Security and Privacy Center

Security Alerts

Learn about current scams, frauds and security breaches so you can take steps to protect yourself.

Paycheck Protection Program (PPP) Loan Scams

Nov. 24, 2020

Since the list of PPP recipients who received loans was ordered to be made publicly available by the government, chances for fraud increases dramatically. 

Be advised, Northrim works with our approved vendor, Abrigo, leveraging their platform named Sageworks, to process your applications and ensure your privacy. Please beware of fraud attempts that may look like sales messages or offers of PPP forgiveness process consolidation. Scammers may ask for personal information such as account numbers, Social Security numbers or dates of birth and other details about you or your employees. Northrim will never initiate contact with customers asking for this type of information. Please call Northrim at 800-478-2265 if you suspect malicious activity or have any questions.

Email Compromise Schemes

Aug. 28, 2020

Business Email Compromise/ Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. Transfer-of-funds requests can be initiated via Automated Clearing House (ACH) origination or wire transfer services. The scam is frequently carried out when a cyber-criminal compromises a legitimate email account through social engineering or computer intrusion to conduct unauthorized transfers of funds. Typical examples could be change of wire instructions for a real estate transaction or spoofed emails appearing to be from employees requesting a change to their direct deposit account.

Suggestions for protection:

• Always verbally verify wire instructions or direct deposit/ACH account changes or when dealing with a new beneficiary/payee
• Ensure the URL in emails is associated with the business it claims to be from
• Be alert to hyperlinks that may contain misspellings of the actual domain name
• Keep all software patches up to date on all systems and devices
• Verify the email address used to send emails, especially when using a mobile or handheld device by ensuring the senders name and/or email address match whom it is coming from.

What to do if you are a victim:
If funds are transferred to a fraudulent account, it is important to act quickly:

• Contact your financial institution immediately upon discovering the fraudulent transfer.
• Request that your financial institution contact the corresponding financial institution where the fraudulent transfer was sent.
• Contact your local Federal Bureau of Investigation (FBI) office if the transfer is recent. The FBI, working with other government agencies may be able to help return or freeze the funds.
• File a complaint, regardless of dollar loss, with the Internet Crime Complaint Center (IC3) at ic3.gov or, for Business Email Compromise/ Email Account Compromise victims visit bec.ic3.gov.

People Pay Text Message Scam

March 28, 2020

Northrim has received reports of customers receiving text messages from “Northrim Bank Fraud Alert” asking customers if they had recently initiated a People Pay transaction. When customers respond with "No," the scammers follow up with a phone call requesting the login and password for the customer’s online banking account. This is a scam and is not a text from Northrim Bank. Do not respond if you receive a similar text, phone call or email message.

The Northrim Security Team reminds customers that Northrim will never initiate contact with customers asking for this type of information. Please call Northrim at 800-478-2265 if you suspect malicious activity or have any questions.

FDIC: Insured Bank Deposits are Safe; Beware of Potential Scams Using the Agency's Name

March 18, 2020

WASHINGTON — In light of recent developments related to the coronavirus, the Federal Deposit Insurance Corporation (FDIC) is reminding Americans that FDIC-insured banks remain the safest place to keep their money. The FDIC is also warning consumers of recent scams where imposters are pretending to be agency representatives to perpetrate fraudulent schemes.

Since 1933, no depositor has ever lost a penny of FDIC-insured funds. Today, the FDIC insures up to $250,000 per depositor per FDIC-insured bank. An FDIC-insured account is the safest place for consumers to keep their money. Learn more about deposit insurance here. Some banks may have adjusted hours or services in compliance with Centers for Disease Control guidance on social distancing. Customers’ deposits remain safe in these banks, as does customer access to their funds. Banks continue to offer ATM, mobile, or online banking services, and many continue to provide services via drive-through windows.

FDIC's Electronic Deposit Insurance Estimator (EDIE) is a tool that can help consumers determine deposit insurance coverage based on accounts they may already have with a bank or accounts they are considering opening. The agency recommends using EDIE for questions about FDIC deposit insurance coverage.

During these unprecedented times consumers may receive false information regarding the security of their deposits or their ability to access cash. The FDIC does not send unsolicited correspondence asking for money or sensitive personal information. The agency will never contact people asking for personal details, such as bank account information, credit and debit card numbers, Social Security numbers, or passwords.

Consumers may also be contacted by persons who claim to be employed by an agency, bank, or another entity. These scams may involve a variety of communication channels, including emails, phone calls, letters, text messages, faxes, and social media. Scammers might also ask for personal information such as bank account numbers, Social Security numbers, dates of birth, and other details that can be used to commit fraud or sell a person's identity. Consumers should not provide this information.

