URochester staff have reported receiving unexpected emails from OnePay and/or Synchrony Bank regarding new Cash Rewards cards. These emails may appear to come from addresses such as: 

• customer.service@mail.synchronybank.com 

• mail@account.onepay.com 

Common subject lines include: 

• “Congratulations on Your New OnePay CashRewards Card!” 

• “Welcome to your OnePay Card!” 

If you receive an email like this that you were not expecting, do not reply or click any links. 

If you have a pre-existing account with Synchrony or one of their partners: Contact the company directly using the phone number on the back of your card, or the official phone number listed on the company’s website. Do not rely on contact information provided in the email! 

If you do not have a preexisting account: Check your credit report to see if one has been opened in your name (you can get a free annual report at AnnualCreditReport.com) and, take the actions listed below if you find that your credit has been compromised. 

As always, please also forward the email (as an attachment) to abuse@ur.rochester.edu.  

If everything checks out ok, read on for tips to to safeguard your data going forward. 

If You’ve Been Compromised 

If you believe your Social Security number or credit information is being misused:  

• Freeze Your Credit 

• • Placing credit freezes with each agency – Experian, TransUnion and Equifax – will prevent new credit accounts from being opened in your name. Credit freezes are free and easy to lock and unlock, ensuring quick access to your credit when needed, while keeping accounts out of the hands of cybercriminals.  On their websites, look for:  

• • • Equifax – “Lock & Alert” 

• • • Transunion – “Credit Freeze” 

• • • Experian – “Security Freeze” 

• Report Identity Theft 

• • File a report with the Federal Trade Commission at IdentityTheft.gov. 

• File a Police Report  

• • While they may not be able to investigate immediately, having a police report can serve as important documentation. 

• Monitor Your Credit  

• • Review reports for any unauthorized accounts or activity. 

• Review Your Social Security Statement 

• • Look for suspicious activities, such as unreported income.  

• Sign Up for Free Credit Monitoring When Offered as the Result of a Breach 

• • Chances are, at some point over the past several years, you have received a letter from a vendor or company with which you do business letting you know that they’ve experienced a customer data breach. When you do receive such a letter, first independently verify its authenticity, and then make sure you take advantage of the free credit monitoring they offer you (usually a year or two in duration). 

• Contact the Internal Revenue Service (IRS) to Prevent Tax Fraud 

• • Call the Identity Protection Specialized Unit at 1-800-908-4490. This line is dedicated to assisting individuals who believe they are victims of identity theft involving their tax accounts.  

• • Complete IRS Form 14039, the form used to report suspected identity theft to the IRS. You can submit it online via IdentityTheft.gov or by mail. 

• • Respond to IRS Notices: If you receive a notice from the IRS indicating that your SSN has been used fraudulently, follow the instructions provided in the notice. Typically, such notices come by U.S mail. 

Safeguarding Your Data 

Incidents like this serve as an important reminder to protect your data, and take steps to be alerted if it is compromised: 

• Use Unique Passwords for Every Account 

• • Using the same password across multiple platforms is akin to using the same key for every door. Protect your data by creating unique, one-of-a-kind passwords for each of your online accounts.     

• Use a Password Manager 

• • Managing numerous complex passwords can be overwhelming. A password manager securely stores your credentials, generating strong passwords and auto-filling login information.  The University offers Keeper Password Manager for free to all faculty, staff and students.  

• Enable Two-Factor Authentication (2FA) 

• • Two-factor authentication (sometimes referred to as MFA or multifactor authentication) adds an extra layer of security by requiring a second form of verification, such as a push notification or code sent to your phone.    

• Regularly Review Financial Statements 

• • Monitor your bank and credit card statements for unauthorized transactions and report any suspicious activity immediately.     

• Set Up Credit Monitoring 

• • Enrolling in credit monitoring services provides real-time alerts of suspicious activity on your credit report. This allows you to detect and address potential identity theft promptly.     

• Take Advantage of Fraud Prevention Tools Offered by Your Current Banking and Lending Institutions 

• • From email- and text-transaction alerts to geographic proximity locks, most lenders, credit card companies, and financial institutions now offer a suite of tools to help you easily take an active role in monitoring your accounts for unauthorized activity or transactions. Local banking institutions are usually willing to help walk you through such options in branch, while others provide self-service setup in their mobile apps or on their website. Research what tools are available for each of your accounts to help you prevent, catch, and stop fraud at its earliest signs. 

• Freeze Your Credit 

• • Place a credit freeze with Equifax, Experian, and TransUnion if you haven’t already done so.