Northrim Bank
Achieve More
  • Personal Banking
  • Business Banking
  • About Northrim
  • Contact Us

Security Alerts

SpearPhishing Attacks

May 29, 2015

In the last two weeks there has been an increase in the number and sophistication of “SpearPhishing” attacks. SpearPhishing is like Phishing in that criminals attempt to use e-mail, phone calls, and text messages to gain unauthorized access; however, SpearPhishing targets mission-critical personnel like business owners, controllers, accountants, and persons with approval authority. Criminals using SpearPhishing techniques will often combine information derived from insecure personal e-mail, Facebook pages, and publicly available corporate records to build shockingly convincing backstories and manipulative requests. Here is a real-world example of a recent SpearPhishing attack:

A controller gets an email that appears to be from the CEO.
“Julie, Happy Birthday in advance! The conference is going well. Very busy. Lots of meetings. I hate to do this to you in light of how hard you're working, but we are about to announce a very large acquisition at the conference, and as a publicly traded company I had to keep this under wraps until the very last minute. James Stockton will be calling you this morning to arrange a wire transfer of $1.2MM for the earnest money. Another $5.6MM will need to be wired in the next 30 days. James has all the wire information and and can walk you through any issues – he’s a good guy. Consider this my written approval for final authorization of payment. I'm sorry I couldn't bring you in sooner, but we’ll talk more when I return this weekend - I'll be out of pocket all day today, so I’ll try to call before noon or after 4:00p tomorrow to make sure the wire went out before 3:00p your time today. Please do not share this with anyone as we need to maintain strict confidentiality until the announcement tomorrow at 3:00p EST. I know I don't say it enough, but thanks for all you do.

In the above example, the attacker was able to get Julie’s birthday and Bob’s travel plans from their Facebook pages. The attacker researched the company well enough to know that a surprise acquisition was plausible and that as a publicly traded company secrecy would prevent the questioning of orders and add validity to any directions to keep this compartmentalized. The attacker added a tone of authority and reassurance that this was an official request. Finally, the attacker complimented and acknowledged Julie’s efforts to make her more willing to comply. Unlike most Phishing attacks there are very few spelling and grammar mistakes.

This scenario resembled a recent real attack against a corporate controller working at one of the largest financial technology providers in the country. Similar attacks have targeted local Alaskan Native Corporations, financial institutions, and small businesses. Please be on the lookout for this new and highly effective form of social engineering. Here are some tips to help you reduce the risk of getting SpearPhished:

  • Block public access to your Facebook page, do not post travel itineraries, personal details that could be used to fabricate a story, or work-related activities to social media sites.
  • If an e-mail or text looks suspicions, don't be afraid to question its authenticity.
  • Be on the lookout for new or slightly off e-mail addresses such as (with a capital i) instead of (with a lower-case l) coming from a different e-mail domain.
  • If in doubt about a directive or request, stop, pick up the phone, and get verbal confirmation.
  • Ensure your mission-critical personnel understand what Phishing and SpearPhishing are, and how to minimize their risk of being compromised.
  • See our Information Security Best Practices for more information.

Of course, if you have any questions, or would like to schedule a complimentary information security briefing for you and your staff, please contact our Customer Service Center.

Northrim cares about your security and privacy, thank you for helping us protect your data.

Business Wire Transfer Scam

January 27, 2015

The FBI has issued an alert about a fraud scam known as "Business E-mail Compromise" targeting businesses that regularly make wire transfers to foreign companies. The victims of the latest scam include businesses of all sizes that purchase or supply a variety of goods, such as textiles, furniture, food and pharmaceuticals, the FBI says. Fraudsters will typically monitor and study their selected victims before initiating the scam.

In one version of the scam, a business that has a longstanding relationship with a supplier is asked to wire funds for invoice payment to an alternate, fraudulent account, the FBI says. The request is often made by telephone or e-mail. If an e-mail is received, the subject will spoof the e-mail request so it appears similar to a legitimate supplier's account and would take close scrutiny to determine it was fraudulent, according to the FBI.

