or gift certificate you may be directed to provide your personal information. Just like with job offers, be sure to confirm that prize or gift certificate is being issued from a known and trusted company.
  • Link to counterfeit websites. Fake e-mails may direct you to counterfeit websites carefully designed to look real, but which actually collect personal information for illegal use. Check the URL in your browser’s address bar to ensure you are visiting a legitimate website.
  • Link to real websites. In addition to links to counterfeit websites, some fake e-mails also include links to legitimate websites as supplements to fraudulent e-mails in order to make them appear real.
  • Contain fraudulent phone numbers. Fake e-mails often contain telephone numbers that are tied to the fraudsters. Never call a number featured on an e-mail you suspect is fraudulent, and be sure to cross-check any numbers you do call with companies you know and trust.
  • Contain real phone numbers. Some of the telephone numbers listed in fake e-mails may be legitimate, connecting to actual companies. Just like with links to legitimate websites (above), fraudsters include real phone numbers in an effort to make the e-mail appear legitimate.

Example of a fake email:

Fake E-mail

Trojan horses

These fake e-mails may also contain a virus known as a "Trojan horse" that can record your keystrokes. The virus may live in an attachment or be accessed via a link in the e-mail.

Again, OneWest Bank customers should keep in mind that we do not request personal information via e-mail or send e-mail attachments. Never respond to e-mails, open attachments, or click on links from suspicious or unknown senders.

If you're not sure if an OneWest Bank e-mail is legitimate, report it to us via our Notify Us link without replying to the e-mail you received.

How is my e-mail address obtained by online fraudsters?

E-mail addresses can be obtained from publicly-available sources or through randomly-generated lists. Therefore, if you receive a fake e-mail that appears to be from OneWest Bank, this does not mean that your e-mail address, name or any other information has been taken from OneWest Bank's systems.

Counterfeit websites

Online thieves often direct you to fraudulent websites via e-mail and pop-up windows and try to collect your personal information. In many cases there is no easy way to determine that you are on a phony website because the URL will contain the name of the institution it is spoofing. However, if you type (or cut and paste) the URL into a new web browser window and it does not take you to a legitimate website, or you get an error message, it was probably counterfeit website.

Another way to detect a phony website is to consider how you arrived there. Generally, you were directed by a link in a fake e-mail requesting your account information. Again, OneWest Bank will not request personal information from customers via e-mail. Any unsolicited request should be considered fraudulent and reported immediately via our Notify Us link.

How can I prevent online fraud?

With a few simple steps, you can help protect your OneWest Bank accounts and personal information from fake e-mails and websites:

  • Delete suspicious e-mails without opening them. If you do open a suspicious e-mail, do not open any attachments or click on any links it may contain.
  • Never provide sensitive account or personal information in response to an e-mail. If you have entered personal information, notify OneWest Bank immediately via our Notify Us link.

Avoiding malware:

  • Keep a “clean” machine: Set your security software, Internet browser, and operating system (like Windows or Mac operating systems) to update automatically. Ensure your Internet browser setting is set to detect unauthorized downloads.
  • Instead of clicking on a link in an e-mail, type the URL of the site you want directly into your Internet browser. Criminals send e-mails that may appear to be from known, trusted sources, but clicking them could download malware or send you to a spoofed site designed to steal your personal information.
  • Don’t open e-mail attachments unless you can confirm the sender and the content of the attachment.
  • Download and install software only from websites you know and trust.
  • StaySafeOnline.org and OnGuardOnline.gov contain user-friendly information on commonly used, free security software as well as safe computing best practices.

