Alerts and Updates
Your resource for the latest information on privacy and security
Privacy and security are an essential part of UMB’s commitment to its customers, and a foundational aspect of how we deliver safe, secure and quality products and services. This page updates periodically and contains important information on privacy and security topics and trends.
Text message fraud attempts
Financial institutions are seeing a heightened number of spoofing attacks, including being impersonated by fraudsters via text message. An example of this type of attempted fraud is below:
“UMB Direct Alert! Did you initiate a wire to recipient [Customer Name] for the amount of $[Amount]? Reply 1 for YES, 2 for NO. Reply STOP to opt out of ALERTS.”
UMB may contact you via text message, as well as phone or email, to verify suspicious activity. However, we will never ask for sensitive account information in these communications, such as card number, verification number, expiration date or online banking credentials.
Never share your account passwords, PINs or other sensitive authentication information.
Best practices in protecting your accounts
UMB will never contact you and ask for your account credentials like your login or passwords for online banking. Don’t share your account passwords, PINs and other sensitive authentication information.
Access the correct UMB website
We recommend that you type “UMB.com” in your browser, then login into your account. Clicking a link sent in an email may route you to a fraudster instead of UMB.
- Always use the official UMB website at UMB.com or trusted UMB customer service channels to update your account information or make inquiries.
- Verify the website's URL and look for secure connections (https://) to ensure you're on the legitimate UMB site.
Be suspicious of an unexpected call or message
If someone contacts you claiming to represent UMB and something doesn’t seem right:
- Don’t provide any information.
- Don’t assume you’re speaking with UMB based on a phone number or email address. Phone numbers and email addresses can be falsified or spoofed.
- Reach out to UMB directly through your relationship manager or treasury management officer (TMO) using their verified contact information or information from the official UMB website.
Keep your passwords private
- Create unique passwords for each of your accounts and don’t reuse them.
- Don't use passwords based on personal information that’s easily accessed or guessed (e.g., anything shared on social media).
- Don't use words that can be found in any dictionary.
Watch for these red flags
- Unexpected or unsolicited calls or email from a financial institution
- Business-related emails from personal accounts
- Requests that create a false sense of urgency, especially if they encourage you to bypass verification steps
- Requests that come outside of normal business hours
- Contacts insisting on only communicating through one method (e.g., You receive a message from a known contact, but they claim they can only be reached through e-mail).
- Messages with grammar errors or awkward wording
We’re committed to increasing awareness around fraud, phishing and business email compromise (BEC).
If you suspect that you’re a victim of fraud, please contact your UMB relationship manager or Treasury Management Officer.
Check the UMB Privacy & Security Center on the UMB website regularly to learn more about risk-mitigation best practices and view security alerts.
More helpful information about BEC prevention best practices and red flags is available on the UMB blog.
The content provided in this message is intended for educational purposes only, and UMB does not make any representation and shall not be liable for any of the contents of this message.
Business email compromise: How to identify red flags and reduce risk
Business email compromise (BEC) scams are a type of online payment fraud that target businesses and can result in significant financial loss. BEC involves gaining unauthorized access to a legitimate email, text message, or social media account or an attempt to spoof or fake a legitimate account.