**Security Alert**

The following important information is provided for your protection and security

OceanFirst Bank is committed to taking all possible steps to insure the safety and security of our customer's personal information. Please be assured that OceanFirst Bank does not solicit personal customer information by e-mail or telephone or through pop-up messages in online banking. We would not ask you to provide us with information such as your account number, credit or debit card information, social security number, password, mother's maiden name, date of birth or similar sensitive personal data.

Please be diligent in your own protection of this information. If you do receive an email or see a pop-up screen that appears to be from OceanFirst Bank asking you to provide personal information, please disregard the request and contact the OceanFirst Bank, Retail Customer Service department immediately at 1-888-623-2633, extension 7710. Only in instances where you have personally initiated the contact with OceanFirst Bank, and have confirmed you are speaking with an authorized Bank employee, should you verify personal information such as account numbers, debit or credit card numbers or your social security number.

• Best Practices for Online Security

  Of course, the security of your personal information begins with using extra caution and good sense when using the Internet. We encourage you to keep in mind the following tips when you are online:

  • Never provide personal information such as your bank account numbers, credit or debit card numbers, social security number or other sensitive personal/financial information unless you have initiated the contact.
  • Only install software from trusted sources and known origins. Software distributed via email is particularly dangerous as viruses are often transmitted via email.
  • Download Trusteer Rapport - free fraud protection software provided by OceanFirst Bank.
  • Install and maintain Antivirus and Anti-Spyware software on your computer.
  • Update your browser software to benefit from the latest security protections.
  • Pay attention to warning messages presented through your browser. Browser warning messages may indicate a security threat.
  • Use caution when reviewing privacy policies and acceptance terms for online products and services.

• Be Aware - Information regarding Phishing and Pharming

  The Internet scam known as "phishing" is an attempt to obtain your personal financial information. In a phishing scam, you may receive an e-mail message designed to look like it came from a legitimate source that warns of a serious problem requiring immediate attention or redirects you to a phony website that looks like the real thing. Phishing attempts may also be sent via instant messaging. Voice phishing called "vishing" involves the use of Voice over Internet Protocol (VoIP) and can be in the form of an email appearing to be from a trusted source, or automated dialing programs showing a legitimate-looking local or toll-free phone number in caller ID. Never provide your personal information or password in response to an unsolicited request by telephone or by clicking on the URL link imbedded in an e-mail or instant message, or by calling a telephone number provided, if there is reason to believe the e-mail or message may be fraudulent.

  In another scam known as "pharming" online users are redirected to an illegitimate website through technical means. "Pharmers" take advantage of slight misspellings in domain names, or trick users into inadvertently visiting the pharmer's website, to obtain personal information.

• Protect Your Business – Important Information Regarding Corporate Account Takeover

  A “Corporate Account Takeover” is when cyber-thieves gain control of a business’ bank account by stealing valid online banking credentials. Cyber criminals target small and medium-sized businesses by using malware to infect workstations and laptops. A business can become infected with malware through e-mail attachments or links connecting to an infected website or through clicking on documents, videos or photos posted on legitimate websites, such as social networking sites. In many cases, e-mails are sent that appear to be from reputable organizations but contain links to fake websites. When recipients access these links they unknowingly install keylogging software, which provides cyber-thieves with access to the user’s account details, activity and ACH and wire transfer origination parameters. This information is then used to initiate fraudulent funds transfers.

  What can you do to protect your business?

  • Initiate ACH and Wire Transfer payments under dual control.
  • Ensure that anti-virus and security software is installed and up to date.
  • Restrict functions for workstations and laptops that are used for online banking and payments.
  • Monitor & reconcile accounts daily.
  • Utilize routine and "red-flag" reporting for transaction activity.

If you fall victim to a scam and have disclosed personal information, act immediately to protect yourself by alerting us, placing fraud alerts on your credit files and monitoring your account statements closely. Also report suspicious e-mails or pharming attempts to the Federal Trade Commission through the Internet at www.consumer.gov/idtheft, or by calling 1-877-IDTHEFT (1-877-438-4338). Suspicious e-mails purporting to be from the Federal Deposit Insurance Corporation (FDIC) should be reported to alert@fdic.gov.