Security and Privacy Center

Security Alerts

Learn about current scams, frauds and security breaches so you can take steps to protect yourself.

Business Wire Transfer Scam

June 13, 2017

Recently, there has been an increase in fraudulent wire transfer requests to businesses throughout the financial industry. In these scams, a business is asked to wire funds for invoice payment to a fraudulent account. Scammers have gotten increasingly talented at disguising these requests as legitimate charges to be paid and in some cases have been able to ‘high-jack’ phone numbers so that the requests appear to come from a phone number your business may have on record. If your business accepts wire transfer requests from customers or suppliers that are not present over the phone, via fax or email - it is important to consider the following:

• Is the wire request normal for that business? If the wire request is out of the ordinary, you may want to ask that the business request the payment in person.
• Is the request domestic or foreign? You may want to add additional controls for foreign wire requests or require the customer to request foreign wires in person.
• Have steps in place to verify the authenticity of the request.
• You may want to create dollar thresholds for wire requests that require additional controls.
• Make sure your staff is trained to identify a phone call with a computer generated or voice changing technology.

Click here to learn more about how to reduce your technology risk and further protect your business.

Staying Safe from Tax Season Scams

February 17, 2017

Now that W-2’s are arriving, it’s time to consider how to stay safe from tax season scams. Every year, unfortunate taxpayers go to file their returns and are shocked to find that someone else has filed a fraudulent one in their name! Some innocent people also receive fraudulent phone calls from criminals impersonating tax officials. Sadly, tax fraud has only become more widespread and digital communication has opened new ways for it to happen.

While the Internal Revenue Service (IRS) reports on multiple tax-payer related scams, and even publishes a “Dirty Dozen” list, three scam variants are worth highlighting: Phishing and Malware Schemes; Identity Theft and Falsely Filed Tax Returns; and Impersonation Scams. Once criminals have your information, they can also continue to commit identity theft well beyond tax season. Here are some details on each of these scams, along with how to identify them and seek help in case of identity theft.

Phishing and Malware Schemes

The first type of scam often leads to identity theft and falsely filed tax returns, but may also result in you downloading malware. This happens when criminals send convincing phishing emails or direct you to convincing websites that appear to be IRS, state government, tax software, or financial institution websites. Their goal is to trick you into entering your login credentials, verifying sensitive personal information, or downloading malware.

• Never click on email links; type the organization’s website into your web browser.
• If you feel something is suspicious, contact the organization through a known method, like their publicly-posted customer service line.
• Do not reply to emails or texts asking for personal or tax information.

Identity Theft and Falsely Filed Tax Returns

Once criminals have your personal information, they can use it to commit identity theft or file a false tax return in your name. In this case, if the criminal files the return before you do, they are getting your refund money and forcing you to go through the arduous process of proving that it was not you who filed the return. Criminals send phishing emails or make phone calls to trick you into providing your information so that they can commit this type of fraud.

• Be wary of any contact by phone or email claiming to be from the IRS, as they do not contact taxpayers directly for this type of information.
• File your tax return as soon as you get your W-2’s and other tax information. Criminals cannot successfully file a fraudulent return if you have already filed with the IRS!

Impersonation Scams

Our final flavor of scam involves a criminal impersonating the IRS or a tax official, such as a tax advocacy panel or tax preparer. They may say you owe money to the IRS or your state tax department or may represent themselves as a trusted tax authority and request information. This contact can occur through websites, emails, or threatening calls or text messages that seem official. Sometimes, these scammers request that their victims pay by strange methods like gift cards or pre-paid credit cards.

If you do in fact owe tax money to the IRS, you will receive an official bill in the mail first before being contacted by phone or email. For a quick reference, the IRS states that these are four things they will never do:

• ask for credit or debit card numbers over the phone
• call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer
• threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying
• demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe

Seeking help and reporting scams

The IRS encourages taxpayers to send suspicious emails related to tax fraud to its phishing@irs.gov email account. Other forms of tax fraud can be reported by following the instructions here.

If you suspect that you have been a victim of fraud or identity theft, please head to https://www.identitytheft.gov/. This is a site run by the Federal Trade Commission that provides a step-by-step recovery plan and assistance in taking action. It allows you to report if someone filed a return fraudulently in your name, if your information was exposed in a major data breach, and in case of many other types of fraud. If you believe you someone has used your social security number to fraudulently submit a tax return, you can also call the IRS at 800-908-4490.