Another version involves the compromise of e-mail accounts of high-level business executives, such as CFOs or CTOs. The account may be spoofed or hacked, and a request is then made for a wire transfer from the compromised account to a second employee within the company responsible for processing such requests, the FBI says. In some cases, a wire transfer from the compromised account is sent directly to a financial institution with instructions to urgently send funds to another bank.

A third version of the scam starts with an employee's e-mail account getting hacked. Once compromised, the fraudster will send requests to various vendors identified from the employee's contact list for invoice payments to fraudster-controlled bank accounts.

The best way for organizations to repel these types of attacks is to launch anti-virus programs and deliver education to the workforce about security best practices. To learn more about how to reduce your technology risk, please read our Online Security tips below. 

Computer Remote Access Fraud

December 2, 2014

We have heard reports of a new type of computer malware that presents itself as a system message stating that a critical error has been detected and requests that the user call a 1-800 number. When the person calls the phone number, someone asks to gain remote access to the computer to “fix” the issue. Once given remote access, the fraudster has access to everything on the computer putting all sensitive information at risk. If you receive this message please do contact the phone number. If you have already called the phone number and allowed remote access please contact our Customer Service Center immediately at 562-0062.

To learn more about how to reduce your technology risk this holiday seasons, please read our Online Security tips below. 

Home Depot Security Breach

September 29, 2014

Northrim is aware that Home Depot is investigating the theft of credit and debit card data from its stores. Initial investigation shows there is potential risk for transactions completed April 30 through August 24. Whether or not you have recently used your card at Home Depot, it is always a good practice to actively monitor your accounts and report any suspicious activity right away. We are currently working to determine which cards were affected and will be contacting those customers directly. Please read our FAQs below for more details and click here for the most recent information and resources direct from Home Depot.

Remember to always immediately report any unfamiliar charges to our Customer Service Center.

Home Depot Card Breach FAQs

  • How can I find out whether my card was affected?
    At this time, there is no need for customers to call Northrim. If fraudulent activity is detected on your account, Northrim will contact you.
  • Should I reset my PIN?
    The investigation is open and has not confirmed whether PIN information was compromised. It is good practice to reset your card’s PIN periodically. Update your PIN at any Northrim branch or ATM location.
  • Should I cancel my card?
    There is no need to cancel your card. Northrim Bank monitors accounts for suspicious activity and will notify affected customers.
  • What should I do if I see suspicious charges on my account?
    Monitor your account(s) through Online Banking and review your monthly statements carefully. You should notify Northrim promptly if you see any unauthorized activity.
  • If my card has been breached, will Northrim Bank reissue my card?
    Northrim has a highly sophisticated fraud detection system that is constantly monitoring account activity. If we determine your account is at risk, we will notify you and reissue your card(s). 

Fraudulent Email Regarding Incoming Money Transfer

August 18, 2014

Northrim has received reports of fraudulent emails regarding an incoming money transfer. The email indicates that a money transfer has been received and instructs the recipient to review the attached file for transaction details. This email is fraudulent. The attachmed message is a zip file containing a malicious executable file that looks like a PDF document and infects the user's computer with malware. DO NOT open any attachments in the email. If you received this fraudulent email, please delete it immediately. If you downloaded or opened the attachment in the email, please contact our Customer Service Center immediately at 562-0062 or toll free at 800-478-2265. See a sample of the fraudulent email below. 

For more information on online security, please read the Online Security section below.

= = = = = = = Sample Email = = = = = = =

Incoming Transactions Report

An incoming money transfer has been received by your financial institution and the funds deposited to account.

Initiated By: Fiserv Inc.

Initiated Date & Time: Fri, 15 Aug 2014 23:00:11 +0700

Batch ID: 976

Please view the attached file to review the transaction details. 

= = = = = = = = = = = = = = = = = = = = = =

Svpeng and Dyreza Malware

June 18, 2014

Svpeng and Dyreza have recently emerged as mobile banking and web browser vulnerabilities. Although Northrim has not been affected by these malwares, we recommend our customers employ best practices to proactively mitigate risk. To learn more about how to reduce technology risk please read our Online Security tips below.