Additional resources for consumers include:

• FDIC: Coronavirus (COVID-19) Information for Bankers and Consumers
• FDIC Consumer News: How FDIC Protects Customers – February article
• FDIC: Avoiding Scams: Sticking to the Basics Can Go a Long Way
• FDIC Tips for Small Businesses
• FDIC Tips for Reaching out to Creditors and Managing Debt
• FDIC Knowledge Center portal with access to Frequently Asked Questions

Consumers are also encouraged to contact the FDIC's Call Center at 1-877-ASK-FDIC (877-275-3342), Monday – Friday, 8 a.m. to 8 p.m. (ET), if they have any questions or believe they have been a victim of fraud or a scam.

Online Banking Security Guarantee

Keeping your financial and personal information secure and confidential is our top priority, and we know how important safe online banking and personal security are to you. That’s why we developed the Northrim Online Banking Security Guarantee – a program designed to protect you and your money against online fraud and losses.

Our Guarantee
We guarantee that you will be covered 100% against any unauthorized transactions through our Online Banking service when you comply with your responsibilities outlined below.

Your Responsibilities
To benefit from Northrim’s Online Banking Security Guarantee, you must:

• Never share your online banking login credentials or other personal account information with others (including your username, password and account number).
• Review your account statement regularly and promptly report incidents of unauthorized access or use by calling us within 60 calendar days of the unauthorized transaction first appearing on your statement.
• Take care to not leave your computer or other device unattended while using Northrim Online Banking. Once your banking is complete, log off and close your browser.

Other Terms and Conditions
The Northrim Online Banking Security Guarantee applies to Personal Online Banking customers only.

This Online Banking Security Guarantee does not apply to:

1. Small business, commercial or other non-personal accounts.
2. Transactions made by people with whom you shared your online banking login credentials or other personal account information. All transactions initiated by those with whom you shared information will be considered authorized by you, regardless of whether you intended those transactions to be made.
3. Transactions you fail to report as unauthorized within 60 days from the date of the first statement that reflects the unauthorized transaction. If you fail to report a loss or unauthorized transaction within 60 days, you may be responsible for this loss and all subsequent losses related to this loss.

All claims are subject to our investigation and verification. You must cooperate with our claims representatives and comply with our requests and procedures during the processing of your claim.

This guarantee supplements the terms of your Northrim Online Banking and Online Bill Pay agreement.

Understanding Fraud and Identity Theft

Understanding the different ways in which fraudsters attempt to victimize people via cyber threats will help you avoid becoming a victim. Stay informed on the latest fraud threats.

• Identity Theft. Identity theft occurs when someone uses your personal information, such as your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes. If you suspect that someone has used your information to open accounts with or conduct business at Northrim Bank without your knowledge or authorization, please contact our Call Center.
• Phishing. Phishing is a cyber threat by which fraudsters attempt to obtain personal or financial information (account or credit card numbers, Social Security numbers, passwords, or other sensitive information) through fraudulent emails, fake websites, text messages, or direct phone calls claiming to be a financial institution or another company. Northrim Bank will never contact you via phone or email to request your Online Banking login credentials. If you receive a suspicious message asking you to provide your login credentials or other personal information, you should decline and call our Call Center immediately.
• Malware. Malicious software, or “Malware,” includes viruses and spyware that can be installed on your computer, phone, or mobile device without your consent. Malware can be used to commit fraud, send spam, or even steal personal information. It can download itself during your Online Banking session in an attempt to steal your sensitive data. Be sure to have an up-to-date anti-virus and anti-malware software. As mobile devices have become more frequent targets of malware, there are now anti-malware programs available specifically for cell phones and other mobile devices.
• Social Media and Internet Fraud. Be careful about what you post personally and professionally – too much information can help scammers reach their goals. Phishing attempts and unsolicited requests don’t just happen via email. They can also arrive via social media.

As internet fraud is on the rise, be sure you always practice safe web browsing techniques, and be cautious about offers received online and through email. If you believe you are a victim of fraud or the recipient of suspicious communication, please contact our Call Center immediately and visit our fraud reporting information.

Take Action to Protect Yourself

Your safety and security is our number one priority. Below are best practices to help guard against unauthorized use of your account and protect your identity.

Computers, Mobile Devices and Email

• Never leave your computer or mobile device logged on or unattended in public.
• Always password protect and lock your computer or mobile device when not in use.
• Do not store financial or personal information on your computer or mobile device.
• Keep the operating system for your computer or mobile device up-to-date.
• Install and set your anti-virus and anti-malware software to update automatically.
• Do not click on links or attachments in an email that seems suspicious. 
• Never give out personal information to an unknown source via phone, email, online or text.
• Do not include personal or sensitive data in, or in response to, an email or other online communication.
• Use caution when logging into Online Banking from a public computer. Do not enroll additional security on public computers.

