Security and Privacy Center

Security Alerts

Learn about current scams, frauds and security breaches so you can take steps to protect yourself.

Large Scale Ransomware Attack

July 31, 2018

Initially believed to be confined to Alaskan municipal government IT networks, now propagating to other industries/sectors.

There is currently a large-scale Ransomware attack targeting IT networks. The incidents involve multiple malware deployed together. Through a phishing email, a Trojan gets installed and acts as a dropper, installing a ransomware payload somewhere on the network to be activated when desired. The malware uses vulnerable exploits to propagate itself making it difficult to confine. Infected systems are then encrypted while the perpetrators extort payment in the form of Bitcoin.

1. Be particularly cautious of emails and attachments you are not expecting. These emails may even come from people you know or do business with, as the malware can potentially steal your email contacts and send on behalf of the victim.
   
   
2. Consider patching your all of your systems. Configure Windows and other software to automatically update, including your antivirus/antimalware programs to ensure you have the latest protection.

Remember, this ransomware typically arrives via phishing emails that may be sent from infected victims who users know and have done business with. For that reason, it's incredibly important for you to scrutinize emails you receive, especially any with attachments labeled as invoices or purchase orders.

For more information on this and other alerts please visit https:\\www.us-cert.gov.

Online Banking Security Guarantee

Keeping your financial and personal information secure and confidential is our top priority, and we know how important safe online banking and personal security are to you. That’s why we developed the Northrim Online Banking Security Guarantee – a program designed to protect you and your money against online fraud and losses.

Our Guarantee
We guarantee that you will be covered 100% against any unauthorized transactions through our Online Banking service when you comply with your responsibilities outlined below.

Your Responsibilities
To benefit from Northrim’s Online Banking Security Guarantee, you must:

• Never share your online banking login credentials or other personal account information with others (including your username, password and account number).
• Review your account statement regularly and promptly report incidents of unauthorized access or use by calling us within 60 calendar days of the unauthorized transaction first appearing on your statement.
• Take care to not leave your computer or other device unattended while using Northrim Online Banking. Once your banking is complete, log off and close your browser.

Other Terms and Conditions
The Northrim Online Banking Security Guarantee applies to Personal Online Banking customers only.

This Online Banking Security Guarantee does not apply to:

1. Small business, commercial or other non-personal accounts.
2. Transactions made by people with whom you shared your online banking login credentials or other personal account information. All transactions initiated by those with whom you shared information will be considered authorized by you, regardless of whether you intended those transactions to be made.
3. Transactions you fail to report as unauthorized within 60 days from the date of the first statement that reflects the unauthorized transaction. If you fail to report a loss or unauthorized transaction within 60 days, you may be responsible for this loss and all subsequent losses related to this loss.

All claims are subject to our investigation and verification. You must cooperate with our claims representatives and comply with our requests and procedures during the processing of your claim.

This guarantee supplements the terms of your Northrim Online Banking and Online Bill Pay agreement.

Understanding Fraud and Identity Theft

Understanding the different ways in which fraudsters attempt to victimize people via cyber threats will help you avoid becoming a victim. Stay informed on the latest fraud threats.

• Identity Theft. Identity theft occurs when someone uses your personal information, such as your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes. If you suspect that someone has used your information to open accounts with or conduct business at Northrim Bank without your knowledge or authorization, please contact our Call Center.
• Phishing. Phishing is a cyber threat by which fraudsters attempt to obtain personal or financial information (account or credit card numbers, Social Security numbers, passwords, or other sensitive information) through fraudulent emails, fake websites, text messages, or direct phone calls claiming to be a financial institution or another company. Northrim Bank will never contact you via phone or email to request your Online Banking login credentials. If you receive a suspicious message asking you to provide your login credentials or other personal information, you should decline and call our Call Center immediately.
• Malware. Malicious software, or “Malware,” includes viruses and spyware that can be installed on your computer, phone, or mobile device without your consent. Malware can be used to commit fraud, send spam, or even steal personal information. It can download itself during your Online Banking session in an attempt to steal your sensitive data. Be sure to have an up-to-date anti-virus and anti-malware software. As mobile devices have become more frequent targets of malware, there are now anti-malware programs available specifically for cell phones and other mobile devices.
• Social Media and Internet Fraud. Be careful about what you post personally and professionally – too much information can help scammers reach their goals. Phishing attempts and unsolicited requests don’t just happen via email. They can also arrive via social media.

As internet fraud is on the rise, be sure you always practice safe web browsing techniques, and be cautious about offers received online and through email. If you believe you are a victim of fraud or the recipient of suspicious communication, please contact our Call Center immediately and visit our fraud reporting information.

Take Action to Protect Yourself

Your safety and security is our number one priority. Below are best practices to help guard against unauthorized use of your account and protect your identity.

