Fraud Prevention & Security Center

At City National Bank, Your Online Safety And Security Is Our Top Priority.

Last Updated:
 February 21st, 2024

Your security and financial well-being are of utmost importance to us. Please beware of a 'spoofing scam' targeting banking clients nationwide.

What is happening?

Scammers are impersonating bank officials or representatives through phone calls, emails, or text messages in an attempt to gain access to personal information, such as banking details, passwords, and PINs. These communications may appear legitimate but are designed to deceive you into sharing sensitive information.

What to look out for:

  • The fraudster is impersonating the following CNB number:  305-349-5490
  • The texts and telephone calls claim to be from the bank's fraud department.
  • The fraudster in several of the reported instances has been male.
  • In some instances, the fraudster has used the name "CHAD" and has acted in a very professional and seemingly legitimate manner.
  • Clients who have called back, reported the fraudster answers the call claiming to be the "City National Bank of Florida fraud department" and has provided clients FALSE case numbers.

Here are some ways to protect yourself: 

  • City National Bank of Florida will never ask for your username or password. If someone does, it's likely a scam.
  • Don't click on links or respond to unexpected emails or  messages. If you're unsure  about a request, find the company's phone number on your own (not the one  provided by a potential scammer) and call to check if it's legitimate.    
  • Don't open attachments from unknown senders, and be careful with forwarded email attachments. Only download files from trusted sources.
  • Enable two-factor authentication on your accounts. This adds an extra layer of security, so even if your personal information is compromised, your account stays protected.


Regulation E establishes the rights, liabilities, and responsibilities of parties in electronic funds transfers and protects consumers when they use such systems. The term “electronic fund transfer” (EFT) generally refers to a transaction initiated through an electronic terminal, telephone, computer, or magnetic tape that instructs a financial institution either to credit or debit a consumer’s asset account. The law and regulation establish the basic rights, liabilities and responsibilities of consumers who use EFT services and of financial institutions that offer these services.

Read City National Bank's Electronic Fund Transfer Disclosure Here.


City National Bank Of Florida will never contact you to request personal information by email, phone, or text communication, including account numbers, online bank account username or passwords, personal identification information such as social security number or date of birth, or any other confidential customer information.

Fraudulent communications through email, phone, or text are designed to appear as though they have originated from City National Bank Of Florida. Do not respond to these communications, which request any type of personal or confidential information and do not click on any links within emails or text messages. These communications are not from City National Bank Of Florida.


Fraud comes in many shapes and sizes and unfortunately, it will never go away. Nor will the money and time spent fixing it. That’s why it’s vital to ramp up your security arsenal.

While fraud operators are constantly developing new viruses, spyware and online fraud schemes, the good news is that you can take action to protect yourself against online fraud. The keys to control are prevention and detection.

Prevention stops identity theft at the source and protects your private data before it is compromised by fraudsters. Taking advantage of online bill pay and even good old fashioned paper-shredding contributes to your own online safety.

Early Detection is equally important. Successful detection includes records consolidation and the regular review of your financial accounts for unusual activity. Banking online gives you quick access to your accounts, so that you can detect fraudulent activity sooner.


Different fraud tactics all share the same goal: to obtain your personal, confidential and financial information for fraudulent use.

From obtaining your information ‘the old fashioned way’ via discarded mail, to emails that ask you to verify personal information under the guise of a trusted source like your financial institution fraudulent activity comes in many different forms.

Fraud tactics include:

Adware: Software that displays advertising content on your computer. Like its cousin spyware, some adware runs with your full knowledge and consent, some doesn't. More often an annoyance than a security risk, adware may also monitor browsing activities and relay that information to someone else over the Internet.

Bot or Web bot: Derived from "robot." An automated program, such as a Web crawler, that performs or simulates human actions on the Internet. Used for legitimate purposes by search engines, instant message (IM) programs, and other Internet services. Web bot can also be used to take control of computers, launch attacks, and compromise data; may act as part of a blended threat.

