Chain Bridge Bank is dedicated to protecting your confidential information. As part of that effort, we maintain this page with current security alerts. Here, we pass on to you any alerts that we receive about ongoing scams, so you can be proactive in defending yourself from criminals. Professional data thieves target both institutions and individuals, so it is always important to remain vigilant and to treat requests for your information very carefully. Please check back from time to time for new alerts and warnings.
Chain Bridge Bank does not solicit information (Social Security Number, account numbers, credit card numbers, passwords, etc) by means of email. If you receive an email requesting confidential information from someone claiming to represent Chain Bridge Bank, do not respond to the email. Please call any one of our representatives to report any solicitation of this kind that you receive.
Many of the alerts you will find on this page come from the FBI's 'New E-Scams & Warnings' page. It is an excellent resource for keeping up with the most recent online threats.
Neiman Marcus and Michael's Report Payment Card Breach (January 29, 2014)
Two additional retailers, Neiman Marcus and Michaels, have reported payment card data compromises. You can go to the websites of Neiman Marcus and Michael's to view information that specifically addresses concerns for customers who may have been affected by the data breaches.
What should I do?
Regularly check your account for unusual debit card or ACH activity. If you notice anything out of the ordinary report it immediately by calling the Bank at 703-748-2005. Chain Bridge Bank online banking also offers email and text alert notifications to help you keep track of activity on your account. Sign into your online banking to set up your alert preferences.
Do not respond to any emails or phone calls that ask you to provide personal information. Do not open links that may be included in these emails as that could potentially allow additional access to your personal information. Be mindful of how you share your personal information.
How is the Bank helping to protect my information?
Upon notification by MasterCard of any customers affected, Chain Bridge Bank personnel will contact the customer directly to arrange for a replacement card. If our account or card fraud monitoring systems pick up any suspicious activity a Bank employee will contact you to review the transactions in question and close the compromised account.
As a reminder, whether you are affected or not, stay vigilant and regularly check your account for unusual activity and report it at once by calling the Bank at 703-748-2005.
Target Department Store Breach (December 18, 2013)
On December 18, 2013 Target Department Store announced that its payment card data had been compromised. Target has added information on their website to specifically address concerns from their customers who may have been affected by the data breach that occurred in their U.S. stores between November 27th and December 15th. Target offers more answers to customer questions and concerns on their website. You can view their website by clicking here.
Upon notification by MasterCard of any customers affected, Chain Bridge Bank personnel will contact the customer directly to arrange for a replacement card. Do not respond to any emails that appear to be from Target notifying you that your card has been compromised. Do not provide personal information to anyone you are not sure of. Do not open any links that may be included in these e-mails as that could potentially allow additional access to your personal information.
Target Red Cards have also been affected. For questions on a Red Card, please call Target:
• In U.S. call: 1-888-755-5856
• From outside the U.S. call Collect: 1-612-307-8622
As a reminder, whether you are affected or not, regularly check your account for unusual debit card or ACH activity and report it at once by calling the Bank at 703-748-2005.
Popular Windows downloader has secret DDoS capability (August 23, 2013)
Unbeknownst to its users and perhaps even to its developers, the popular Windows download manager Orbit Downloader has been outfitted with a DDoS component. (more)
Ransomware Purporting to be from the FBI is Targeting OS X Mac Users (July 18, 2013)
In May 2012, the Internet Crime Complaint Center posted an alert about the Citadel malware platform used to deliver ransomware known as Reveton. The ransomware directs victims to a drive-by download website, at which time it is installed on their computers. Ransomware is used to intimidate victims into paying a fine to “unlock” their computers. Paying the fine does nothing to solve the problem with the computer; do not follow the ransomware instructions. The ransomware has been called “FBI Ransomware” because it uses the FBI’s name.
Facebook virus "Zeus" resurfaces (June 06, 2013)
The Facebook virus "Zeus" has resurfaced recently and it affects online banking in particular. The virus is placed on your computer mostly through clicking links that appear to be sent by a Facebook friend. The virus lays dormant on your PC until an online banking site is opened. It then replaces the the online banking interface with a phishing website which copies your log in credentials and uses it to empty your bank account. Please be aware of suspicious links sent to you on Facebook and always use caution when clicking links sent through social networking websites. (more)
Cyber Criminals Using Photo-Sharing Programs to Compromise Computers (May 30, 2013)
The FBI has seen an increase in cyber criminals who use online photo-sharing programs to perpetrate scams and harm victims’ computers. These criminals advertise vehicles online but will not provide pictures in the advertisement. They will send photos on request. Sometimes the photo is a single file sent as an e-mail attachment, and sometimes the victim receives a link to an online photo gallery.
The photos can and often contain malicious software that infects the victim’s computer, directing the user to fake websites that look nearly identical to the real sites where the original advertisement was seen. The cyber criminals run all aspects of these fake websites, including “tech support” or “live chat support” and any “recommended” escrow services. After the victim agrees to purchase the item and makes the payment, the criminals stop responding to correspondence. The victims never receive any merchandise. (more)
E-Mail Claiming to Be From the FDIC (January 30, 2013)
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the FDIC.
While the e-mails exhibit variations in the "From" and "Subject" lines, the messages are similar.
