Security Tips, Alerts and Bulletins


Security Alert

September 2014

Home Depot Card Compromise:  Home Depot confirmed this morning that they experienced a breach compromising their customers' card information.  We are not currently seeing fraud associated to this incident; however, if you are concerned for the security of your card, please be assured that we always take extra precautions in monitoring for fraudulent activity in these situations and will continue to do so.  For more information regarding this compromise please see Home Depot’s official statement.   

Microsoft warns the public not to fall for phony tech support calls:  Microsoft is aware of fraudulent calls being made by people claiming to be Microsoft technical support staff.  Click here to learn more about the scam, how the fraudsters can harm you, and what to do if you receive one of these calls.  

North Valley Bank is aware of recent news reports regarding the FBI and other federal agencies investigating a coordinated computer hack targeting at least 5 major American banks.  North Valley Bank employs a number of security tools to prevent a similar attack and we are confident that our network and our customers' information is secure.  


May 2014

May 18, 2014:  North Valley Bank has received reports of fraudulent phone calls and text messages in circulation indicating that the recipient’s account will be deactivated unless they provide debit card and account information.  Please note that these messages are not originating from North Valley Bank.  These phone calls and text messages appear to be an attempt to obtain your personal information for the purpose of identity theft.  For more information on how you can avoid becoming a victim of these types of scams, visit our Identity Theft and Fraud Education page. 



Cash Manager: Top things our business customer can do to reduce the risk of online identity theft. Click here, for details.
View our online demo on ID Theft for Businesses.

Online Banking: Tips that everyone should know to reduce the risk of online identity theft. Click here, for details.
View our online demo on ID Theft Prevention.

Password Security: When it comes to the security of your personal financial information, it's important to recognize how to select good passwords and change them often. Click here, for details.

ATM Safety:   Click here for tips to safely use ATM’s and other PIN devices.

Browser Hijacking: Click here for tips from Microsoft on how to fix your hijacked web browser:


Viruses in the News 

Citadel Malware

The FBI has issued a warning about Citadel malware attacks associated to the Reveton computer virus. The Citadel malware is known to freeze infected computers until a “ransom” is paid. The so-called ransom message displayed on hijacked computers suggests the user has violated a federal law and has been identified by their IP address.

This is an attempt to extort money with the additional possibility of the infected computer being used to participate in online banking fraud. If you believe you have been a victim of a Citadel malware attack, please follow these recommendations:

• Do not pay any money or provide personal information.
• Contact us right away at 530.226.2960 so we can protect your Cash Manager logins.
• Seek out a local computer expert to assist with removing the malware. Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
• File a complaint with the Internet Crime Complaint Center at Look for updates about the Reveton virus on the IC3 website.

Click here for additional security related information. Please contact the Electronic Banking Department Monday through Friday, 8:00 am to 5:00 pm at 530.226.2960 if you have questions or concerns. 



In  a new warning, the Federal Bureau of Investigation warns account holders of a new spam email scheme that involves a type of malware called "Gameover." The scheme involves fake emails from the National Automated Clearing House Association (NACHA), the Federal Reserve or the FDIC. These messages attempt to trick recipients into clicking on a link to resolve some type of issue with their accounts or a recent ACH transaction. Once you click on the link, Gameover takes over your computer, and thieves can steal usernames, passwords and your money.

What can you do?
As a reminder, North Valley Bank will never prompt you to enter your account number, social security number or debit card number to access Cash Manager or Online Banking. Do not enter this information into any website to gain access to your accounts. If you do input this information, contact the bank right away.

Do not click on links. Emails stating you've won the lottery or have a relative in a foreign country that passed away or a relative in a foreign prison, are all scams that should be deleted. Do not respond to these scams.

Keep your computer and mobile device updated with the newest versions of anti-virus software.

Report any inaccuracies regarding your account activity to the bank. 



Recent reports indicate that a new evolving virus called SpyEye is notable for its ability to inject new fields into a Web page, which can ask banking customers for sensitive information they normally would not be asked. The requested data can include logins and passwords or a debit card number. It can also hide fraudulent transfers of money out of an account by displaying an inaccurate bank balance; a feature designed with the goal of keeping users unaware of fraud.

What can you do?
Monitor your accounts frequently.

Do not click on pop ups that claim you've won a prize or state that you have a virus and need to download a program to remove it.

Do not click on links in emails. Emails stating you've won the lottery or have a relative in a foreign country that passed away or a relative in a foreign prison, are all scams that should be deleted. Do not respond to these scams.


Ramnit Worm

The Ramnit Worm is making its rounds on social networking sites. The worm is capable of spreading itself by stealing login credentials, logging in to the social networking site and transmitting malicious links to the user's friends. The primary objective for this worm is to gather login credentials for users accessing those sites. Users often use the same log-in and password credentials for multiple sites thereby allowing the thieves to login as the user to various social, email, financial and other sites the user normally accesses.

What can you do?

Use very different passwords for each system you access. In the event that one of your passwords is compromised, the sites you access will be limited to the ones you use for that specific password.

Change your password often. When picking a new password, don't use common words or a password close to the one you were just using.