Botnet or Zombie Armies:  A group of computers that have been compromised and brought under the control of an individual. The individual uses malware installed on the compromised computers to launch denial-of-service attacks, send spam, or perpetrate other malicious acts.

Denial-of-Service (DoS): An attack on a computer or network in which bandwidth is flooded or resources are overloaded to the point where the computer or network's services are unavailable to clients. Can also be carried out by malicious code that simply shuts down resources.

Dumpster Diving: Thieves rummage through trash looking for bills or other paper that includes your personal information.

Keylogger:  Software that monitors and captures everything a user types into a computer keyboard. Used for technical support and surveillance purposes. Can also be integrated into malware and used to gather passwords, user names, and other private information.

Malware: Also known as ‘malicious software’, malware is designed to harm, attack or take unauthorized control over a computer system. Malware includes viruses, worms, Trojan horses, some keyloggers, spyware, adware and bots. It’s important to know that Malware can include a combination of the types noted.

Pharming: Pharming takes place when you type in a valid Web address and you are illegally redirected to a Web site that is not legitimate. These ‘fake’ Web sites ask for personal information such as credit card numbers, bank account information, Social Security numbers and other sensitive information.

Phishing: A scam that involves the use of replicas of existing Web pages to try to deceive you into entering personal, financial or password data. Often suspects use urgency or scare tactics, such as threats to close accounts.

Pop-Ups: A form of Web advertising that appears as a “pop-up” on a computer screen, pop-ups are intended to increase Web traffic or capture email addresses. However, sometimes pop-up ads are designed with malicious intent like when they appear as a request for personal information from a financial institution, for example.

RetroVirus: This virus specifically targets your computer defenses. It will look for vulnerabilities within your computer operating system or any third party security software. Most security vendors have some form of tamper-proof measure in place, so it is important to keep your patches up-to-date. Retro Viruses are usually combined with another form of attack.

Social engineering:  A method of deceiving users into divulging private information, social engineering takes advantage of our natural tendency to trust one another rather than rely solely on technological means to steal information. Often associated with phishing, pharming, spam, and other Internet-based scams.

Spam:  Unsolicited email, usually sent in bulk to a large number of random accounts; often contains ads for products or services. Also used in phishing scams and other online fraud. Can be minimized using email filtering software.

Spim or Instant Spam:  Unsolicited instant messages, usually sent in bulk to a large number of IM accounts; often contain marketing materials and links to product Web pages. May also be used in phishing scams or to spread malware. See also, spam.

Spoofing: Spoofing is when an attacker masquerades as someone else by providing false data. Phishing has become the most common form of Web page spoofing. Another form of spoofing is URL spoofing. This happens when an attacker exploits bugs in your Web browser in order to display incorrect URLs in your browser location bar. Another form of spoofing is called “man-in-the-middle”. This occurs when an attacker compromises the communication between you and another party on the Internet. Many firewalls can be updated or configured to significantly prevent this type of attack.

Spyware: Loaded on to your computer unbeknownst to you, spyware is a type of program that watches what users do and forwards information to someone else. It is most often installed when you download free software on the Internet. Unfortunately, hackers discovered this to be an effective means of sending sensitive information over the Internet. Moreover, they discovered that many free applications that use spyware for marketing purposes could be found on your machine, and attackers often use this existing spyware for their malicious means.

Trojans: A Trojan is malicious code that is disguised or hidden within another program that appears to be safe (as in the myth of the Trojan horse). When the program is executed, the Trojan allows attackers to gain unauthorized access to the computer in order to steal information and cause harm. Trojans commonly spread through email attachments and Internet downloads. A common Trojan component is a “keystroke logger” which captures a user’s keystrokes in an attempt to capture the user’s credentials. It will then send those credentials to the attacker.

Virus: A computer virus is a malicious program that attaches itself to and infects other software applications and files without the user’s knowledge, disrupting computer operations. Viruses can carry what is known as a “payload,” executable scripts designed to damage, delete or steal information from a computer.

A virus is a self-replicating program, meaning it copies itself. Typically, a virus only infects a computer and begins replicating when the user executes the program or opens an “infected” file.

