Security Alert – New Malware Scam Targets Online Banking Token Users Across U.S.

Security AlertCitywide Banks has received reports of an active malware scam targeting online banking security token users at banks across the country. This potential threat may apply to some Citywide Banks business customers that use security tokens to access their account online.  As with any potential threat, we urge you NOT to respond to any unsolicited requests for personal and financial account information. This latest fraud scam could be in the form of an email, text message, or a pop-up browser window.

This latest malware variant will prompt a user to input account and/or token data, which then results in another screen prompt indicating that the user will be unable to access the account for 24-hours while maintenance is performed. This allows the fraudster to take over the session and commit fraud while the user is detained on the fake “maintenance” screen. A similar variant of the malware has been identified where the end user receives a pop up asking for several pieces of personal information including a phone number. The customer inputs the data and then receives a phone call immediately from a caller claiming to be a bank employee letting them know the system will be down for 24 hours which then allows the fraudster to access the account while on the phone with the user.

The malware is designed to collect data such as watermarks and the bank’s logos to make the false screen appear legitimate. Please note that Citywide Banks will NOT ask you for personal account information through an email, text, online form, or social media. Also, Citywide Banks will always post a message on our OnlineOption online banking home page (the page you see after you log into your account) alerting customers 48 hours prior to scheduled maintenance.

You should always contact your designated Citywide Banks representative, your nearest branch, or Citywide Banks Customer Service at 303-365-3650, to verify the validity of any event or information request.

Upon customer request, Citywide Banks may be able to restrict online access to your account by designating specific IP addresses for your account. This option can dramatically lower the risk of a cybercriminal accessing your account from a remote location. Contact your Citywide Banks representative to discuss the benefits and potential challenges of this option.


  • Monitor your accounts frequently and immediately report any suspicious transaction to Citywide Banks.
  • Change your account access and computer/network access passwords regularly. Keep these credentials confidential.
  • Be wary of “urgent” emails requesting you to input log-in information or other private information. Contact your account provider directly through known contacts to confirm the request is legitimate.

Please contact your Citywide Banks representative for any questions about your account. For more tips on information security, including protecting your mobile phone use, visit the Information Security & Privacy section on

Comments are closed.