Utilize strong passwords that contain a combination of letters, numbers and symbols. Avoid common words, your name, family names, pets' names, etc.


Security Bulletins 


April 2014

April 10, 2014:  North Valley Bank is aware of a recently discovered security flaw in the news known as the Heartbleed Bug and is taking appropriate actions to ensure that it has no impact on customer accounts. 

What is the Heartbleed Bug?
Heartbleed is a flaw in the programming on some secure websites that could put personal information at risk, including passwords, credit card information and e-mails. The Heartbleed Bug is a defect in certain versions of Open SSL encryption technology used by some Web servers to secure users' information. 

Am I affected?
Most active users of the Internet have likely been exposed, since a majority of websites – including Facebook, retail and even government sites – use the Open SSL software. But it is unknown whether any criminals have actually exploited the bug, and several major sites, like Amazon, have already installed patches. Many sites with an address beginning with "https" are vulnerable until the website operator fixes the bug and users change their passwords. 

What is North Valley Bank doing to protect my account?
North Valley Bank's online banking system does not utilize Open SSL and instead relies on a more secure technology.  Additionally, we utilize updated intelligence and industry leading technology to regularly scan for vulnerabilities as well as detect and respond to potential security threats. 

What can I do?
As always, it is a good idea to update all of your passwords every few months. Also, monitor your bank accounts regularly and report suspicious transactions to the bank immediately. Beware of phishing scams – or e-mails with malicious links – that will attempt to get additional sensitive information from you. 

Consumers are protected from unauthorized transactions. Let the bank know immediately if you suspect unusual activity. Your accounts are monitored for fraud protections through rigorous security tools and fraud detection software.  

April 8, 2014:  Support for Windows XP Ended  - As of  April 8, Windows XP Service Pack 3 (SP3) customers are no longer receiving new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.  This means that any new vulnerabilities discovered in Windows XP are not addressed by new security updates from Microsoft.  Microsoft recommends upgrading to Windows 7 or 8.


February 2014

Target Data Breach Update:  North Valley Bank issued new debit cards to those customers impacted by the Target breach.  If you shopped at Target between 11/27/2013 and 12/15/2013 and have not received a new debit card, please contact us at 1-866-869-6673 for assistance 

Here are a few ways to protect yourself from breaches of retail stores:  Monitor your account daily with Online Banking, mobile banking and e-Alerts.  If you do not have an Online Banking login click here to enroll.  Once enrolled you can set up e-Alerts for debit card transactions and mobile banking.  e-Alerts allow you to easily monitor your accounts via email or text message. Simply log into Online Banking, select an account, choose e-Alerts and select Debit Card Transaction alert to monitor card transactions on your NVB debit card.  If you do see fraudulent charges on your NVB debit card please contact us immediately at 1-866-869-6673 or by calling the number on the back of your card.  

Click here for retail compromise security tips


November 2013

United States Computer Emergency Readiness Team (US-CERT) has released a warning regarding a malware campaign that surfaced in 2013 and is associated with an increasing number of ransomware infections.  CryptoLocker is a new variant of ransomware that restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files. As of this time, the primary means of infection appears to be phishing emails containing malicious attachments.  CryptoLocker appears to have been spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices.  Visit for recommendation to protect computer networks from a CryptoLocker infection.


October 2013

Attention to those who receive retirement benefits from the Social Security Administration (SSA):  The Social Security Administration is reporting a rise in cases in which identity thieves register an account at the SSA portal using a retiree’s personal information and then divert the retiree’s benefits to prepaid debit cards that the thieves control.  SSA’s web portal allows recipients to view earnings, estimate future benefits, and change direct deposit information.  According to recent reports, identity thieves are using the portal to hijack the benefits of individuals who have not yet created an account at the site. 

Here’s how to stay safe:  Register your social security number.  The Social Security Administration authorizes only one “My Social Security” account per Social Security number, once registered by the legitimate account holder, no outsider will be able to access the account information and misdirect future funds.  To register, visit  

FBI warning users about Beta Bot malware: The FBI has warned users about a campaign using the Beta Bot trojan to target online payment systems and financial institutions, as well as blocking users' access to security websites and disabling antivirus programs. According to the FBI, the malware has been spotted popping up on users' computers in the form of a Microsoft Windows message box. When asked if users want to run a program, users are being urged not to click “Yes.” The “User Account Control” box claims to just want to make changes to the computer but it actually allows hackers to pull data from the computer, including log-in credentials and financial information. The malware has also been seen propagating via Skype and USB thumb drives.

Phishing E-mail "FDIC: About your business account":  North Valley Bank has learned of emails in circulation across the United States purporting to be from FDIC with “important news regarding your financial institution.”  These emails are fraudulent and ultimately redirect to sites containing malware.  As a reminder, North Valley Bank recommends that you never click on a link in an email unless you are expecting the email. 


