Protect Your Account Information

Secure. Reliable. You have our word on it with our Huntington Online Guarantee.

Protect Your Identity


Protect yourself by becoming informed about fraud and identity theft.

Fraudulent email (also called phishing, spoofing or imposter email) and fraudulent Web sites are used to trick people into providing personal information that can be used for identity theft.

To help protect you against ID Theft as well as other Internet fraud, Huntington has developed a checklist:

Ten Tips For Accessing your Accounts Safely Online

We recommend that you follow each of these steps to ensure you are taking the necessary safety precautions to protect your account information. Click here for a printable version. (Printable version requires Acrobat Reader, available at no cost from Adobe, to view and print.)

Learn more about fraud and identity theft:

What is identity theft?

Ten tips for accessing your accounts safely online

How to recognize fraudulent email

What you can do about phishing schemes

How to avoid email viruses and other malicious programs

Some recent examples of email and Internet fraud

How to protect your identity offline

Some things you can do if you are a victim of identity theft


Actual examples of recent phishing attacks against Huntington. (Example requires Acrobat Reader, available at no cost from Adobe, to view and print.)

What is identity theft?

Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. A few examples of why identity thieves want your personal information include:

  • To open a new credit card account, using your name, date of birth and Social Security number.
  • To call your credit card issuer, pretending to be you, changing the mailing address on your account, and then run up charges on your account.
  • To open a bank account in your name and write bad checks on that account.


10 Tips For Accessing Your Accounts Safely Online

Read a newspaper or watch the evening news, and chances are there will be something about identity theft or other types of Internet fraud. As Internet usage has grown, so has Internet-related crime, especially fraud.

Since this will continue to be a growing issue of concern for consumers and the financial services industry alike, Huntington is taking aggressive steps to protect your information online, using sophisticated detection and prevention systems. We’ve also developed a checklist to help you protect yourself.

We recommend that you implement each of these safety precautions to protect your account information.

1. Update your Online Banking password.

This is perhaps the easiest precaution! Although changing your password is not required, we strongly recommend that you change it on a regular basis. This will help keep your accounts secure should someone obtain your user ID and password. Choose passwords that are not obvious and that would be difficult to guess. To strengthen security, choose a password consisting of both alphabetic and numeric characters. And remember – never share your password with anyone else.

To change your password:

  • Log in to Online Banking.
  • Select the Customer Service tab.
  • Select Change Password.
  • Follow the remaining instructions to change your password.
2. Verify your last login date.
  You can keep your Online Banking accounts more secure every time you access them by verifying your previous login date. Your login information appears on the lower left-hand side of the My Accounts page. If you feel that the information may be inaccurate, please call us immediately at 1-800-480-BANK (2265) 24 hours a day, 7 days a week.
3. Don’t open links in emails.

Hackers frequently try to get information from individuals by sending emails asking for verification of account information. These deceptive emails may say that your bank account has been closed due to fraudulent activity or that it needs to be verified. If you ever receive an email of this nature, do not open the attached files, and do not provide any personal information. Huntington will never solicit your personal or account information through email.

If you receive any email – from Huntington or from anyone else – requesting personal or account information, please treat it as fraudulent and forward it to us at . Or, you can call us at 1-877-932-BANK (2265) 24 hours a day, 7 days a week.

4. Install a firewall.

A firewall is your computer’s first line of defense, because it protects your machine from hackers and intruders. A firewall is a software program that guards the entrance to your private network and keeps out unauthorized or unwanted traffic. It acts as a buffer between your computer and the outside world, allowing you to determine what traffic may access your computer. You can purchase a firewall program from your local computer store.

Most firewall programs allow you to set the level of security protection that you desire. A good rule of thumb is to start with the highest protection setting and then relax the settings as necessary. The price of a firewall program starts at about $40 and includes features such as email attachment protection, advertisement blocking, pop-up-window protection and other automatic functions.

5. Use anti-virus software.
  Anti-virus software protects your computer against viruses – unauthorized computer codes that attach to a program or portions of a computer system. Viruses reproduce and spread from one computer to another, destroying stored information and interrupting operations. An anti-virus program detects and destroys these unauthorized codes. With new viruses emerging daily, you need to have your anti-virus program updated regularly. Software manufacturers often sell their anti-virus programs with their firewall as a package, since they’re natural complements.
6. Use anti-spyware software.

Spyware is any software program that aids in gathering information electronically about people or organizations without their knowledge or consent. It then relays that information to an unauthorized third party. Users most often open the door to spyware unwittingly by downloading free software indiscriminately or by clicking on pop-ups or dialogue boxes.

Some kinds of spyware will redirect your browser to a new home page (not of your choosing). Others generate multiple pop-up ads that can make web surfing a chore. Another type of spyware known as a “keystroke logger” can cause the most damage, because this type of program records a copy of each character you type (such as user names and passwords to secure web sites) and sends that information to an unauthorized party who can steal your personal information. Among the anti-spyware programs on the market today, some are free, but most cost about $25.