Online Banking Security Guarantee

Keeping your financial and personal information secure and confidential is our top priority, and we know how important safe online banking and personal security are to you. That’s why we developed the Northrim Online Banking Security Guarantee – a program designed to protect you and your money against online fraud and losses.

Our Guarantee
We guarantee that you will be covered 100% against any unauthorized transactions through our Online Banking service when you comply with your responsibilities outlined below.

Your Responsibilities
To benefit from Northrim’s Online Banking Security Guarantee, you must:

• Never share your online banking login credentials or other personal account information with others (including your username, password and account number).
• Review your account statement regularly and promptly report incidents of unauthorized access or use by calling us within 60 calendar days of the unauthorized transaction first appearing on your statement.
• Take care to not leave your computer or other device unattended while using Northrim Online Banking. Once your banking is complete, log off and close your browser.

Other Terms and Conditions
The Northrim Online Banking Security Guarantee applies to Personal Online Banking customers only.

This Online Banking Security Guarantee does not apply to:

1. Small business, commercial or other non-personal accounts.
2. Transactions made by people with whom you shared your online banking login credentials or other personal account information. All transactions initiated by those with whom you shared information will be considered authorized by you, regardless of whether you intended those transactions to be made.
3. Transactions you fail to report as unauthorized within 60 days from the date of the first statement that reflects the unauthorized transaction. If you fail to report a loss or unauthorized transaction within 60 days, you may be responsible for this loss and all subsequent losses related to this loss.

All claims are subject to our investigation and verification. You must cooperate with our claims representatives and comply with our requests and procedures during the processing of your claim.

This guarantee supplements the terms of your Northrim Online Banking and Online Bill Pay agreement.

Understanding Fraud and Identity Theft

Understanding the different ways in which fraudsters attempt to victimize people via cyber threats will help you avoid becoming a victim. Stay informed on the latest fraud threats.

• Identity Theft. Identity theft occurs when someone uses your personal information, such as your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes. If you suspect that someone has used your information to open accounts with or conduct business at Northrim Bank without your knowledge or authorization, please contact our Call Center.
• Phishing. Phishing is a cyber threat by which fraudsters attempt to obtain personal or financial information (account or credit card numbers, Social Security numbers, passwords, or other sensitive information) through fraudulent emails, fake websites, text messages, or direct phone calls claiming to be a financial institution or another company. Northrim Bank will never contact you via phone or email to request your Online Banking login credentials. If you receive a suspicious message asking you to provide your login credentials or other personal information, you should decline and call our Call Center immediately.
• Malware. Malicious software, or “Malware,” includes viruses and spyware that can be installed on your computer, phone, or mobile device without your consent. Malware can be used to commit fraud, send spam, or even steal personal information. It can download itself during your Online Banking session in an attempt to steal your sensitive data. Be sure to have an up-to-date anti-virus and anti-malware software. As mobile devices have become more frequent targets of malware, there are now anti-malware programs available specifically for cell phones and other mobile devices.
• Social Media and Internet Fraud. Be careful about what you post personally and professionally – too much information can help scammers reach their goals. Phishing attempts and unsolicited requests don’t just happen via email. They can also arrive via social media.

As internet fraud is on the rise, be sure you always practice safe web browsing techniques, and be cautious about offers received online and through email. If you believe you are a victim of fraud or the recipient of suspicious communication, please contact our Call Center immediately and visit our fraud reporting information.

Take Action to Protect Yourself

Your safety and security is our number one priority. Below are best practices to help guard against unauthorized use of your account and protect your identity.

Computers, Mobile Devices and Email

• Never leave your computer or mobile device logged on or unattended in public.
• Always password protect and lock your computer or mobile device when not in use.
• Do not store financial or personal information on your computer or mobile device.
• Keep the operating system for your computer or mobile device up-to-date.
• Install and set your anti-virus and anti-malware software to update automatically.
• Do not click on links or attachments in an email that seems suspicious. Never give out personal information to an unknown source via phone, email, online or text.
• Never give out personal information to an unknown source via phone, email, online or text.
• Do not include personal or sensitive data in, or in response to, an email or other online communication.
• Use caution when logging into Online Banking from a public computer. Do not enroll additional security on public computers.

Passwords

• Always use secure passwords. A secure password consists of upper and lower case letters and numbers, and should not contain dictionary words, names or birthdates. Do not use your Social Security number (SSN), in full or in part, for a password or PIN.
• Do not use the same username or password on any other website or software.
• Never share your password with anyone.

