Security and Privacy Center

Your Security is our Top Priority

Learn about the steps we take to protect you – and what you can do to protect yourself and your business.

Security alerts
Learn about current scams, frauds and security breaches so you can take steps to protect yourself.

Fraud and identity theft
Understanding the different ways fraudsters attempt to victimize people via cyber threats will help you avoid becoming a victim.

Learn more

Privacy policy
Your privacy always comes first. Understand how we use your information and the options for limiting the sharing of your information.

Learn more

How we protect you
We value your business and the trust you have placed in us, and employ a variety of tools, techniques and processes to help protect you.

Learn more

Protect yourself
Your safety and security is our number one priority. Learn best practices to help guard against unauthorized use of your account and protect your identity.

Learn more

Fraud reporting
If you believe you have experienced fraud or your personal information has been compromised, contact us immediately.

Learn more

Security guarantee
Safe online banking is important to you – and us. That’s why we developed this program to protect you and your money against online fraud and losses.

Learn more

Protect your business
You've worked hard to build your business, and at Northrim we're committed to providing you with the tools and safeguards needed to protect it.

Learn more

Affiliate Opt-Out
If you don’t want to hear from our affiliates, just let us know.

Learn more

Security Alerts

Learn about current scams, frauds and security breaches so you can take steps to protect yourself.

Apple Vulnerability

November 5, 2018

At Northrim Bank we take security extremely serious and nothing is more important to us than our valued customers’ safety. Today’s modern technology affords us a multitude of conveniences however, technology also exposes us to cybersecurity risks. Recently, multiple cyber vulnerabilities have been discovered in Apple products. We encourage all our customers who use Apple products to update all of their devices to the latest software releases to combat these newest cyber risks. For full technical details of the specific devices and software versions affected by these vulnerabilities, please reference the link below.

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2018-120/

Large Scale Ransomware Attack

July 31, 2018

Initially believed to be confined to Alaskan municipal government IT networks, now propagating to other industries/sectors.

There is currently a large-scale Ransomware attack targeting IT networks. The incidents involve multiple malware deployed together. Through a phishing email, a Trojan gets installed and acts as a dropper, installing a ransomware payload somewhere on the network to be activated when desired. The malware uses vulnerable exploits to propagate itself making it difficult to confine. Infected systems are then encrypted while the perpetrators extort payment in the form of Bitcoin.

Be particularly cautious of emails and attachments you are not expecting. These emails may even come from people you know or do business with, as the malware can potentially steal your email contacts and send on behalf of the victim.
Consider patching your all of your systems. Configure Windows and other software to automatically update, including your antivirus/antimalware programs to ensure you have the latest protection.

Remember, this ransomware typically arrives via phishing emails that may be sent from infected victims who users know and have done business with. For that reason, it's incredibly important for you to scrutinize emails you receive, especially any with attachments labeled as invoices or purchase orders.

For more information on this and other alerts please visit https:\\www.us-cert.gov.

Telephone Scam Alert

December 7, 2017

We have received reports of Alaskans receiving phone calls in a fraudulent attempt to gain personal or card information. The calls have been claiming that the individual’s bank or cards have been locked and they must provide personal financial information to reactivate.

There has been no breach of Northrim Bank’s systems, but Alaskans should be warned about this phishing attack and urged to take caution. Northrim will never contact you to request card data. Northrim Bank does use in-person calls to verify suspicious card transactions, but will never ask for your card number or PIN.

If you receive a similar fraudulent call, please hang up immediately. If you received a call like this and provided personal or card information, please contact us immediately.

This particular scam comes as a phone call - however, you should be aware that phishing attacks come in many forms. Northrim recommends caution if you receive phone calls or emails that ask for your bank card or other personal information. In this environment of increased card fraud activity, please notify us if you are traveling outside of Alaska to ensure uninterrupted use of your debit card.