7. Read your user licensing agreements.
  It’s possible for you to inadvertently agree to accept spyware with a program you're downloading. So be sure to thoroughly read any agreement included with applications or software you’re about to download. Complete the download only if you recognize the additional programs included and you know they are safe. Always deal with reliable sources – products or companies you know or that are recommended by others you trust.
8. Examine browser security settings.

Make sure the security settings in your browser (Internet Explorer, for example) are set to provide an appropriate level of protection. Browser-based attacks can occur when a user visits a web page containing hidden code intended to sabotage a computer or compromise one’s privacy. Use the Help feature of your Internet browser program to familiarize yourself with the security features available for your particular browser, or visit the browser manufacturer’s web site for more information.

To edit your security settings for Internet Explorer:

  • Click on Tools on the menu bar.
  • Select Internet Options from the pull-down menu.
  • Click on Security.
9. Take advantage of security updates.
  Your Internet service provider (AOL, for example) and your Internet browser software manufacturer (for example, Microsoft) periodically issue security updates. These updates are often created to patch holes that allow viruses to get through. Many reputable software manufacturers dedicate sections of their web sites to security updates of this kind. If you don't have or don’t use auto-update mechanisms in your software, it’s a good idea to visit the manufacturers’ websites regularly to make sure you have the latest fixes.
10.  Use a computer that is secured at all times, even when you’re traveling.

Even if you follow all the steps outlined here for your home computer, none of it will matter if you use a different computer that isn’t secured. Be especially aware of this if you are traveling, for instance, or whenever you’re using a work or personal computer that you typically don’t use. If you must use a computer other than your own, first make sure that it has all of the items on this checklist installed and updated on its system.

For the same reasons, it is also a good rule of thumb to avoid letting unfamiliar people have access to your computer. And, whenever you’re not using the Internet, we recommend disconnecting your Internet access.


How to Recognize Fraudulent Email

Be wary of any seemingly legitimate email request for account information, often under the guise of asking you to verify or reconfirm confidential personal information such as account number, Social Security Numbers, passwords or other sensitive information.
It’s often hard to detect a fraudulent email. That’s because the email address of the sender often seems genuine (such as, as do the design and graphics. But there are clear signs to be aware of. For example, fraudulent emails often try to extract personal information from you in one of two ways:

By luring you into providing it on the spot (e.g., by replying to the email), or

Including links to a Web site that tries to get you to disclose personal data

Like the email, a fraudulent Web site is designed to trick you into believing it belongs to a company you know by using its brands as domain names and/or its graphics. The ultimate goal of this fraud is to use your information to gain unauthorized access to your bank or financial accounts or to engage in other illegal acts.
Do not reply to any email requesting your personal information, or one that sends you personal information and asks you to update or confirm it. If you receive an email you are suspicious of, contact the company through an address or telephone number you know to be genuine. Huntington will never send you any email that requests your account information or asks you to verify a statement.
If you suspect you have provided confidential account or personal information to a fraudulent Web site, change your password immediately, monitor your account activity frequently and report any suspicious activity to the company.

What You Can Do About Phishing Schemes
The Department of Justice recommends following three simple rules when you see emails or Web sites that may be part of a phishing scheme: Stop, Look, and Call.
  Stop. Phishers typically include upsetting or exciting (but false) statements in their emails with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before they take time to think through what they are doing. Resist that impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.

Look. Look more closely at the claims made in the email, think about whether those claims make sense, and be highly suspicious if the email asks for numerous items of your personal information such as account numbers, usernames, or passwords. For example:

If the email indicates that it comes from a bank or other financial institution where you have a bank or credit card account, but tells you that you have to enter your account information again, that makes no sense. Legitimate banks and financial institutions already have their customers' account numbers in their records. Even if the email says a customer's account is being terminated, the real bank or financial institution will still have that customer's account number and identifying information.

If the email says that you have won a prize or are entitled to receive some special "deal," but asks for financial or personal data, there is good reason to be highly suspicious. Legitimate companies that want to give you a real prize don’t ask you for extensive amounts of personal and financial information before you're entitled to receive it.

  Call. If the email or Web site purports to be from a legitimate company or financial institution, call or email that company directly and ask whether the email or Web site is really from that company. To be sure that you are contacting the real company or institution where you have accounts, credit card accountholders can call the toll-free customer numbers on the backs of your cards, and bank customers can call the telephone numbers on your bank statements.

How To Avoid Viruses And Other Malicious Programs
If you receive a suspicious email, don’t open it. Immediately delete both the email and the attachment, as it may contain a virus or malicious program. Do not open the attachment. If you do open an attachment containing a virus or other malicious program, clean your system using anti-virus software and change your Internet and system passwords. We encourage you to use and maintain the most updated anti-virus software, and never to open emails or attachments that come from an unrecognized source.