Passwords

• Always use secure passwords. A secure password consists of upper and lower case letters and numbers, and should not contain dictionary words, names or birthdates. Do not use your Social Security number (SSN), in full or in part, for a password or PIN.
• Do not use the same username or password on any other website or software.
• Never share your password with anyone.

Web Browsing

• Make sure to keep your web browser software up-to-date by installing the most recent version.
• Only allow pop-ups from sites that you authorize.
• Do not give out personal information to blogs, forums and other social networking sites.
• Only make online purchases using secure sites that encrypt your information. To determine if a site encrypts your information look for the locked padlock icon in the browser and "https:" in the address line.
• Never access a website from a link in a suspicious email.
• Access online banking sites by typing the address directly into the browser’s address bar.
• Sign off and close your browser when you finish an online or mobile banking session.

Credit Monitoring
Consider signing up for a credit monitoring service that notifies you when changes are posted to your credit report. This is one of the fastest ways to find out if someone has opened new accounts in your name.

To learn more about online security visit:

• FDIC Consumer Protection
• Consumer Financial Protection Bureau
• OnGuard Online

Take Action to Protect Your Business

You've worked hard to build your business, and at Northrim we're committed to providing you with the tools and safeguards needed to protect it. Staying alert is the best way to help protect your business from information theft and payment fraud. We recommend taking the following steps to protect your business.

Online Banking & User Security

• Never share user IDs, passwords, PIN numbers, dynamic tokens, etc. Do not leave them in an area that is not locked or secured.
• Always use secure passwords. A secure password consists of upper and lower case letters, numbers and special characters.
• Do not use the same login or password on any other website or software.
• Review account transactions daily and reconcile frequently.
• It is recommended that the “Super User” for Northrim Business Online Banking only use this access to create, maintenance and reset sub users. The Super User should have a separate login for conducting Business Banking transactions. In the event the Super User’s credentials are compromised while conducting Business Banking transactions, access to all controls may be at risk. A separate login may help prevent fraudsters from gaining access to create sub users, providing a means to approve fraudulent transactions.
• The Super User should be the only user permitted to add sub users for the company. In order to maintain internal control, sub users should not be permitted to create additional sub users.
• Users should never access Business Online Banking (or any privileged or sensitive computer system) from a public computer at a hotel/motel, library, coffee house, or other public wireless access point.
• Users should not enroll additional security to public computers.
• It is highly recommended that the company designate one computer in the office strictly for online banking transactions. This machine should not be utilized to browse the internet, check email or any other activity that could expose the computer to compromise.
• Determine which websites need to be made available to employees in order to conduct business activities. Consider blocking access to file sharing, social media and personal email sites.
• Determine who needs access to your banking systems and services and make sure the removal of access to those services is part of your employee exit process.
• Train everyone in the company on best practices in information security, not just financial personnel. Identify regular opportunities to routinely discuss security best practices such at staff meetings or other group check-ins.

Computer and Email Security

• Install and update your anti-virus and anti-malware software frequently. Most modern software updates automatically.
• Keep operating systems, browser and email patches up to date.
• Keep your web browser software up to date by installing the most recent version.
• Use well known network and desktop firewall solutions.
• Recommend that users sign off their computer when it is not in use.
• Do not click on links or attachments in an email that seems suspicious.
• Do not share confidential business information online. Emails and text messages are not secure and can be intercepted. When it is necessary to share information online, ensure that the website is secure.
• Consider using programs that scan emails for malicious content.
• Consider disabling CD, DVD and USB drives on all computers where these drives are not needed.
• Do not allow your employees to download unauthorized software or programs.

More business protection tips can be found at the National Cyber Security Alliance's Stay Safe Online Business Center.

Privacy Policy

Your privacy always comes first. Our privacy policy explains how we use your information and the options for limiting the sharing of your information.

Fraud Reporting

If you believe you have experienced fraud or your personal information has been compromised, please contact:

• Northrim Bank Call Center
• Any other financial institutions you have a relationship with
• All credit card companies you have accounts with
• The three major credit bureaus listed below to request that a fraud alert be placed on your credit report:
  • Equifax
    P.O. Box 740241
    Atlanta, GA 30374
    1-800-685-1111
  • Experian
    P.O. Box 2002
    Allen, TX 75013
    1-888-397-3742
  • TransUnion
    P.O. Box 1000
    Chester, PA 19022
    1-800-888-4213

The Federal Trade Commission (FTC) also investigates consumer fraud through the Bureau of Consumer Protection. You can forward unsolicited commercial email (spam), including phishing messages, directly to the FTC at spam@uce.gov.