New York Branch
About Us
Website Statements
CMBNY Security Center

CMBNY Security Center

While we make every effort to secure your personal information, there's plenty you can do to avoid falling prey to fraud and identity theft.

The official CMBNY's website address is

The official number set out on our website is: +1 (212) 753-1801.

If you are not certain of the source of a telephone call, email or letter, you should hang up the telephone, not click on a link in an email and not reply to a letter. Instead, call us at the number set out on our website or contact your relationship manager at the Branch.

Social Engineering: Phishing, Vishing and SMShing

There are three top methodologies of malicious social engineering that you need to recognize: Phishing, Vishing and SMShing.

Phishing involves an email, often using the name and logo of a legitimate company, asking you to click a link and provide account details, which are then used to commit fraud.

Vishing is phishing via phone, where the caller (or recording) warns you of the urgent need to confirm sensitive account information, or to call a number and provide it.

SMShing is essentially phishing via text, directing you to follow a link or call to provide sensitive account information.

These scams often look legitimate but legitimate companies don't use unsolicited communications or pressure tactics. E-mails and calls will ultimately seek sensitive personal and account information, like Social Security numbers, account numbers, passwords or password prompts.

Use these tips to help protect your personal/account information:

  1. Do not open the E-mail from unknown sources.

  2. Be suspicious of E-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information.

  3. Contact your relationship manager if an E–mail claiming to be from your financial organization seems suspicious.

  4. Update all your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.

  5. Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.

Scams: Malware

Malware, short for malicious software, is any program that intentionally harms your computer, including worms, adware, spyware, Trojan horses and viruses, usually installed without your consent when you click a fraudulent advertisement or visit an affected web site. It used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Use these tips to help protect your personal/account information:

  1. Never open attachments or follow links that look suspicious, install firewalls and keep antivirus programs up to date.

  2. Install Malware detection software for computers and mobile devices. It is available for purchase and sometimes included in anti-virus software.

  3. Install security software from a reliable company and set it to update automatically. Fraudsters constantly develop new ways to attack your computer, so your software must be up to date to work.

  4. Be sure to perform regular backups of your important files and data, which will prevent comprehensive loss or corruption of important files and information, while facilitating easier data recovery after fraud incidents.

Online Security: Keep Your PINs and Password Private

Use these tips to help protect your personal/account information:

  1. Create a "strong" PINs.

  2. Create device or user account password with at least 8 characters that includes a combination of mixed case letters and numbers and special characters. Always follow your account password setting instruction provided by the financial institution.

  3. Change your banking account's password frequently.

  4. Never share username and password information with anybody.

  5. Avoid using an automatic login feature that saves usernames and passwords.

  6. Do not use public or other unsecured computers for logging into banking account.

  7. Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.

  8. Never leave a computer unattended while using banking account.

Online Security: Pay Close Attention to the Apps You're Using

Download or obtain your apps only from trusted and reputable sources such as the Apple iTunes Store, Google Play, or the Amazon App Store for Android. This helps you avoid malware which is often distributed via illicit channels. You should always download the app from the website that provided by the financial institution.

Online Security: Maintain your network (Public Wi-Fi)

Public WiFi, like the ones in coffee shops, airports, and hotels, are convenient, but they often aren't secure. Many WiFi hotspots have no form of encryption, or they utilize the much weaker WEP protocol that is susceptible to cybersecurity breaches.

Use these tips to help protect your personal/account information:

  1. Disable Auto Join to Wi-Fi Networks

  2. Log in or enter personal information only on secure sites that use encryption. Again, look for a web address that begins with “https”

  3. Treat all open networks as a security risk. We would recommend not doing any type of banking, online shopping or anything else that would expose your private information while on a Wi-Fi network.

  4. Avoid using your mobile device on an unsecure wireless local area network (WLAN) for banking system. Incidents have occurred where banking credentials have been stolen from an unsecure network.

  5. Never email financial information including credit card, Social Security, and checking account numbers, even if the network and website are secure.

Maintain Your Devices (Jailbroken and Rooted Devices)

Jailbreaking/Rooting is the process of removing the limitations imposed by Apple/Android on devices running the operating system, allowing the phone's owner to gain full access to the root of the operating system and access all the features.

Jailbroken or rooted devices present greater risk than unmodified devices because the process will remove the manufacturer's protection against malware and viruses so do not jailbreak or root your device. Also do not log into your account or access your banking account information using the jailbroken or rooted devices.