The fraudulent e-mails are addressed to the attention of the “Accounting Department” and meant to notify recipients that that that “ACH and WIRE transactions” are being blocked until “a special security software” is installed.
They then instruct recipients to go to a Web site for instructions on how to download the necessary files by clicking on a hyper-link provided (Note: the Web site addresses (URL) vary widely).
This e-mail and link are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not click on the link provided.
The FDIC does not issue unsolicited e-mails to consumers or business account holders.
Better Business Bureau Issues Warning About Utility Bill Payment Scam (July 5, 2012)
The BBB has issued a nationwide warning about a new scam claiming that President Obama will pay your utility bills through a new federal program.
Consumers have been contacted through telephone calls, fliers, social media, text messages, and word-of-mouth with claims that the federal government is providing credits or applying payments to utility bills. To receive the money, scammers claim they need the consumer's Social Security and bank routing number and/or account number. In return, customers are given a fraudulent bank routing number to use when paying their utility bills through an automated service.
Citadel Malware Delivers Reveton Ransomware in Attempts to Extort Money (May 30, 2012)
The IC3 has been made aware of a new Citadel malware platform used to deliver ransomware, named Reveton. The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States federal law. The message further declares the user’s IP address was identified by the Computer Crime & Intellectual Property Section as visiting child pornography and other illegal content.
To unlock the computer, the user is instructed to pay a $100 fine to the U.S. Department of Justice using prepaid money card services. The geographic location of the user’s IP address determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.
This is an attempt to extort money with the additional possibility of the victim’s computer being used to participate in online bank fraud. If you have received this or something similar, do not follow payment instructions.
It is suggested that you:
- Contact your banking institutions.
- File a complaint at www.ic3.gov
Malware Installed on Travelers’ Laptops Through Software Updates on Hotel Internet Connections (May 9, 2012)
Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.
E-mail Claiming to Be From the FDIC (April 10, 2012)
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the Publishers Clearing House that make reference to the FDIC. The e-mails inform the recipient that he or she is the winner of a large cash prize and instructs themto obtain a “Check Insurance Certificate from FDIC.” The e-mails state the FDIC will be “requesting a fee of $1,000.00” to provide the “Check Insurance Certificate.” The e-mails state that the recipient is to write to the FDIC via e-mail for instructions on how to send the requested fee. A fraudulent phone number and e-mail address are provided..
The FDIC does not issue anything called a “Check Insurance Certificates.” These e-mails are fraudulent and were not sent by Publishers Clearing House or the FDIC. Recipients should consider the intent of these e-mails as an attempt to steal money or collect personal or confidential informationfrom the recipient. Recipients should NOT, under any circumstances, send funds as requested or provide any personal financial information through this media.
Security Breach at Credit Card Processor Global Payments (April 2, 2012)
On March 30, it was reported that Global Payments, Inc., a large debit/credit card merchant processor, experienced a security breach in which credit and debit card account numbers were stolen. According to Global, no personal information, such as name, address, or social security number information, was taken. To date, Global has reported that no fraudulent activity has occurred on the compromised cards.
Chain Bridge Bank’s processor will notify us if any of our customers’ cards have been compromised. If your card is one of those affected, we will notify you, close the affected card, and replace it with a new one. We also have a fraud service that monitors your account for suspicious activity. In the event of a potential problem, you will be contacted to verify the legitimacy of the transaction.
Some tips you can take to keep your account safe:
- Check your account as often as possible to ensure that all debit card activity is legitimate. Should you find a questionable transaction on your account, contact the merchant for clarification or contact us directly at 703-748-2005 or firstname.lastname@example.org.
- If your card gets lost or stolen, call 866-546-8273 immediately so that the card can be shut down right away.
- Keep your debit card in a safe place and be alert when using it, especially at ATMs and gas stations where small skimming devices are often installed.
- Safeguard your PIN and do not share it with others.
FBI Alert: Malware Targets Bank Accounts - ‘Gameover’ Delivered Via Phishing E-Mails (January 6, 2012)
Cyber criminals have found yet another way to steal your hard-earned money: a recent phishing scheme involves spam e-mails—purportedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC)—that can infect recipients’ computers with malware and allow access to their bank accounts. (more)
OCC Alert: Masquerading Web site: Helpwithmybank.com (November 17, 2011)
The Office of the Comptroller of the Currency (OCC) has been informed that the above-mentioned Web site, “helpwithmybank.com,” is attempting to masquerade as the legitimate Web site, “helpwithmybank.gov,” and contains potentially damaging malware. The illegitimate site redirects the user to the legitimate site “helpwithmybank.gov” in an attempt to convince users that they are connecting to a legitimate site. Attempts to connect to the fake Web site could expose the user to harmful malware.
ABA Warns Bankers About Fraudulent E-Mail (June 7, 2011)
ABA’s name is being used in a new phishing e-mail, the association learned yesterday. The e-mail informs recipients that the ABA eLearning portal database has been compromised and instructs recipients to reset their user name and password using an enclosed link. (more)
Fraudulent E-Mails Claiming to Be From the FDIC (June 6, 2011)
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC. (more)
NACHA Phishing Alert (April 25, 2011)
NACHA — The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address “email@example.com.” (more)