How to Guard Against Mailbox & Identity Theft

September 25, 2017

Waiting for a box of checks? An important statement or letter from a business? Want to see what is going to be in your mailbox BEFORE it gets there?

The US Postal Service has launched a new service called "Informed Delivery." Digitally preview your mail and manage your packages scheduled to arrive soon! Informed Delivery allows you to view greyscale images of the exterior, address side of letter-sized mail pieces and track packages in one convenient location. You should begin receiving images within 2 days of signing up and delivery of the emailed contents shortly thereafter.

Take this opportunity to use another tool to help protect yourself against mailbox and identity theft. Sign up is easy and secure. Click on the link below or copy address into your favorite browser for free sign-up.

USPS.com

Equifax Data Breach

September 8, 2017

On September 8th, 2017 consumer credit reporting bureau Equifax, one of the three major credit bureaus, announced a major data breach affecting approximately 143 million Americans. The company said that from mid-May through the end of July, criminals exploited an Equifax website vulnerability to access names, Social Security numbers, birth dates, addresses and in some cases driver’s license numbers. They also stole credit card numbers for 209,000 people.

If you have a credit report, your information may have been affected. Equifax has set up a special website for consumers to determine if they were affected by this breach and next steps to help protect yourself moving forward. Click here to access this website.

Below are best practices Northrim encourages to help guard against unauthorized use of your account and protect your identity.

Monitor your credit reports.
Consider signing up for a credit monitoring service that notifies you when changes are posted to your credit report. This is one of the fastest ways to find out if someone has opened new accounts in your name.
Monitor your bank accounts.
We also encourage you to monitor your financial accounts regularly for fraudulent transactions. Use online and mobile banking to keep a close eye on your accounts. You can also sign up to receive email or text alerts through the Customer Service section of our Online Banking platform.
Watch out for scams related to the breach.
Do not trust e-mails that appear to come from Equifax regarding the breach. Attackers are likely to take advantage of the situation and craft sophisticated phishing e-mails.

Business Wire Transfer Scam

June 13, 2017

Recently, there has been an increase in fraudulent wire transfer requests to businesses throughout the financial industry. In these scams, a business is asked to wire funds for invoice payment to a fraudulent account. Scammers have gotten increasingly talented at disguising these requests as legitimate charges to be paid and in some cases have been able to ‘high-jack’ phone numbers so that the requests appear to come from a phone number your business may have on record. If your business accepts wire transfer requests from customers or suppliers that are not present over the phone, via fax or email - it is important to consider the following:

Is the wire request normal for that business? If the wire request is out of the ordinary, you may want to ask that the business request the payment in person.
Is the request domestic or foreign? You may want to add additional controls for foreign wire requests or require the customer to request foreign wires in person.
Have steps in place to verify the authenticity of the request.
You may want to create dollar thresholds for wire requests that require additional controls.
Make sure your staff is trained to identify a phone call with a computer generated or voice changing technology.

Click here to learn more about how to reduce your technology risk and further protect your business.

Staying Safe from Tax Season Scams

February 17, 2017

Now that W-2’s are arriving, it’s time to consider how to stay safe from tax season scams. Every year, unfortunate taxpayers go to file their returns and are shocked to find that someone else has filed a fraudulent one in their name! Some innocent people also receive fraudulent phone calls from criminals impersonating tax officials. Sadly, tax fraud has only become more widespread and digital communication has opened new ways for it to happen.

While the Internal Revenue Service (IRS) reports on multiple tax-payer related scams, and even publishes a “Dirty Dozen” list, three scam variants are worth highlighting: Phishing and Malware Schemes; Identity Theft and Falsely Filed Tax Returns; and Impersonation Scams. Once criminals have your information, they can also continue to commit identity theft well beyond tax season. Here are some details on each of these scams, along with how to identify them and seek help in case of identity theft.

Phishing and Malware Schemes

The first type of scam often leads to identity theft and falsely filed tax returns, but may also result in you downloading malware. This happens when criminals send convincing phishing emails or direct you to convincing websites that appear to be IRS, state government, tax software, or financial institution websites. Their goal is to trick you into entering your login credentials, verifying sensitive personal information, or downloading malware.