Viruses spread from computer to computer only when users unknowingly share “infected” files. For example, viruses are commonly spread when users send emails with infected documents attached.

Vishing: Vishing is a type of phishing attack where the attacker uses a local phone number in the fake email as a means of obtaining your sensitive information. The goal is to fool you into believing the email is legitimate by instructing you that responding to the request by phone is safer than responding by email and shows authenticity. The unsuspecting caller is then tricked through an automated phone system to relinquish their sensitive information.

Worm: A worm is similar to a virus but with an added, dangerous element. Like a virus, a worm can make copies of itself; however, a worm does not need to attach itself to other programs and it does not require a person to send it along to other computers.

Worms are powerful malware programs because they cannot only copy themselves; they can also execute and spread themselves rapidly across a network without any help.

Business Email Compromise (BEC): Email is often a vehicle used to transmit malware and commit fraud. It is important to evaluate your email behaviors and develop good habits to help protect your computer and your identity.

In addition to viruses and worms that can be transmitted via email, phishing also threatens email users. A type of email fraud, phishing occurs when a perpetrator, posing as a legitimate, trustworthy business, attempts to acquire sensitive information like passwords or financial information. Read more about BEC and how to protect your business against attacks .

Reporting fraud

The impact of identity theft and online crimes can be greatly reduced if you can catch it shortly after your data is stolen or when the first use of your information is attempted. One of the easiest ways to get the tip-off that something has gone wrong is by reviewing your monthly statements provided by your bank and credit card companies for anything out of the ordinary.

If you know, or even think, you’ve been a victim of identity fraud, take immediate action and follow these five steps.

  • Report the fraudulent activity. If the activity is related to our financial institution, please contact us directly. If it is related to another financial institution, your credit card company, or any other organization contact them directly.
  • Contact one of the three consumer reporting companies and have a fraud alert placed on your credit report. This will help stop fraudsters from opening any additional accounts in your name.  Contact only one of the following (the others are required to contact the other two):

    Equifax: 1-800-525-6285; in a new Window); P.O. Box 740241, Atlanta, GA 30374-0241

    Experian: 1-888-EXPERIAN (397-3742); in a new Window); P.O. Box 9532, Allen, TX 75013

    TransUnion: 1-800-680-7289; in a new Window); Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
  • Close any accounts that you know - or even think – might have been tampered with or opened fraudulently. Report the transgression to a security spokesperson at the relevant company. Ask them about any additional steps – they’ll probably ask you to send relevant copies of the fraudulent activity.You can also use the FTC Theft Affadavit ID Theft Affidavit (PDF, 56KB) as formal certification of your dispute.
  • File your complaint with the FTC. Use the online complaint form; or call the FTC’s Identity Theft Hotline, toll-free: 1-877-ID-THEFT (438-4338); TTY: 1-866-653-4261; or write Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
  • Sharing your identity theft complaint with the FTC will help law enforcement officials track down identity thieves and stop them. Call or visit the local police or police in the community where the identity theft took place and file a report. Have a copy of your FTC ID Theft complaint form available to give them. Obtain a copy of the police report and the police report number.

fraud prevention

It’s not always easy to identify online fraud but cybercrime prevention can be straightforward. When you're armed with a little technical advice and common sense, you can avoid many attacks. Remember that online criminals are trying to make their money as quickly and easily as possible. The more difficult you make their job, the more likely they are to leave you alone and move on to an easier target. The tips below provide basic information on how you can keep your computer and your identity safe.

