Important Alerts & Notices

September 2017: Equifax Data Breach

As you may have seen in the news, there has been a consumer information breach at Equifax, one of the nation’s largest credit reporting agencies.

 

Please be assured that this incident is not related to OceanFirst Bank. The protection of your information and safety of your account is a top priority of ours, and we wanted to make you aware of this incident.

 

We recommend that you visit Equifax’s website www.equifaxsecurity2017.com for more information on this data breach. To find out if your information has been compromised, click on the “Potential Impact” tab and follow the instructions. The site will inform you if you may have been affected by this data breach.

 

At OceanFirst Bank, we believe that consistent attention to all of your accounts is one of the best ways to protect yourself against fraud and identity theft. OceanFirst Bank offers a mobile banking app and text alerts to assist you with monitoring your accounts.

 

To learn more about identity theft and how you can protect yourself, visit the Federal Trade Commission’s website, www.identitytheft.gov

June 2016: FBI Updates Business Email Compromise PSA

The FBI has released an updated public service announcement to provide new information and statistical data related to business email compromise scams. The updated PSA details a new data theft scenario employed by fraudsters that targets departments responsible for maintaining tax and personally identifiable information, such as human resources, bookkeeping or audit.

Since January 2015, business email compromise scams -- in which criminals hack into corporate email accounts through social engineering or computer intrusion techniques and conduct unauthorized funds transfers -- have increased 1,300 percent, with victims in all 50 states and 100 countries. Criminals target businesses of all sizes, specifically those that work with foreign suppliers or that regulatory perform wire transfer payments.

The PSA provides an overview of the complaints submitted to the FBI’s Internet Crime Complaint Center, provides tips for mitigating the risk of BEC and outlines steps businesses can take if they fall victim to this type of scam.

https://www.ic3.gov/media/2016/160614.aspx

Business E-mail Compromise

E-mail Account Compromise

February 2016: Scam Calls & Emails Using IRS as Bait Persist

Scams using the IRS as a lure continue. The most common are phone calls and emails from thieves who pretend to be from the IRS. They use the IRS name, logo or a fake website to try to steal your money. They may try to steal your identity too.

Be wary if you get an out-of-the-blue phone call or automated message from someone who claims to be from the IRS. Here are several tips that will help you avoid becoming a scam victim.

The real IRS will NOT:

  • Call you to demand immediate payment. The IRS will not call you if you owe taxes without first sending you a bill in the mail.
  • Demand tax payment and not allow you to question or appeal the amount you owe.
  • Require that you pay your taxes a certain way. For example, demand that you pay with a prepaid debit card.
  • Ask for your credit or debit card numbers over the phone.
  • Threaten to bring in local police or other agencies to arrest you without paying.
  • Threaten you with a lawsuit.

In most cases, an IRS phishing scam is an unsolicited, bogus email that claims to come from the IRS. They often use fake refunds, phony tax bills, or threats of an audit. Some emails link to sham websites that look real. The scammers’ goal is to lure victims to give up their personal and financial information.
If you get a ‘phishing’ email, the IRS offers this advice:

  • Don’t reply to the message.
  • Don’t give out your personal or financial information.
  • Forward the email to phishing@irs.gov. Then delete it.
  • Don’t open any attachments or click on any links. They may have malicious code that will infect your computer.

More information on how to report phishing or phone scams is available on IRS.gov.

Fraud Advisory for Businesses - Corporate Account Takeover

You may be hearing about the CoreBot malware in the news. As with any security issue, your security is our top priority. In order to minimize risk to CoreBot and other forms of malware, we recommend standard security best practices for all devices you use to access digital banking. These best practices include:

  • Up-to-date malware (endpoint) protection software in addition to anti-virus software.
  • Use a firewall when entering personal information.
  • Use different passwords for each system/website accessed.
  • Disabling AutoPlay to prevent the automatic launching of executable files.
  • Do not open attachments unless you expect them.

FBI Public Service Announcement August 2015: E-Mail Account Compromise (EAC)

E-mail Account Compromise (EAC) is a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies and law firms. The EAC uses social engineering or computer intrusion techniques to compromise the e-mail accounts of unsuspecting victims. EAC is very similar to the Business E-mail Compromise (BEC) scam, except that it targets individuals rather than businesses.

Learn more about EAC scams, what to do if you have been a victim, and tips to protect yourself by accessing the following link:

http://www.ic3.gov/media/2015/150827-2.aspx

FBI Update August 2015: Business Email Compromise (BEC) Continues to Grow and Evolve

This FBI Public Service Announcement includes new information and updated statistical data as of August 2015. Access the following link to view this important update:

http://www.ic3.gov/media/2015/150827-1.aspx

Fraud Alert – Business E-mail Compromise Continues to Swindle and Defraud U.S. Businesses

The Financial Information Sharing and Analysis Center (FS-ISAC) and federal law enforcement agencies continue to report an increase in wire transfer fraud against U.S. businesses through a scam referred to as “Business E-mail Compromise” (BEC) which involves the compromise of legitimate business e-mail accounts.  Learn more about BEC, risk mitigation to protect your business, and incident reporting should you experience a loss by accessing the following link:

