We’re everywhere your mobile device is ™

Security Alerts

Chain Bridge Bank is dedicated to protecting your confidential information.  As part of that effort, we maintain this page with current security alerts.  Here, we pass on to you any alerts that we receive about ongoing scams, so you can be proactive in defending yourself from criminals.  Professional data thieves target both institutions and individuals, so it is always important to remain vigilant and to treat requests for your information very carefully.  Please check back from time to time for new alerts and warnings.

 

Chain Bridge Bank does not solicit information (Social Security Number, account numbers, credit card numbers, passwords, etc) by means of email. If you receive an email requesting confidential information from someone claiming to represent Chain Bridge Bank, do not respond to the email. Please call any one of our representatives to report any solicitation of this kind that you receive.

 

Many of the alerts you will find on this page come from the FBI's 'New E-Scams & Warnings' page.  It is an excellent resource for keeping up with the most recent online threats.

 


P.F. Chang's Investigates Possible Data Breach (June 12th, 2014)

P.F. Chang's China Bistro is reportedly investigating a possible data breach in which credit and debit card data may have been compromised across locations nationwide. The first report of this incident came from security blogger Brian Krebs who noted that thousands of fresh credit cards appeared on a carding site used to sell payment data (including those from the Target department store breach.) Card data theft of this manner is usually performed by planting malicious software into cash registers at retail locations. 

Chain Bridge Bank will contact any affected customers and will replace payment cards for those affected. If you have any questions please contact us at customerservice@chainbridgebank.com  or call us at (703) 748-2005.

 


Microsoft Patches Security Vulnerability in Internet Explorer (May 1st, 2014)

Microsoft has recently announced the discovery of a security vulnerability affecting Internet Explorer versions 6 through 11. It was advised that all users avoid using Internet Explorer until a solution was developed. At 10 a.m. this morning Microsoft issued a patch that fixes the vulnerability across all versions of Internet Explorer, including browsers that are still running on the now unsupported Windows XP. If you do not have automatic updates enabled on your system, please make sure you perform the most recent Windows Update in order for this vulnerability to be patched. If you are unsure of how to access Windows Update please click here.

If you have any questions please contact us at customerservice@chainbridgebank.com  or call us at (703) 748-2005.

 


Michael's Confirms Data Breach (April 23, 2014)

Michael's, the arts and crafts retailer, has confirmed that they encountered a data breach which has compromised 3 million payment cards. Please click here for a letter from their CEO. Also, click here for a list of compromised Michael's locations and dates, and here for a list of other Aaron Brothers stores that were affected. Michael's is also offering a year's worth of free credit monitoring for affected customers.

Chain Bridge Bank will contact any affected customers and will replace payment cards for those affected. If you have any questions please contact us at customerservice@chainbridgebank.com  or call us at (703) 748-2005.

 


Information on the Heartbleed Bug (April 15, 2014)

By now you've probably heard about "Heartbleed" in the news.  We want you to know that Chain Bridge Bank's online banking platform is not affected by the Heartbleed bug.  Heartbleed is a vulnerability in the popular OpenSSL encryption software.  Chain Bridge Bank's online banking platform does not use OpenSSL and is not vulnerable to Heartbleed.

Chain Bridge Bank is committed to providing a secure technological environment for our clients.  To that end, we recommend that you update your password on a regular basis and never share passwords across multiple websites.

We continuously monitor our sites for security and take appropriate measures to protect your sensitive information.  Frequently Asked Questions about the Heartbleed bug are provided below.

Frequently Asked Questions about the Heartbleed Bug:

What is the Heartbleed Bug?
Heartbleed is a flaw in the programming on secure websites that could put your personal information at risk, including passwords, credit card information and e-mails.  The Heartbleed Bug is a defect in OpenSSL encryption technology used by many Web servers to secure users' personal or financial information.  Chain Bridge Bank's online banking platform does not use OpenSSL and is not vulnerable to Heartbleed.