  • Never open or respond to SPAM (unsolicited bulk email messages).
    Delete all spam without opening it. Responding to spam only confirms your email address to the spammer, which can actually intensify the problem.
  • Never click on links within an email.
    It’s safer to retype the Web address than to click on it from within the body of the email.
  • Don’t open attachments from strangers.
    If you do not know the sender or are not expecting the attachment, delete it.
  • Don’t open attachments with odd filename extensions.
    Most computer files use filename extensions such as “.doc” for documents or “.jpg” for images. If a file has a double extension, like “heythere.doc.pif,” it is highly likely that this is a dangerous file and should never be opened. In addition, do not open email attachments that have file endings of .exe, .pif, or .vbs. These are filename extensions for executable files and could be dangerous if opened.
  • Never give out your email address or other sensitive or personal information to unknown web sites.
    If you don’t know the reputation of a Web site, don’t assume you can trust it. Many Web sites sell email addresses or may be careless with your personal information. Be wary of providing any information that can be used by others for fraudulent purposes.
  • Never provide sensitive information in email.
    Forged email purporting to be from your financial institution or favorite online store is a popular trick used by criminals to extract personal information for fraud. It is also a good idea not to send security passwords or one-time passcodes over email.
  • Don’t believe the hype.
    Many fraudulent emails send out urgent messages that claim your account will be closed if sensitive information isn’t immediately provided, or that important security needs to be updated online. Your financial institution will never use this method to alert you of an account problem.
  • Be aware of poor design, and/or bad grammar and spelling.
    A tell-tale sign of a fraudulent email or Web site includes typos and grammar errors as well as unprofessional design layout and quality. Delete them immediately.
  • Backup your sensitive data records.
    Consider backing up all sensitive files. This will not only help you restore damaged or corrupted data, but it will help protect against fraud attacks and help recover lost files if needed.
  • Safeguard your identity online.
    In addition to protecting your email, there are a number of guidelines to follow that will help safeguard your identity online. Do not allow a Web site to keep sensitive information or credentials for future convenience.

    It is a common practice when registering for access to a Web site or making a purchase from a Web site to be asked if you want to keep your access credentials, credit card number or other sensitive information on file as a matter of convenience. This common request is referred to as “remembering” for the future use.
  • Be selective about where you surf.
    Not all Web sites are benign. Sites that are engaged in illegal or questionable activities often host damaging software and make users susceptible to aggressive computer attacks.
  • Don’t choose “Remember My Password.
    ”You should never use the “remember password” feature for online banking or transactional Web sites.
  • Don’t use public computers for sensitive operations.
    Since you cannot validate the computer’s integrity, there’s a higher risk of fraud when you log in from a public computer.
  • Work on a computer you trust.
    Firewalls, antivirus, anti-spyware and other protection devices help keep a computer properly monitored and provide peace of mind. These tools are important in order to protect your computer and data. A good firewall is critical if you commonly access the Internet via a wireless connection. It is also important to keep your computer up-to-date with patches to security tools as well as to the operating system and other programs on your computer. Make sure to configure your computer to update all security fixes.
  • Select a strong password.
    The best password is an undetectable one. Never use birth dates, first names, pet names, addresses, phone numbers, or Social Security numbers. Use a combination of letters, numbers and symbols. Be sure to change your passwords regularly. Don’t write down your passwords and try not to use the same password for every service you use online.
  • Use a secure browser.
    Only use secure Web pages when you’re conducting transactions online. Your online banking channel is secured with an Extended Validation SSL Certificate which provides an extra layer of protection to you by requiring third-party Certificate Authorities (CA) to follow a strict issuance and management process for certificate approval and delivery.  This secure browser is recognizable because the browser address bar (1) begins with ‘https’, (2) turns green (in high-security browsers) and (3) a special field appears to the right of the URL with a padlock and the name of the legitimate web site owner.  If you click on this section, you can view the details of the Certificate.
  • Update security software often.
    When you get notices from software vendors to update your software, do it. Most operating system and browser updates include security patches. Your name and email address may be all it takes for a hacker to slip through a security hole into your system. And it almost goes without saying, you should be protected by Internet security software, and it should always be up to date. Purchase a reputable brand of AntiVirus and be aware of fake anti-virus for “free.”
  • Avoid clicking on Ads.
    Never click on Ads on social network sites. Sure, these ads are there to assist in giving the website money, however these are one of the leading causes for virus infections on systems today.  
  • Sign off, shut down, disconnect.
    Always sign off or logout from your online banking session or any other Web site that you’ve logged into using a user ID and password. When a computer is not in use, it should be shut down or disconnected from the Internet.
  • Lock your computer when it is not in use.
    This helps protect you from unauthorized user access.
  • Beware of shoulder surfing.
    This is a common tactic that happens in public places such as coffee shops, airports, libraries etc. where an attacker will look over your shoulder when you’re logged in to obtain your sensitive information. Be vigilant and aware of prying eyes.
  • Set up a timeout.
    The Timeout feature is an additional safety check. It can prevent others from continuing your online banking session if you left your PC unattended without logging out. You can set the Timeout period in the User Options screen.