FS-ISAC Fraud Alert: Business Email Compromise

FBI Public Service Announcement - Business E-Mail Compromise

The Federal Bureau of Investigation recently issued a public service announcement regarding Business E-Mail Compromise (BEC) which is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The fraudulent wire payments sent to foreign banks may be transferred several times but are quickly disbursed. Asian banks, located in China and Hong Kong, are the commonly reported ending destination for these fraudulent transfers. BEC is a global scam with subjects and victims in many countries. The FBI has received related complaints from every U. S. state. Find out more about this scam and how to protect your business by accessing the following link: https://www.ic3.gov/media/2015/150122.aspx.

If you experience a loss, we recommend that you file a police report. You may also choose to file a complaint online at http://www.ic3.gov. For substantial losses, contact your local FBI field office(http://www.fbi.gov/contact-us/field/field-offices), your local United States Secret Service field office(http://www.secretservice.gov/field_offices.shtml), or the Secret Service's local Electronic Crimes Task Force(http://www.secretservice.gov/ectf.shtml).

Fraud Advisory for Businesses - Corporate Account Takeover

As part of a joint effort between the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) a fraud advisory was circulated regarding Corporate Account Takeover. Cyber criminals are targeting small and medium sized business financial accounts, resulting in substantial monetary losses from fraudulent transfers. In many cases these funds cannot be recovered. Find out how to protect your business by accessing the following link: http://www.ic3.gov/media/2010/CorporateAccountTakeOver.pdf.

If you experience a loss, we recommend that you file a police report. You may also choose to file a complaint online at http://www.ic3.gov. For substantial losses, contact your local FBI field office (http://www.fbi.gov/contact-us/field/field-offices), your local United States Secret Service field office (http://www.secretservice.gov/field_offices.shtml), or the Secret Service's local Electronic Crimes Task Force (http://www.secretservice.gov/ectf.shtml).

Don’t be a victim of Phishing Attacks

The following important information is provided for your protection and security
OceanFirst Bank is committed to taking all possible steps to insure the safety and security of our customer's personal information. Please be assured that OceanFirst Bank does not solicit personal customer information by e-mail or telephone or through pop-up messages in online banking. We would not ask you to provide us with information such as your account number, credit or debit card information, social security number, password, mother's maiden name, date of birth or similar sensitive personal data.

Please be diligent in your own protection of this information. If you do receive an email or see a pop-up screen that appears to be from OceanFirst Bank asking you to provide personal information, please disregard the request and contact the OceanFirst Bank, Retail Customer Service department immediately at 1-888-623-2633, extension 7710. Only in instances where you have personally initiated the contact with OceanFirst Bank, and have confirmed you are speaking with an authorized Bank employee, should you verify personal information such as account numbers, debit or credit card numbers or your social security number.

Phishing attacks attempt to persuade a user to take action - for example, clicking a link that would lead to a spoofed site to capture logon data or to a site that would install spyware on the user's workstation. While some phishing attempts are easily identifiable by clumsy language or implausible circumstances, we've come across a few messages that are particularly well-crafted, and thought it worthwhile to share them with you. The following are examples of plausible messages that may not be legitimate "alerting" the user that:
 

  • New secret questions have been added to their profile; if something seems "wrong" then the user should click a link.
  • An effort is underway to reduce spam. A link must be clicked to confirm the user’s email address.
  • The user has joined a mailing list. One link must be clicked to confirm that the user has joined a mailing list; another must be clicked to remove the user from the mailing list.
  • A password reset request has been received. One link must be clicked to confirm that the user has requested it; another must be clicked if the user did not request it.
  • Phishing Attempt Examples

Actual email message examples are reproduced below, including any errors in the messages. {Bracketed} information would be replaced by user/site specific information.

  • ACH Transaction Canceled

  • Secret Questions

  • Spam Reduction

  • Mailing List

  • Password Reset Request

 

Notice to recipients of Electronic Transfers (consumer accounts only)

In case of errors or questions about your electronic transfers, please telephone us at (732)240-4500, ext. 7710 or write to OceanFirst Bank, P.O. Box 2009, Toms River, NJ 08754-2009 as soon as you can if you think your statement of receipt is wrong or if you need more information about a transfer on the statement or receipt. We must hear from you no later than 60 days after we sent you the FIRST statement on which the error or problem appeared with the following information:

  • Your name, your OceanFirst account number and CheckCard number if applicable
  • Describe the error or the transfer you are unsure about and explain as clearly as you can why you believe it is wrong or why you need more information.
  • Tell us the date and the dollar amount of the suspected error and supply us with copies of any receipts or other documentation that will assist our investigation.

We will investigate your complaint and correct the error promptly. If we take more than 10 business days (5 business days for POS transactions, 20 business days for a new account) to do this, we will credit your account for the amount you think is in error, so that you will have the use of the money during the time it takes us to do our investigation.