Security Update for OceanFirst Bank Customers - Phishing Attempts

In general, phishing attacks attempt to persuade a user to take action - for example, clicking a link that would lead to a spoofed site to capture logon data or to a site that would install spyware on the user's workstation.

While some phishing attempts are easily identifiable by clumsy language or implausible circumstances, we've come across a few messages that are particularly well-crafted, and thought it worthwhile to share them with you.

The following are examples of plausible messages that may not be legitimate "alerting" the user that:

  • New secret questions have been added to their profile; if something seems "wrong" then the user should click a link.
  • An effort is underway to reduce spam. A link must be clicked to confirm the user’s email address.
  • The user has joined a mailing list. One link must be clicked to confirm that the user has joined a mailing list; another must be clicked to remove the user from the mailing list.
  • A password reset request has been received. One link must be clicked to confirm that the user has requested it; another must be clicked if the user did not request it

Actual email message examples are reproduced below, including any errors in the messages. {Bracketed} information would be replaced by user/site specific information.

  • Secret Questions

  • Spam Reduction

  • Mailing List

  • Password Reset Request

Characteristics of Legitimate OnSite Deposit Service E-Mails

Legitimate e-mail messages originate from “System Adminstrator”

If in doubt about the legitimacy of an OnSite Deposit Service e-mail, do not respond and contact us at 732-240-4500 extension 7770.