What is Svpeng?
Svpeng is a new malicious malware for Android devices. Svpeng searches for specific mobile banking apps on the device, then locks the device and demands money to unlock it. Svpeng breaks into a mobile device through a social engineering campaign using text messages.

What is Dyreza?
Dyreza or “Dyre” is a new family of banking malware that redirects the traffic to malicious servers, while end users think they have a secure connection with their legitimate online banking site. Dyreza is spread through spam e-mail messages such as "Your FED TAX payment ID [random number]" and "RE: Invoice #[random number].” These messages contain a “.zip” file often hosted on legitimate domains, to minimize suspicion.

If you have questions or concerns, please contact our Customer Service Center.


Online Security — Avoid email and internet scams

If you use email and the internet, your information could be at risk. In 2008, more than 275,000 complaints of internet crime were reported to the Internet Crime Complaint Center, a partnership between the National White Collar Crime Center and the FBI. Alaska had the highest per-capita rate of complaints in the U.S., with three times as many complaints per capita as the next highest state.

Northrim Bank has invested in making our online banking services secure and reliable; however, your online banking is only as secure as the computer you use to access it.

How to protect your computer systems and data


  1. Make sure your computer software is up to date. This includes Operating System (Windows, Linux, or Mac), applications (Office, Internet Explorer, Safari) and plug-ins (Flash, Java, Windows Media). Most major software distributers have automatic updates that will keep your system protected.
  2. Install, and regularly update, reputable antivirus and anti-spyware software. Schedule your antivirus software to update automatically. Be wary of free antivirus software and clean-up tools from companies you've never heard of. They could in fact be malicious software that fixes one problem but creates many more.
  3. Use public computers with care. Do not access sites that require a personal logon, such as your online banking service, from a public computer.
  4. Guard your personal information. Use strong passwords with at least eight alphanumeric characters and special characters. Try not to use the same password on multiple sites. Never respond to emails or telephone calls with usernames, passwords, your social security number or other personal information. Northrim Bank already has this information so you do not need to tell them.
  5. Review your bank accounts regularly. Immediately report any suspicious activity to your financial institution.


Information that is phished includes:


  • Credit card numbers
  • Social security numbers
  • Deposit account numbers
  • User names and passwords

Phishing scams can be difficult to detect because Internet fraudsters have become very skilled at misrepresenting the businesses you know and trust. Emails created to phish information may contain stolen business logos or other visuals to mislead you into believing they are legitimate.


Take action

The Federal Trade Commission, a national consumer protection agency, recommends these tips to avoid phishing scams:


  • Do not reply to emails or pop-up messages that ask for personal or financial information.
  • Do not follow a link from an email. If you wish to check the validity of your website, type in the site name.
  • If you receive a suspicious email, check the validity of the message by contacting the business at a number you know is real.
  • Do not send personal or financial information in an email or email attachment.
  • When you transact business online, look for security indicators such as the lock icon on the browser�s status bar or a url address that begins with �https.�
  • Do not open attachments or download files unless you are confident of the source.


Be wary of any email that:


  • Tells you there is a problem with your account.
  • Directs you to website where you are asked to provide sensitive information.
  • Does not include a phone number you recognize to be genuine.


Report fraud ASAP

If you think you have been phished, act quickly to:


  • Contact your financial institution and/or credit card company to alert them to potential fraud.
  • Contact the three major credit bureaus listed below to request that a fraud alert be placed on your credit report.


P.O. Box 740241
Atlanta, GA 30374
P.O. Box 2002
Allen, TX 75013
P.O. Box 1000
Chester, PA 19022

The Federal Trade Commission (FTC) also investigates consumer fraud through the Bureau of Consumer Protection. You can forward unsolicited commercial email (spam), including phishing messages, directly to the FTC at

Privacy Policy - We make sure that your personal information is protected and that you understand the policies that protect you.

Your Security - Information on identity theft prevention and detection from our Online Banking vendor, Digital Insight.


Video Learning Center


Member FDIC Equal Housing Lender

© 2015 Northrim Bank - All Rights Reserved