Am I affected?
Although online banking with Chain Bridge Bank is safe, if you are an active user of the internet, you might have been exposed to this vulnerability.  Many popular websites - including Facebook, retail and even government sites - use the OpenSSL software.  It is unknown whether any criminals have actually exploited the bug, and several major sites, like Amazon, have already installed patches.  Many sites with an address beginning with "https" are vulnerable until the website operator fixes the bug and users change their passwords.

Is my bank account safe?
Yes, your online banking access with Chain Bridge Bank is safe.  As always, let us know immediately if you suspect any unusual activity.
We use different systems to protect your personal information including rigorous security standards, encryption, and fraud detection software.

What can I do?
We recommend that you change your online passwords and continue to follow online security best practices which include the following:

• Update your passwords on a regular basis and make sure you use different passwords on each and every website including email, retail, banking, and other sites.  That way, if your password is stolen on one site, it will not impact other sites you may use.

• Monitor your account regularly and report suspicious transactions to the bank immediately.

• Beware of phishing scams - or e-mails with malicious links - that will attempt to get personal information from you.

• Do not open attachments or click on links that are not trusted.

• If you receive an email requesting personal information, do not provide this information without independently verifying the sender and recipient of the message.  Chain Bridge Bank will never send you an email requesting personal information.

If you have any questions about online banking with Chain Bridge Bank, please contact us at customerservice@chainbridgebank.com  or call us at 703-748-2005.


Neiman Marcus and Michael's Report Payment Card Breach (January 29, 2014)

Two additional retailers, Neiman Marcus and Michaels, have reported payment card data compromises.  You can go to the websites of Neiman Marcus and Michael's to view information that specifically addresses concerns for customers who may have been affected by the data breaches.

What should I do?

Regularly check your account for unusual debit card or ACH activity.  If you notice anything out of the ordinary report it immediately by calling the Bank at 703-748-2005.  Chain Bridge Bank online banking also offers email and text alert notifications to help you keep track of activity on your account.  Sign into your online banking to set up your alert preferences.

Do not respond to any emails or phone calls that ask you to provide personal information.  Do not open links that may be included in these emails as that could potentially allow additional access to your personal information.  Be mindful of how you share your personal information.

How is the Bank helping to protect my information?

Upon notification by MasterCard of any customers affected, Chain Bridge Bank personnel will contact the customer directly to arrange for a replacement card.  If our account or card fraud monitoring systems pick up any suspicious activity a Bank employee will contact you to review the transactions in question and close the compromised account.

As a reminder, whether you are affected or not, stay vigilant and regularly check your account for unusual activity and report it at once by calling the Bank at 703-748-2005.


Target Department Store Breach (December 18, 2013)

On December 18, 2013 Target Department Store announced that its payment card data had been compromised. Target has added information on their website to specifically address concerns from their customers who may have been affected by the data breach that occurred in their U.S. stores between November 27th and December 15th. Target offers more answers to customer questions and concerns on their website. You can view their website by clicking here

 

Upon notification by MasterCard of any customers affected, Chain Bridge Bank personnel will contact the customer directly to arrange for a replacement card. Do not respond to any emails that appear to be from Target notifying you that your card has been compromised. Do not provide personal information to anyone you are not sure of. Do not open any links that may be included in these e-mails as that could potentially allow additional access to your personal information.

Target Red Cards have also been affected. For questions on a Red Card, please call Target:

• In U.S. call: 1-888-755-5856

• From outside the U.S. call Collect: 1-612-307-8622

 

As a reminder, whether you are affected or not, regularly check your account for unusual debit card or ACH activity and report it at once by calling the Bank at 703-748-2005.