August 2013

Visa and Mastercard Phishing Scam:  On August 27, 2013, North Valley Bank received reports that cardholders from various financial institutions had received automated telephone calls purportedly from Visa or Mastercard stating their online shopping had been restricted and to enter their 16 digit card number or press zero.  These calls are fraudulent and have not been authorized by North Valley Bank.  Please refer to Security of Your Information at  Please contact us immediately at 1-866-869-6673 if you entered your card number in response to one of these calls.

Pay Pal Themed Malicious Emails:  North Valley Bank has become aware of multiple phishing schemes that appear to involve Pay Pal themed malicious emails.  Please verify the receipt of an email with Pay Pal prior to opening or responding to any unexpected email.

"Bank Fraud Alert" Email Scam:  Suspicious emails titled, “Bank Fraud Alert”, have been received from multiple clients by another institution.  The email was a bulletin that appeared to have been put out by Old Republic National Title Insurance Co and was in regards to unauthorized wire transfers.  The institution was not certain if the email was legitimate or a phishing attempt.  Please be wary of any strange unexpected emails that you may receive.


May 2013

Microsoft Scams:  Scammers Impersonate Microsoft - Webroot has reported an increase in fake Microsoft scams in which users are tricked into thinking that their PC is infected. Users receive a website message stating their computer is infected and are encouraged to run a “removal tool” called “security cleaner.” However, the file is actually infected and, if initiated, will infect the PC.

On its Safety and Security Center site, Microsoft warns users that they will not:
• Make unsolicited phone calls to help you fix your computer
• Request credit card information to validate your copy of Windows
• Send unsolicited communication about security updates. 

Phishing Email:  North Valley Bank is aware of a phishing email in circulation in various parts of the United States.  The email bears the subject "Action Required: Important Notice Regarding Online Banking" and typically purports to come from a financial institution.  The e-mail message claims that the bank will be implementing enhancements to its online and mobile platforms and wants the victim to download an attached HTML document (web page).  The attached file in the phishing email is a web page that displays a form requesting the victim’s personal information for purposes of stealing their identity for financial gain. Click here for tips that everyone should know to reduce the risk of online identity theft, or view our online demo on ID Theft Prevention.


Security Alert

Odds Are It's A Scam - The U.S. Postal Service is taking on criminals who target millions of people every year in foreign lottery scams. Remember…  if you have to spend money to claim a prize, odds are it’s a scam!  Never wire or send money to anyone, anywhere, who says you’ve won a prize.  Look for information at your local post office or online at

March 4, 2013:  North Valley Bank has received reports of automated calls originating from 1-800-622-1631 to some of our customers indicating there is a problem with their account. Please note that these calls are not originating from North Valley Bank and it is not our practice to request debit card information over the phone. These calls appear to be an attempt to obtain your personal information for the purpose of identity theft. Please call us directly at 1-866-869-6673 if you wish to verify the status of your card or account. 

January 23, 2013 - Malware Risk: Shylock is a Trojan program that tries to steal online banking credentials and other financial information. Technology experts say the Shylock malware has been updated to spread via Skype with a plugin named 'msg.gsm' that uses the chat function in Skype in order to spread to new machines. To stay safe, users must refrain from clicking links found in instant messages, especially those from unknown or unverified sources. Please also ensure that your virus protection software is kept up to date.   

SMS Phishing or “SMiShing” scams are on the rise. Beware of text messages requesting sensitive information, particularly those that follow the general format, "Fwd: Good Afternoon. Attention Required Call.(xxx)xxxxxxx.” These fraudulent text messages often refer to account suspensions, credit card collections, and the U.S. Veteran's Administration health services.

Falling for these scams can put you at risk of being subjected to bank account theft, credit card fraud, or identify theft. 

Important message to users of Yahoo Mail, Hotmail and Gmail services: This is a courtesy notice to advise users of an ongoing phishing email scam that may try to compromise email contact lists and forward personal emails to a cybercriminal. Experts strongly recommend email users regularly check their forwarding settings for any email addresses that they do not recognize. If you believe your email has been hacked, you should change your password immediately. 

Avoid becoming a victim of Anti-Virus Scams and subsequent unauthorized use of your debit or credit card. A victim of an anti-virus scam will encounter a pop-up designed to look as if it were generated from the victim's computer and indicating that a virus attack has occurred (e.g., "Security Warning: Application cannot be executed. The file rundll32.exe is infected. Do you want to activate your antivirus software now?"). In some cases, the victim's computer screen will freeze; to unfreeze the screen and remove the "virus," the victim is advised to immediately purchase fake anti-virus software. Once the victim's payment information is provided, the computer screen will unfreeze. Unfortunately, the fake anti-virus software is either non-functional or malware; the victim's computer will continue to be infected with viruses and malware.

In recent months, Visa cardholders have reported that they have also received a phone call from a fraudster claiming to represent a reputable security software firm (such as McAfee) and offering to provide technical support to help resolve a computer virus issue. The fraudster seeks the cardholder's approval, remotely accesses the cardholder's computer, and tries to sell the cardholder an anti-virus maintenance package, which is purchased with the cardholder's credit card.  

As reported by the Internet Crime Complaint Center (IC3): Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online. Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud US businesses. The FBI recommends that potential employers remain vigilant in opening the e-mails of prospective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.