Never click on email links; type the organization’s website into your web browser.
If you feel something is suspicious, contact the organization through a known method, like their publicly-posted customer service line.
Do not reply to emails or texts asking for personal or tax information.

Identity Theft and Falsely Filed Tax Returns

Once criminals have your personal information, they can use it to commit identity theft or file a false tax return in your name. In this case, if the criminal files the return before you do, they are getting your refund money and forcing you to go through the arduous process of proving that it was not you who filed the return. Criminals send phishing emails or make phone calls to trick you into providing your information so that they can commit this type of fraud.

Be wary of any contact by phone or email claiming to be from the IRS, as they do not contact taxpayers directly for this type of information.
File your tax return as soon as you get your W-2’s and other tax information. Criminals cannot successfully file a fraudulent return if you have already filed with the IRS!

Impersonation Scams

Our final flavor of scam involves a criminal impersonating the IRS or a tax official, such as a tax advocacy panel or tax preparer. They may say you owe money to the IRS or your state tax department or may represent themselves as a trusted tax authority and request information. This contact can occur through websites, emails, or threatening calls or text messages that seem official. Sometimes, these scammers request that their victims pay by strange methods like gift cards or pre-paid credit cards.

If you do in fact owe tax money to the IRS, you will receive an official bill in the mail first before being contacted by phone or email. For a quick reference, the IRS states that these are four things they will never do:

ask for credit or debit card numbers over the phone
call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer
threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying
demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe

Seeking help and reporting scams

The IRS encourages taxpayers to send suspicious emails related to tax fraud to its phishing@irs.gov email account. Other forms of tax fraud can be reported by following the instructions here.

If you suspect that you have been a victim of fraud or identity theft, please head to https://www.identitytheft.gov/. This is a site run by the Federal Trade Commission that provides a step-by-step recovery plan and assistance in taking action. It allows you to report if someone filed a return fraudulently in your name, if your information was exposed in a major data breach, and in case of many other types of fraud. If you believe you someone has used your social security number to fraudulently submit a tax return, you can also call the IRS at 800-908-4490.

How Northrim Bank Protects You

We take the security of your accounts and confidential information very seriously and employ a variety of tools, techniques and processes to help protect you.

Strong encryption
Northrim Bank uses the highest standards of encryption available to keep your sensitive information secure.

Strong sign-on requirements
Passwords must be at least six characters, and include a mix of letters, numbers or symbols.

Automatic log off
Northrim Online Banking automatically times out after 20 minutes of inactivity, logging the user out of their session.

Enhanced login security
We use enhanced login security with multifactor authentication as additional protection against fraud and identity theft.

Forgotten login
We require one-time passcode retrieval before resetting forgotten login information.

Employee training
Our employees are trained on our security policies and procedures and work diligently to protect the integrity of your information.

Unrecognized devices
Users must enter a one-time passcode received on their phone when logging in to Online Banking from an unrecognized computer or mobile device.

Bad password lockout
We automatically lock out users after three bad password attempts. An email will be sent to the email address on file, notifying the user of the lockout.

Online Banking Security Guarantee

Keeping your financial and personal information secure and confidential is our top priority, and we know how important safe online banking and personal security are to you. That’s why we developed the Northrim Online Banking Security Guarantee – a program designed to protect you and your money against online fraud and losses.

Our Guarantee
We guarantee that you will be covered 100% against any unauthorized transactions through our Online Banking service when you comply with your responsibilities outlined below.

Your Responsibilities
To benefit from Northrim’s Online Banking Security Guarantee, you must:

Never share your online banking login credentials or other personal account information with others (including your username, password and account number).
Review your account statement regularly and promptly report incidents of unauthorized access or use by calling us within 60 calendar days of the unauthorized transaction first appearing on your statement.
Take care to not leave your computer or other device unattended while using Northrim Online Banking. Once your banking is complete, log off and close your browser.