Web Browsing

• Make sure to keep your web browser software up-to-date by installing the most recent version.
• Only allow pop-ups from sites that you authorize.
• Do not give out personal information to blogs, forums and other social networking sites.
• Only make online purchases using secure sites that encrypt your information. To determine if a site encrypts your information look for the locked padlock icon in the browser and "https:" in the address line.
• Never access a website from a link in a suspicious email.
• Access online banking sites by typing the address directly into the browser’s address bar.
• Sign off and close your browser when you finish an online or mobile banking session.

Credit Monitoring
Consider signing up for a credit monitoring service that notifies you when changes are posted to your credit report. This is one of the fastest ways to find out if someone has opened new accounts in your name.

To learn more about online security visit:

• FDIC Consumer Protection
• Consumer Financial Protection Bureau
• OnGuard Online

Take Action to Protect Your Business

You've worked hard to build your business, and at Northrim we're committed to providing you with the tools and safeguards needed to protect it. Staying alert is the best way to help protect your business from information theft and payment fraud. We recommend taking the following steps to protect your business.

Online Banking & User Security

• Never share user IDs, passwords, PIN numbers, dynamic tokens, etc. Do not leave them in an area that is not locked or secured.
• Always use secure passwords. A secure password consists of upper and lower case letters, numbers and special characters.
• Do not use the same login or password on any other website or software.
• Review account transactions daily and reconcile frequently.
• It is recommended that the “Super User” for Northrim Business Online Banking only use this access to create, maintenance and reset sub users. The Super User should have a separate login for conducting Business Banking transactions. In the event the Super User’s credentials are compromised while conducting Business Banking transactions, access to all controls may be at risk. A separate login may help prevent fraudsters from gaining access to create sub users, providing a means to approve fraudulent transactions.
• The Super User should be the only user permitted to add sub users for the company. In order to maintain internal control, sub users should not be permitted to create additional sub users.
• Users should never access Business Online Banking (or any privileged or sensate computer system) from a public computer at a hotel/motel, library, coffee house, or other public wireless access point.
• Users should not enroll additional security to public computers.
• It is highly recommended that the company designate one computer in the office strictly for online banking transactions. This machine should not be utilized to browse the internet, check email or any other activity that could expose the computer to compromise.
• Determine which websites need to be made available to employees in order to conduct business activities. Consider blocking access to file sharing, social media and personal email sites.
• Determine who needs access to your banking systems and services and make sure the removal of access to those services is part of your employee exit process.
• Train everyone in the company on best practices in information security, not just financial personnel. Identify regular opportunities to routinely discuss security best practices such at staff meetings or other group check-ins.

Computer and Email Security

• Install and update your anti-virus and anti-malware software frequently. Most modern software updates automatically.
• Keep operating systems, browser and email patches up to date.
• Keep your web browser software up to date by installing the most recent version.
• Use well known network and desktop firewall solutions.
• Recommend that users sign off their computer when it is not in use.
• Do not click on links or attachments in an email that seems suspicious.
• Do not share confidential business information online. Emails and text messages are not secure and can be intercepted. When it is necessary to share information online, ensure that the website is secure.
• Consider using programs that scan emails for malicious content.
• Consider disabling CD, DVD and USB drives on all computers where these drives are not needed.
• Do not allow your employees to download unauthorized software or programs.

More business protection tips can be found at the National Cyber Security Alliance's Stay Safe Online Business Center.

Privacy Policy

Your privacy always comes first. Our privacy policy explains how we use your information and the options for limiting the sharing of your information.

Fraud Reporting

If you believe you have experienced fraud or your personal information has been compromised, please contact:

• Northrim Bank Call Center
• Any other financial institutions you have a relationship with
• All credit card companies you have accounts with
• The three major credit bureaus listed below to request that a fraud alert be placed on your credit report:
  • Equifax
    P.O. Box 740241
    Atlanta, GA 30374
    1-800-685-1111
  • Experian
    P.O. Box 2002
    Allen, TX 75013
    1-888-397-3742
  • TransUnion
    P.O. Box 1000
    Chester, PA 19022
    1-800-888-4213

The Federal Trade Commission (FTC) also investigates consumer fraud through the Bureau of Consumer Protection. You can forward unsolicited commercial email (spam), including phishing messages, directly to the FTC at spam@uce.gov.