Online Banking

Banking at your convenience

Resource Center

Cyber Security Alert

  • SKNANB recently became aware of customers of two Eastern Caribbean Currency Union (ECCU) financial institutions that received phishing emails from an unknown source, asking them to validate their account information by clicking a link. Some of the phishing emails contained cleverly crafted variants of the institution's mobile banking URL, redirecting them to a fraudulent version of online banking platform. Customers who fall prey to this attack are subject to their credentials being compromised. It appears that this wave of attacks has strategically spiked during the month-end periods when most businesses pay their employee salaries.

    As a precaution, we are providing this notice and outlining some steps you may take to help protect yourself.

    Example of the Phishing Attack

    Characteristics of Phishing Emails

    1. Generic Greeting - Often attackers do not know the person whom they are contacting and will therefore utilize a generic instead of a personalized greeting.
      Typical examples include:
      • Dear Customer
      • Dear Valued Customer
    2. Misleading URL - In the above example, the URL appears to be which is likely the link to the legitimate site. However, this link actually points to another site (highlighted in yellow above) which is revealed when a user 'hovers' over the URL. An unsuspecting user could be easily tricked into clicking the link which would direct them to the fraudulent site.
    3. Although it is not evident here, it is also likely that the originating and return addresses of this email are different. It is possible the attacker could create a fraudulent email appearing to originate at the institution. However, to avoid detection the email would have a different return address in the event that the user clicked 'Reply-To'.

    What are we doing?

    To safeguard our customers' information, National Bank will not under any circumstance, request customers' account information via email or other non-secure means. If you receive any electronic communication requesting account details or validation of accounts from National Bank, please take note and advise us immediately:
    • Do not click any links within the body of the email
    • Do not open attachments
    • Delete the message

    What can you do?

    1. We recommend that you monitor and review your credit and debit card account statements as soon as possible in order to determine if there are any discrepancies or unusual activity listed. You should remain vigilant and continue to monitor your statements for unusual activity going forward.
    2. If you see anything you do not understand or that looks suspicious, or if you suspect that any fraudulent transactions have taken place, you should contact us immediately as follows:

    3. Other things to consider:

    4. The Bank will not and should not ask for passwords or account information over email. Please be wary of any emails asking for passwords or enticing you to reset passwords. Never send passwords, bank account numbers, or other private information in an email
    5. Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security. If you are not expecting an email with an attachment from someone, such as a fax or a PDF, please call and ask them if they indeed sent the email. If not, let them know they are sending out Phishing emails and need to change their email password immediately.
    6. If there is a link in an email, use your mouse to hover over that link to see if it is sending you to where it claims to be, this can thwart many phishing attempts.
    7. Spelling and grammatical errors are often telltale signs of phishing attacks. Cybercriminals often originate from areas where English is not the first language. Professional companies or organizations usually have staff that will not allow a mass email like this to go out to its users with errors
    8. Look for and inspect the 'https://' and a lock icon in the address bar before entering any private information on a website

If you have any questions or require additional information regarding suspicious or fraudulent activity, you may contact us at the above stated numbers

Get online and bank anytime, anywhere

Important Tips

  • Never share your log in credentials with anyone
  • Never respond to correspondences requesting your username and password
  • Always sign out when you have concluded your business

Safe, convenient, reliable...hallmarks of National Online