Popular Windows downloader has secret DDoS capability (August 23, 2013)

 

Unbeknownst to its users and perhaps even to its developers, the popular Windows download manager Orbit Downloader has been outfitted with a DDoS component. (more)

 


Ransomware Purporting to be from the FBI is Targeting OS X Mac Users (July 18, 2013)

 

In May 2012, the Internet Crime Complaint Center posted an alert about the Citadel malware platform used to deliver ransomware known as Reveton. The ransomware directs victims to a drive-by download website, at which time it is installed on their computers. Ransomware is used to intimidate victims into paying a fine to “unlock” their computers. Paying the fine does nothing to solve the problem with the computer; do not follow the ransomware instructions. The ransomware has been called “FBI Ransomware” because it uses the FBI’s name.

 

The newest version of ransomware targets OS X Mac users. This new version is not malware; it appears as a webpage that uses JavaScript to load numerous iframes (browser windows) and requires victims to close each iframe. The cyber criminals anticipate victims will pay the requested ransom before realizing all iframes need to be closed. (more)

 


 

Facebook virus "Zeus" resurfaces (June 06, 2013)

 

The Facebook virus "Zeus" has resurfaced recently and it affects online banking in particular. The virus is placed on your computer mostly through clicking links that appear to be sent by a Facebook friend. The virus lays dormant on your PC until an online banking site is opened. It then replaces the the online banking interface with a phishing website which copies your log in credentials and uses it to empty your bank account. Please be aware of suspicious links sent to you on Facebook and always use caution when clicking links sent through social networking websites. (more)

 


 

Cyber Criminals Using Photo-Sharing Programs to Compromise Computers (May 30, 2013)

 

The FBI has seen an increase in cyber criminals who use online photo-sharing programs to perpetrate scams and harm victims’ computers. These criminals advertise vehicles online but will not provide pictures in the advertisement. They will send photos on request. Sometimes the photo is a single file sent as an e-mail attachment, and sometimes the victim receives a link to an online photo gallery.

 

The photos can and often contain malicious software that infects the victim’s computer, directing the user to fake websites that look nearly identical to the real sites where the original advertisement was seen. The cyber criminals run all aspects of these fake websites, including “tech support” or “live chat support” and any “recommended” escrow services. After the victim agrees to purchase the item and makes the payment, the criminals stop responding to correspondence. The victims never receive any merchandise. (more)

 

 


 

E-Mail Claiming to Be From the FDIC (January 30, 2013)

 

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the FDIC.

 

While the e-mails exhibit variations in the "From" and "Subject" lines, the messages are similar.

 

The fraudulent e-mails are addressed to the attention of the “Accounting Department” and meant to notify recipients that that that “ACH and WIRE transactions” are being blocked until “a special security software” is installed.

 

They then instruct recipients to go to a Web site for instructions on how to download the necessary files by clicking on a hyper-link provided (Note: the Web site addresses (URL) vary widely).

 

This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided.

 

The FDIC does not issue unsolicited e-mails to consumers or business account holders.

 

 


 

Better Business Bureau Issues Warning About Utility Bill Payment Scam (July 5, 2012)

 

The BBB has issued a nationwide warning about a new scam claiming that President Obama will pay your utility bills through a new federal program.

 

Consumers have been contacted through telephone calls, fliers, social media, text messages, and word-of-mouth with claims that the federal government is providing credits or applying payments to utility bills. To receive the money, scammers claim they need the consumer's Social Security and bank routing number and/or account number. In return, customers are given a fraudulent bank routing number to use when paying their utility bills through an automated service.

 (more)

 


Citadel Malware Delivers Reveton Ransomware in Attempts to Extort Money (May 30, 2012)

The IC3 has been made aware of a new Citadel malware platform used to deliver ransomware, named Reveton. The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States federal law. The message further declares the user’s IP address was identified by the Computer Crime & Intellectual Property Section as visiting child pornography and other illegal content.

 

To unlock the computer, the user is instructed to pay a $100 fine to the U.S. Department of Justice using prepaid money card services. The geographic location of the user’s IP address determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

 

This is an attempt to extort money with the additional possibility of the victim’s computer being used to participate in online bank fraud. If you have received this or something similar, do not follow payment instructions.