Computers, Mobile Devices and Email

• Never leave your computer or mobile device logged on or unattended in public.
• Always password protect and lock your computer or mobile device when not in use.
• Do not store financial or personal information on your computer or mobile device.
• Keep the operating system for your computer or mobile device up-to-date.
• Install and set your anti-virus and anti-malware software to update automatically.
• Do not click on links or attachments in an email that seems suspicious. Never give out personal information to an unknown source via phone, email, online or text.
• Never give out personal information to an unknown source via phone, email, online or text.
• Do not include personal or sensitive data in, or in response to, an email or other online communication.
• Use caution when logging into Online Banking from a public computer. Do not enroll additional security on public computers.

Passwords

• Always use secure passwords. A secure password consists of upper and lower case letters and numbers, and should not contain dictionary words, names or birthdates. Do not use your Social Security number (SSN), in full or in part, for a password or PIN.
• Do not use the same username or password on any other website or software.
• Never share your password with anyone.

Web Browsing

• Make sure to keep your web browser software up-to-date by installing the most recent version.
• Only allow pop-ups from sites that you authorize.
• Do not give out personal information to blogs, forums and other social networking sites.
• Only make online purchases using secure sites that encrypt your information. To determine if a site encrypts your information look for the locked padlock icon in the browser and "https:" in the address line.
• Never access a website from a link in a suspicious email.
• Access online banking sites by typing the address directly into the browser’s address bar.
• Sign off and close your browser when you finish an online or mobile banking session.

Credit Monitoring
Consider signing up for a credit monitoring service that notifies you when changes are posted to your credit report. This is one of the fastest ways to find out if someone has opened new accounts in your name.

To learn more about online security visit:

• FDIC Consumer Protection
• Consumer Financial Protection Bureau
• OnGuard Online

Take Action to Protect Your Business

You've worked hard to build your business, and at Northrim we're committed to providing you with the tools and safeguards needed to protect it. Staying alert is the best way to help protect your business from information theft and payment fraud. We recommend taking the following steps to protect your business.

Online Banking & User Security

• Never share user IDs, passwords, PIN numbers, dynamic tokens, etc. Do not leave them in an area that is not locked or secured.
• Always use secure passwords. A secure password consists of upper and lower case letters, numbers and special characters.
• Do not use the same login or password on any other website or software.
• Review account transactions daily and reconcile frequently.
• It is recommended that the “Super User” for Northrim Business Online Banking only use this access to create, maintenance and reset sub users. The Super User should have a separate login for conducting Business Banking transactions. In the event the Super User’s credentials are compromised while conducting Business Banking transactions, access to all controls may be at risk. A separate login may help prevent fraudsters from gaining access to create sub users, providing a means to approve fraudulent transactions.
• The Super User should be the only user permitted to add sub users for the company. In order to maintain internal control, sub users should not be permitted to create additional sub users.
• Users should never access Business Online Banking (or any privileged or sensate computer system) from a public computer at a hotel/motel, library, coffee house, or other public wireless access point.
• Users should not enroll additional security to public computers.
• It is highly recommended that the company designate one computer in the office strictly for online banking transactions. This machine should not be utilized to browse the internet, check email or any other activity that could expose the computer to compromise.
• Determine which websites need to be made available to employees in order to conduct business activities. Consider blocking access to file sharing, social media and personal email sites.
• Determine who needs access to your banking systems and services and make sure the removal of access to those services is part of your employee exit process.
• Train everyone in the company on best practices in information security, not just financial personnel. Identify regular opportunities to routinely discuss security best practices such at staff meetings or other group check-ins.

Computer and Email Security

• Install and update your anti-virus and anti-malware software frequently. Most modern software updates automatically.
• Keep operating systems, browser and email patches up to date.
• Keep your web browser software up to date by installing the most recent version.
• Use well known network and desktop firewall solutions.
• Recommend that users sign off their computer when it is not in use.
• Do not click on links or attachments in an email that seems suspicious.
• Do not share confidential business information online. Emails and text messages are not secure and can be intercepted. When it is necessary to share information online, ensure that the website is secure.
• Consider using programs that scan emails for malicious content.
• Consider disabling CD, DVD and USB drives on all computers where these drives are not needed.
• Do not allow your employees to download unauthorized software or programs.

More business protection tips can be found at the National Cyber Security Alliance's Stay Safe Online Business Center.

Privacy Policy

Your privacy always comes first. Our privacy policy explains how we use your information and the options for limiting the sharing of your information.

Fraud Reporting

If you believe you have experienced fraud or your personal information has been compromised, please contact:

• Northrim Bank Call Center
• Any other financial institutions you have a relationship with
• All credit card companies you have accounts with
• The three major credit bureaus listed below to request that a fraud alert be placed on your credit report:
  • Equifax
    P.O. Box 740241
    Atlanta, GA 30374
    1-800-685-1111
  • Experian
    P.O. Box 2002
    Allen, TX 75013
    1-888-397-3742
  • TransUnion
    P.O. Box 1000
    Chester, PA 19022
    1-800-888-4213

The Federal Trade Commission (FTC) also investigates consumer fraud through the Bureau of Consumer Protection. You can forward unsolicited commercial email (spam), including phishing messages, directly to the FTC at spam@uce.gov.