Multi-factor authentication (MFA), also known as two-factor authentication (2FA) or two-step verification, is a security protocol that involves confirming individual identity through multiple authentication methods prior to granting access to a system, application, or account.

This additional layer of verification enhances security, surpassing the traditional username and password combination. MFA serves as a layer against unauthorized access.

There are various methods to enable MFA for your online banking accounts:

  • SMS or Text Message Codes: Employing SMS multifactor authentication is pivotal for fortifying your online accounts, introducing an extra protective layer for your confidential financial data. Learn how to activate SMS multifactor authentication for online banking here.
  • Email Verification: Email verification entails receiving an email containing a code or push notification. You must access your email and input the code to affirm your identity.
  • Mobile Authenticator Apps: These applications generate time-based one-time passwords (TOTPs), which change at regular intervals. Notable examples encompass Google Authenticator and Microsoft Authenticator. By linking your online banking account to the app, it generates a code that you input during login. Discover how to configure your authenticator app for online banking here.
  • Security Tokens: Digital security tokens are deployed to generate one-time codes.


Business or commercial account holders should institute additional measures in order to further protect their online banking information. For example:

  • Perform your own periodic risk assessments and controls evaluation
  • Improve internal controls to strengthen security posture
  • Embed security awareness in business processes


The Consumer Financial Protection Bureau (CFPB) has several tools to educate veterans and older adults about the dangers of frauds and scams and help them prevent it. The CFPB is offering a new placemat on scams targeting the Aid and Attendance benefit, as part of their series of fraud and scam prevention placemats.

The CFPB recommends veterans and spouses to look out for these signs of possible Aid and Attendance benefit scams:

  • Offers to file an application to get you benefits or increase your pension for a fee
  • Claims to get you benefits faster for a fee
  • Advice to move your money so you’ll qualify for benefits

The CFPB also develops online and print resources to share important financial information with adults 62 and older. The mats and toolkits are available to download or order in bulk for free here.

For more information, visit:
Helping Prevent Scams Targeted at Veterans
Resources for Older Adults


Additional information and tips on how to safe-guard your online security are available at:

Consumer Information: Identity Theft in a new Window)

Protecting Your Business: Start With Security

Consumer Action: Complaints in a new Window)

FDIC Consumer Protection in a new Window)

NACHA Fraud Resources in a new Window)

US Department of Homeland Security in a new Window)

Federal Communication Commission - Business Cyber-planner in a new Window)

Federal Trade Commission: Identity Theft by Mobile Phone in a new Window)

Federal Trade Commission: Tips for Using Public WiFi Networks


Trusteer Rapport® is a security software solution that helps protect your online accounts by providing an additional layer of security to any anti-virus or security software you already use. By protecting your internet connection, Trusteer Rapport® creates a tunnel for safe communication and to help block malicious attempts to access your accounts.

Learn more about our Trustee product.
Learn to protect against Wires Fraud.


Take control of your finances and make your money work for you

The FDIC Money Smart Program is designed to boost your financial skills. You can explore Money Smart resources, as they are available 24/7.

These tools are free of charge and available for all, so remember to share the tools with your family and friends.

Explore The FDIC Money Smart Program

Please note: City National Bank of Florida does not offer tax, legal or accounting advice

Stay Connected

Sign up for our newsletter to stay up to date on banking, product and service updates!

I understand that by filling out this form, I am authorizing City National Bank of Florida to use my personal information (name, telephone number, and email address) to contact me and provide more information regarding marketing communications, products, and services. I understand that I can opt out at any time.

Stay Connected

Sign up for our newsletter to stay up to date on banking, product and service updates!