Detecting and removing malware:

  • Update your security software, and then run it to scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.
  • If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem.
  • Many companies – including some affiliated with retail stores – offer tech support on the phone, online, at their store, and in your home. Decide which is most convenient for you. Telephone and online help generally are the least expensive, but you may have to do some of the work yourself. Taking your computer to a store usually is less expensive than hiring a repair person to come into your home.
  • Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do differently to avoid it in the future.
expand +Phishing Schemes

Updated January 15, 2009

The Federal Deposit Insurance Corporation (FDIC) is warning consumers, businesses and financial institutions to be aware of fraudulent e-mails allegedly from the Federal Reserve Bank. The fraudulent e-mails claim that a phishing attack has affected the Fedwire system and that restrictions are in place. The e-mails further instruct recipients to click on links within the e-mail for additional information.

The fraudulent e-mails have included various spoofed names and addresses in the "From:" line of the messages, including "Bank System Administration," "System Administration" and "Federal Reserve Bank." The e-mails contain the following message verbatim:

Phishing Federal Reserve Scam

The message contains links to two Web pages that attempt to load malicious Trojan horse programs onto end users' computers.

Please review these helpful guidelines of what to do when you’ve received or click links within unsolicited emails:

  • If an end user received the e-mail and clicked on any of the links, fully scan the computer using updated anti-virus software. If malicious code is detected on the computer, consult with a computer security or anti-virus specialist to remove the malicious code or re-install a clean image of the computer system.
  • Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from apparent federal banking agencies. Instead, bookmark or type the agency's Web address.
  • Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed.
  • Do not open unsolicited or unexpected e-mail attachments because of the risk of malicious code or software in the attachments. Instead, call the agency using a known and appropriate telephone number to verify the legitimacy of the message and attached file.
  • Be alert to different variations of the fraudulent e-mails.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-4004, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at https://www2.fdic.gov/starsmail/index.asp.

expand +Lottery Scams

Lottery Scam

A newly-discovered scam known as the "Lottery Scam" is not committed online or by e-mail, but by regular mail. Victims of lottery scams receive a letter declaring the recipient the winner of a lottery or sweepstake (usually British or Canadian). The letter refers to an enclosed check for a small portion of the winnings which is to cover tax, fees, and/or insurance. The recipient is instructed to contact the sender to negotiate the balance of their winnings, at which time personal information is requested to "verify" the recipient's identification. The enclosed check is not valid, and the request for identification information is an attempt at identity theft.

How can I protect myself from lottery scams?

Never provide sensitive account or personal information in response to such a letter. If you have already provided personal information, please contact your local law enforcement agency immediately. If you receive a similar letter and you are unsure about its validity, either contact law enforcement or the bank that issued the enclosed check.

expand +Loan Audit Scams

Forensic Mortgage Loan Audit Scam

Similar to foreclosure rescue scams, forensic mortgage loan audit scams charge several hundred dollars to review distressed homeowners' loans to see if they may be able to use the audit report to avoid foreclosure, accelerate the loan modification process or even cancel the loan—none of which ever occur.

Forensic mortgage loan audit scams will often:

  • Guarantee to stop foreclosure on your home.
  • Advise you to cease contact with your lender, lawyer or credit or housing counselor.
  • Charge a fee before providing any services, accepts payment only by cashier’s check or wire transfer.
  • Encourage you to lease your home so you can buy it back at a later date.
  • Recommend that you make your mortgage payments directly to it, rather than your lender.
  • Urge you to transfer your property deed or title to it.
  • Offer to buy your house for cash at a fixed price that is inappropriate for the housing market.
  • Pressure you to sign papers you haven’t had a chance to read thoroughly or that you don’t understand.

How can I protect myself from forensic mortgage loan audit scams?

Never provide sensitive account or personal information to any company or individual that seems suspicious or displays one of the above warning signs. If you suspect you've encountered a forensic mortgage loan audit scam, please contact your local law enforcement agency immediately and visit the Federal Trade Commission website for information on how to report the illegal activity at www.ftc.gov.

To notify us of online fraud, identity theft or a lottery scam, please call 1.877.331.3785 Monday through Friday, 8:00 a.m.– 9:00 p.m. (EST) or e-mail us at privacyemail@owb.com.

Please include your name, e-mail address, telephone number and a detailed description.

Continue