Some Recent Examples Of Email And Internet Fraud
Closed account hoaxes
An email is sent purporting to be from a financial institution or the FDIC, saying that the recipient’s account has been closed or frozen, and requesting that they click on a link provided in the email. The link takes them to an imposter Web site, which requests that they provide information about their account. The fake FDIC emails attempted to frighten the recipient by saying falsely that the Director of the Department of Homeland Security has advised the FDIC to suspend all deposit insurance on the email recipient's bank account due to violations of the USA Patriot Act.
“Accounting department” hoax
Email has been sent to individuals at various companies, purportedly from that company’s accounting department. The message asks the recipient to open an attachment to read an Internet Billing Notice. The attachment contains a virus, which then sends itself to everyone in the recipient’s email contact list.
Internet auction hoaxes
People selling items on eBay and other Internet auction sites have been given counterfeit checks in payment for an item. The buyer sends the seller a counterfeit check for more than the item’s selling price and requests that the seller send the difference back to the buyer through Western Union or some other means. When selling an item on the Internet, only accept payment for the actual amount of the item that you are selling. If you suspect the payment item might not be good, call the bank from which it is drawn to verify the form of payment before shipping the item.
Actual examples of recent phishing attacks
View actual examples of recent phishing attacks against Huntington. (Example requires Acrobat Reader, available at no cost from Adobe, to view and print.)

How To Protect Your Identity Offline
  • Dispose of printed account statements, ATM receipts, store and restaurant receipts and other documents containing your account information in a secure location. Shred or tear up papers with account or other personal information. Many identity thieves have obtained the information they needed by going through the victim’s trash.
  • Do not leave statements or other documents with your personal information lying around where others can see them.
  • Minimize the amount of personal information a criminal can steal. Don’t carry extra credit cards, your Social Security card, birth certificate or passport.
  • Sign your credit cards as soon as you receive them.
  • Keep a list of all your credit cards, loans, account numbers and expiration dates in a safe place so you can notify creditors in case of theft or loss.
  • Never give a credit card number or loan account information over the phone unless you initiated the call.
  • Check your credit report for accuracy at least once a year.
  • Take care when using ATM machines to shield the keyboard from view when you enter your PIN. Someone could look over your shoulder, memorize your PIN, and use it to gain access to your information later.
  • Be aware of who is listening when you give personal information over the phone, whether at your desk at work, or in public on a pay phone or cell phone.

Some Things You Can Do If You Are A Victim Of Identity Theft
Following are some options that may be helpful if you are a victim of identity theft.
1. Contact us:

If you are a victim of identity theft with respect to any of your accounts or transactions with us, please notify us at:

Huntington National Bank
Identity Theft
P.O. Box 1558
Columbus, OH 43216

Please provide as much detail as possible about the accounts or transactions in question, including any dates and account or transaction numbers that apply. We will contact you to discuss additional information necessary to resolve the matter.

You may also stop by your nearest Huntington branch or call us at 1-800-480-BANK (2265) 24 hours a day, 7 days a week for assistance.

2. Contact one of the major credit reporting companies:




(Clicking on any of the above links will send you to a non-Huntington Web site, and the privacy and information security policies of that site will take effect.)

If you call one of these companies, they will pass on your information to the other two companies, saving you time. Each company will follow a standardized three-step process to post a security alert on the credit file, opt you out of pre-approved offers of credit or insurance and mail you a copy of your file.

Here is what the process will look like in more detail once you make the call:

  • The company receiving the initial call will notify you of the ID fraud initiative and will electronically notify the other two credit reporting companies of the crime.
  • A fraud alert will be put on your credit report at all three nationwide credit reporting companies within 24 hours.
  • You will be opted out of all pre-approved offers of credit and insurance for two years.
  • Your request for a copy of your credit report will be handled in no more than three business days. Each of the three national credit reporting companies will work with you to verify the information in their respective reports and to delete any fraudulent data. If you file a police report, the process is even quicker. The Consumer Data Industry Association's national credit reporting company members will voluntarily expedite services for you by immediately deleting fraudulent data without the usual reinvestigation procedure.
  • The fraud alert will be displayed by each national credit reporting agency to all lenders or other users that access the reports in the future.
3. Report the crime to your local police and sheriff’s departments.
Even if the police can’t catch the identity thief, having a police report can help you in clearing up your credit records later on. Get a copy of your police report. You may need to provide a copy of the police report to the creditors.
4. File a complaint with the Federal Trade Commission (FTC)
File a complaint with the Federal Trade Commission (FTC) at or call their toll-free hotline 1-877-IDTHEFT (438-4338).
5. If required, fill out an identity theft affidavit.
Banks, credit reporting agencies and other credit grantors may require you to complete an identity theft affidavit or other forms. Ask each bank or agency for its specific requirements.
6. Notify your local Postal Inspector of a fraudulent change of address.
Notify your local Postal Inspector if you suspect an identity thief has filed a change of your address with the post office or has used the mail to commit credit or bank fraud. (Call your local Postmaster to obtain the phone number.) Find out where fraudulent credit cards were sent. Notify the local Postmaster for that address to forward all mail in your name to your own address.


For more information about identity theft, consult the following resources:

Federal Trade Commission (FTC)
Toll-free hotline 1-877-IDTHEFT (438-4338)