December 22, 2010
Columbia Bank customers have reported a misleading letter regarding a refinance offer for mortgage loans at "Columbia St Bk". This communication was not created by and has no connection to any Columbia Bank service or offer.
Click here for a sample of the letter.
If you question the authenticity of a communication you receive on behalf of Columbia Bank or regarding your banking activity, please contact your branch immediately.
Our Online Services division has experienced an increased number of reported phishing attempts targeting users. Please be aware of the following when accessing any Online Banking system:
- A message appears during the login process stating that the user's computer cannot be identified, and that the user is required to enter credit card information to continue.
- The page that requests login information does appear to originate from Columbia Bank’s Online Banking site with the correct URL and certificate information. This can happen from malware being installed on the user’s computer. This malware was most likely installed from an opened e-mail attachment or a compromised website viewed on the infected computers of customers using Online Banking. Rest assured that Columbia Bank's Online Banking servers remain secure.
To prevent fraud, do not enter personal or account information during the login process or for where the information requested is not relevant to the transaction. You should not enter sensitive data if you are prompted to do so. Also, any computer system accessing Online Banking should have anti-virus and anti-malware installed with the software definitions kept up-to-date.
If you have any questions please contact Online Services at 877.754.5074.
As reported in the national media, September 9, 2010, an email-borne computer virus circulated among major organizations worldwide. This was a “Zero Day” virus that was not detected by most major antivirus packages, although its presence quickly became evident as inboxes filled with “Here you have…” emails. Columbia Bank systems were not infected by this virus. We are currently auditing third party service providers to ensure they were not affected.
How to protect yourself from e-mail attacks:
• Don't open e-mails for people you don't know
• Permanently delete any copies of the e-mails if you received them
• Do not click on links within e-mails from unknown sources
• Update definitions to your anti-virus software
You can find additional resources available in the Security Resource Center at ColumbiaBank.com. If you have questions or concerns, please contact our online services department at 1-877-754-5074.
This is a warning about receiving automated bank calls on cell phones. Bank cardholders are being contacted by cell phone using various spoofed numbers, and pre-recorded messages stating that they are calling from your bank.
The message states that "their debit card has been deactivated due to a billing error". The call then prompts the cardholders to enter their 16 digit debit card number and pin. After this information is entered it tells the cardholder that their account is now "activated".
As a result, the cardholder's account is accessed through unauthorized activity. Banks do not call you on your cell phone numbers or your home number and ask for your account information.Though the call may appear to be a local number, it could be from anywhere in the world. Telephone numbers can be spoofed and some local numbers are being sold by phone companies to people around the world. There are also web sites that also allow callers to show any number on a caller ID that they want.
If you feel you have been victimized by this scam, contact your branch staff immediately to prevent losses.
The Security Resource Center of our website has many tips to help you to avoid losses due to this and other types of fraud. To access the Security Resource Center, go to www.ColumbiaBank.com – the link is located on the homepage. For more information on scam prevention, visit the US Federal Trade Comission website.
NACHA Phishing Alert E-mail Claiming to be from NACHA
July 22, 2010
NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA. See sample below.
The subject line of the e-mail states: “Unauthorized ACH Transaction.” The e-mail includes a link that redirects the individual to a fake Web page and contains a link which is almost certainly an executable virus with malware. Do not click on the link. Both the e-mail and the related website are fraudulent.
Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches are installed and current.
Be alert for different variations of fraudulent e-mails.