Other Terms and Conditions
The Northrim Online Banking Security Guarantee applies to Personal Online Banking customers only.

This Online Banking Security Guarantee does not apply to:

Small business, commercial or other non-personal accounts.
Transactions made by people with whom you shared your online banking login credentials or other personal account information. All transactions initiated by those with whom you shared information will be considered authorized by you, regardless of whether you intended those transactions to be made.
Transactions you fail to report as unauthorized within 60 days from the date of the first statement that reflects the unauthorized transaction. If you fail to report a loss or unauthorized transaction within 60 days, you may be responsible for this loss and all subsequent losses related to this loss.

All claims are subject to our investigation and verification. You must cooperate with our claims representatives and comply with our requests and procedures during the processing of your claim.

This guarantee supplements the terms of your Northrim Online Banking and Online Bill Pay agreement.

Understanding Fraud and Identity Theft

Understanding the different ways in which fraudsters attempt to victimize people via cyber threats will help you avoid becoming a victim. Stay informed on the latest fraud threats.

Identity Theft. Identity theft occurs when someone uses your personal information, such as your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes. If you suspect that someone has used your information to open accounts with or conduct business at Northrim Bank without your knowledge or authorization, please contact our Call Center.
Phishing. Phishing is a cyber threat by which fraudsters attempt to obtain personal or financial information (account or credit card numbers, Social Security numbers, passwords, or other sensitive information) through fraudulent emails, fake websites, text messages, or direct phone calls claiming to be a financial institution or another company. Northrim Bank will never contact you via phone or email to request your Online Banking login credentials. If you receive a suspicious message asking you to provide your login credentials or other personal information, you should decline and call our Call Center immediately.
Malware. Malicious software, or “Malware,” includes viruses and spyware that can be installed on your computer, phone, or mobile device without your consent. Malware can be used to commit fraud, send spam, or even steal personal information. It can download itself during your Online Banking session in an attempt to steal your sensitive data. Be sure to have an up-to-date anti-virus and anti-malware software. As mobile devices have become more frequent targets of malware, there are now anti-malware programs available specifically for cell phones and other mobile devices.
Social Media and Internet Fraud. Be careful about what you post personally and professionally – too much information can help scammers reach their goals. Phishing attempts and unsolicited requests don’t just happen via email. They can also arrive via social media.

As internet fraud is on the rise, be sure you always practice safe web browsing techniques, and be cautious about offers received online and through email. If you believe you are a victim of fraud or the recipient of suspicious communication, please contact our Call Center immediately and visit our fraud reporting information.

Take Action to Protect Yourself

Your safety and security is our number one priority. Below are best practices to help guard against unauthorized use of your account and protect your identity.

Computers, Mobile Devices and Email

Never leave your computer or mobile device logged on or unattended in public.
Always password protect and lock your computer or mobile device when not in use.
Do not store financial or personal information on your computer or mobile device.
Keep the operating system for your computer or mobile device up-to-date.
Install and set your anti-virus and anti-malware software to update automatically.
Do not click on links or attachments in an email that seems suspicious. Never give out personal information to an unknown source via phone, email, online or text.
Never give out personal information to an unknown source via phone, email, online or text.
Do not include personal or sensitive data in, or in response to, an email or other online communication.
Use caution when logging into Online Banking from a public computer. Do not enroll additional security on public computers.

Passwords

Always use secure passwords. A secure password consists of upper and lower case letters and numbers, and should not contain dictionary words, names or birthdates. Do not use your Social Security number (SSN), in full or in part, for a password or PIN.
Do not use the same username or password on any other website or software.
Never share your password with anyone.

