New York Branch
About Us
Website Statements
CMBNY Security Center

CMBNY Security Center

How to Protect Yourself from Cyber Scams

The digitalization of the financial industry tremendously improves the efficiency of doing banking business. However, accompanying the trend are intensified security breaches, like identity theft, information leakage, data breach, ransomware attack, and so on.  China Merchants Bank New York Branch (CMBNY) has put in place a series of counter-measures to protect our clients, like privacy protection, fraud protection, account protection, encrypted communication, among others. However, cyberattacks cannot be defeated by indestructible systems alone. In most reported cyberattack cases, human beings are the first point of compromise, and from there bad actors take the foothold for further infiltration and destructive actions. It becomes more and more important for our clients to participate in the defense process.

Stay Vigilant / Phone & Email Safety

Be cautious when opening an unsolicited email or taking a call from an unknown number. A fraudster may be on the other end.

Spoofing – Email Fraud

Email spoofing appears to be from legitimate companies. These emails try to convince you to click on a link to resolve an urgent matter involving your account. Just clicking on the link may give identity thieves access to your computer, allowing them to record your keystrokes and capture your passwords and other sensitive information.

Identify Email Spoofing

A sense of urgency – fraudulent emails might claim that your account will be closed or temporarily suspended with a warning that you’ll be criminally charged if you don’t respond.

Spelling and grammatical errors – there might be obvious errors in spelling and grammar, which helps fraudulent emails avoid spam filters.

Here are some examples of the fraudulent emails that have been reported to CMBNY:

A large sum of money in exchange for payment of advance fees, transaction costs, customs duties, etc. 

A lottery win 

A transaction initiated by companies registered in China or other Asian or European countries

CMBNY’s email practices

In the business emails sent by CMBNY, we include the first digit and the last two digits of customer ID.

We do send emails with links (for your convenience) to feature such as online tours and information or promotions about CMBNY products. You can also type in the address (URL) directly, if you prefer.

Actions against spoof emails

Go to the site directly – type the web address (URL) into your browser and bookmark it for future reference.

Do not provide your User ID, security word, PIN number, password or any other personal information in an email.

Never use the “Remember Me” feature on a public or shared computer.

Spoofing - Website Fraud

Website spoofing is to mimic a popular company's website to lure you into disclosing personal or confidential information. To make such fraudulent websites appear legitimate, identity thieves use the names, logos, graphics and even the code of the real company's website. They can even fake the URL that appears in the address field at the top of your browser window and the padlock that appears to the left of the web address. And links in fraudulent emails almost always take you to a malicious website.

Spoofing - Web Form Fraud

Web form spoofing is often to instruct you to enter confidential data that a legitimate web form wouldn’t typically ask you for, making it easier to spot.

Smishing - SMS Fraud

Named for SMS (Short Message Service), the technology is used for mobile text messaging. Smishing is a method of sending messages that appear to be from a legitimate company and typically contain a link that takes you to a malicious website or asks you to call a phone number. Simply clicking on the link can lead to other problems, such as the installation of key logging software or dangerous viruses onto your device.

You should also watch out for SMS (plain text) and MMS (multimedia) message headers that start with the number 19. If you respond to them, you'll be charged a premium rate that can leave you saddled with a huge phone bill.

Identify Smishing

Requests to renew your banking service – the message may tell you that your online banking service has expired. You are asked to renew it by clicking on a link to go to your bank's website, then you are prompted to update your account information.

Impending charge notices – this message usually says that you’ll be charged a certain amount per day if you don't call the phone number provided to cancel.

Actions against Smishing

Don’t respond to unknown numbers – if you miss a call or receive a text message from an unfamiliar number, it’s safer to ignore the call or delete the message.

Set up blocking features – check with your mobile service provider to see if they offer the option to block certain types of text messages.

Get on the Do Not Call List – register your mobile number with the national Do Not Call List. Sign up online at or call 1-888-382-1222.

Use discretion when installing software – only download and install software from reputable companies or from providers you trust.

Vishing - Online Call Fraud

Vishing is a type of phone scam that usually occurs with Voice over Internet Protocol (VOIP), such as Vonage® or Skype™ use, but it can also occur with other phone services. So be wary of calls that play a recording claiming your bank account has experienced unusual activity and providing you with a phone number to call. If you need to contact CMBNY, always use a trusted number or contact your relationship manager.

Protect Your Account

You have powerful security tools at your fingertips to help keep your account information safe.

Username & Password Settings

A strong password is critical to your security

Avoid using a password or variation of a password that you already use elsewhere. Also steer clear of variations of your name, or the names of family members or pets, as identity thieves can sometimes find this information on social media.

Never write down your password

Memorize it or use a password manager, instead. Writing your password down means that anyone in possession of it has access to your account. As an extra security measure, you should periodically change your password.

Make account check-ins a habit

Sign in on a regular basis and review your account information. If there are changes to your account that you don’t recognize, contact us immediately.

Multi-Factor Authentication

As a second form of verification every time you sign on, Multi-Factor Authentication (MFA) offers added protection to help keep your account secure, even if someone discovers your password. You should sign up for MFA whenever it is available.

Authorized Users - Verify Who Has Account Access

Regularly review who has access to your account to ensure all authorized users are current. This is especially important for business accounts.

Report Suspected Fraud

Forward Suspicious Email

You can forward suspicious emails to the Federal Trade Commission:

Contact or call 1-877-IDTHEFT

CMBNY Contact

You can always contact us at or contact your relationship manager if the matter is urgent - and you should do so immediately if you’ve responded to a potentially fraudulent email with your personal information.