 

It is suggested that you:

 

  • Contact your banking institutions.
  • File a complaint at www.ic3.gov

  

Malware Installed on Travelers’ Laptops Through Software Updates on Hotel Internet Connections (May 9, 2012)

Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.

(more)

 


E-mail Claiming to Be From the FDIC (April 10, 2012)

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the Publishers Clearing House that make reference to the FDIC. The e-mails inform the recipient that he or she is the winner of a large cash prize and instructs themto obtain a “Check Insurance Certificate from FDIC.” The e-mails state the FDIC will be “requesting a fee of $1,000.00” to provide the “Check Insurance Certificate.” The e-mails state that the recipient is to write to the FDIC via e-mail for instructions on how to send the requested fee. A fraudulent phone number and e-mail address are provided..
 

The FDIC does not issue anything called a “Check Insurance Certificates.” These e-mails are fraudulent and were not sent by Publishers Clearing House or the FDIC. Recipients should consider the intent of these e-mails as an attempt to steal money or collect personal or confidential informationfrom the recipient. Recipients should NOT, under any circumstances, send funds as requested or provide any personal financial information through this media.
 


Security Breach at Credit Card Processor Global Payments (April 2, 2012)

On March 30, it was reported that Global Payments, Inc., a large debit/credit card merchant processor, experienced a security breach in which credit and debit card account numbers were stolen. According to Global, no personal information, such as name, address, or social security number information, was taken. To date, Global has reported that no fraudulent activity has occurred on the compromised cards.
 

Chain Bridge Bank’s processor will notify us if any of our customers’ cards have been compromised. If your card is one of those affected, we will notify you, close the affected card, and replace it with a new one. We also have a fraud service that monitors your account for suspicious activity. In the event of a potential problem, you will be contacted to verify the legitimacy of the transaction. 
 

Some tips you can take to keep your account safe: 
 

  • Check your account as often as possible to ensure that all debit card activity is legitimate. Should you find a questionable transaction on your account, contact the merchant for clarification or contact us directly at 703-748-2005 or customerservice@chainbridgebank.com.
  • If your card gets lost or stolen, call 866-546-8273 immediately so that the card can be shut down right away.
  • Keep your debit card in a safe place and be alert when using it, especially at ATMs and gas stations where small skimming devices are often installed.
  • Safeguard your PIN and do not share it with others.

 


FBI Alert: Malware Targets Bank Accounts - ‘Gameover’ Delivered Via Phishing E-Mails  (January 6, 2012)

Cyber criminals have found yet another way to steal your hard-earned money: a recent phishing scheme involves spam e-mails—purportedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC)—that can infect recipients’ computers with malware and allow access to their bank accounts. (more)


OCC Alert: Masquerading Web site: Helpwithmybank.com  (November 17, 2011)

The Office of the Comptroller of the Currency (OCC) has been informed that the above-mentioned Web site, “helpwithmybank.com,” is attempting to masquerade as the legitimate Web site, “helpwithmybank.gov,” and contains potentially damaging malware. The illegitimate site redirects the user to the legitimate site “helpwithmybank.gov” in an attempt to convince users that they are connecting to a legitimate site. Attempts to connect to the fake Web site could expose the user to harmful malware.

 


ABA Warns Bankers About Fraudulent E-Mail  (June 7, 2011)

ABA’s name is being used in a new phishing e-mail, the association learned yesterday. The e-mail informs recipients that the ABA eLearning portal database has been compromised and instructs recipients to reset their user name and password using an enclosed link.  (more)

 


Fraudulent E-Mails Claiming to Be From the FDIC (June 6, 2011)

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.  (more

 


 

NACHA Phishing Alert (April 25, 2011)

NACHA — The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address “payments@nacha.org.” (more)

Switch to our bank

switch-kit logo

Transfer from your old bank to Chain Bridge Bank.

Learn More »
FDIC insurance

Click here for important disclosures and more information regarding FDIC insurance.

Learn More »

International Services

Need world currency?  Want to send funds overseas?

Learn More »