Web Browsing

Make sure to keep your web browser software up-to-date by installing the most recent version.
Only allow pop-ups from sites that you authorize.
Do not give out personal information to blogs, forums and other social networking sites.
Only make online purchases using secure sites that encrypt your information. To determine if a site encrypts your information look for the locked padlock icon in the browser and "https:" in the address line.
Never access a website from a link in a suspicious email.
Access online banking sites by typing the address directly into the browser’s address bar.
Sign off and close your browser when you finish an online or mobile banking session.

Credit Monitoring
Consider signing up for a credit monitoring service that notifies you when changes are posted to your credit report. This is one of the fastest ways to find out if someone has opened new accounts in your name.

To learn more about online security visit:

Take Action to Protect Your Business

You've worked hard to build your business, and at Northrim we're committed to providing you with the tools and safeguards needed to protect it. Staying alert is the best way to help protect your business from information theft and payment fraud. We recommend taking the following steps to protect your business.

Online Banking & User Security

Never share user IDs, passwords, PIN numbers, dynamic tokens, etc. Do not leave them in an area that is not locked or secured.
Always use secure passwords. A secure password consists of upper and lower case letters, numbers and special characters.
Do not use the same login or password on any other website or software.
Review account transactions daily and reconcile frequently.
It is recommended that the “Super User” for Northrim Business Online Banking only use this access to create, maintenance and reset sub users. The Super User should have a separate login for conducting Business Banking transactions. In the event the Super User’s credentials are compromised while conducting Business Banking transactions, access to all controls may be at risk. A separate login may help prevent fraudsters from gaining access to create sub users, providing a means to approve fraudulent transactions.
The Super User should be the only user permitted to add sub users for the company. In order to maintain internal control, sub users should not be permitted to create additional sub users.
Users should never access Business Online Banking (or any privileged or sensate computer system) from a public computer at a hotel/motel, library, coffee house, or other public wireless access point.
Users should not enroll additional security to public computers.
It is highly recommended that the company designate one computer in the office strictly for online banking transactions. This machine should not be utilized to browse the internet, check email or any other activity that could expose the computer to compromise.
Determine which websites need to be made available to employees in order to conduct business activities. Consider blocking access to file sharing, social media and personal email sites.
Determine who needs access to your banking systems and services and make sure the removal of access to those services is part of your employee exit process.
Train everyone in the company on best practices in information security, not just financial personnel. Identify regular opportunities to routinely discuss security best practices such at staff meetings or other group check-ins.

Computer and Email Security

Install and update your anti-virus and anti-malware software frequently. Most modern software updates automatically.
Keep operating systems, browser and email patches up to date.
Keep your web browser software up to date by installing the most recent version.
Use well known network and desktop firewall solutions.
Recommend that users sign off their computer when it is not in use.
Do not click on links or attachments in an email that seems suspicious.
Do not share confidential business information online. Emails and text messages are not secure and can be intercepted. When it is necessary to share information online, ensure that the website is secure.
Consider using programs that scan emails for malicious content.
Consider disabling CD, DVD and USB drives on all computers where these drives are not needed.
Do not allow your employees to download unauthorized software or programs.

More business protection tips can be found at the National Cyber Security Alliance's Stay Safe Online Business Center.

Privacy Policy

Your privacy always comes first. Our privacy policy explains how we use your information and the options for limiting the sharing of your information.

View our Privacy Policy

Fraud Reporting

If you believe you have experienced fraud or your personal information has been compromised, please contact:

Northrim Bank Call Center
Any other financial institutions you have a relationship with
All credit card companies you have accounts with
The three major credit bureaus listed below to request that a fraud alert be placed on your credit report:
- Equifax
  P.O. Box 740241
  Atlanta, GA 30374
  1-800-685-1111
- Experian
  P.O. Box 2002
  Allen, TX 75013
  1-888-397-3742
- TransUnion
  P.O. Box 1000
  Chester, PA 19022
  1-800-888-4213

The Federal Trade Commission (FTC) also investigates consumer fraud through the Bureau of Consumer Protection. You can forward unsolicited commercial email (spam), including phishing messages, directly to the FTC at spam@uce.gov.