person typing


At BSF, we take seriously our responsibility to inform our clients. Below, we've compiled a list of helpful links and resources for your use. 

General Resources

To learn more about how we protect your information, please visit the link below:

To learn more about some ways in which you can protect your information, please click the drop-downs below. 

Cybercriminals are becoming more cunning every day. In its September 2020 Digital Defense Report, Microsoft noted an increase in business email compromise (BEC), a cybercrime that targets tech-savvy businesses and individuals through sophisticated and technical email scams.  

At Bank of San Francisco, we are constantly on the lookout for the latest cyber threats. Below, please find two different articles we have sourced from the FBI and FDIC. We hope that sharing these will bring more awareness of possible dangers to our clients, friends and family.

BUSINESS EMAIL COMPROMISE (by the FBI) – “Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional.
In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request, like in these examples:
  • A vendor your company regularly deals with sends an invoice with an updated mailing address.
  • A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
  • A homebuyer receives a message from his title company with instructions on how to wire his down payment.
Versions of these scenarios happened to real victims. All the messages were fake. And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead.”

For more BEC resources, visit the FBI’s website, and learn how criminals carry out these scams, how to report them and how to protect yourself and your business.

AVOID PHISHING, SMITHING, VISHING, AND OTHER SCAMS (by the FDIC) – “Criminals are constantly trying to steal consumers’ personal data using fake emails, websites, phone calls and even text messages. They use a variety of ways to try to trick people into providing Social Security numbers, bank account numbers, and other valuable information. In many cases, their goal is to steal money from you. This article defines some terms used for different online scams and how they work, so you can protect your money.”

This article by the FDIC offers a comprehensive look at different scams and how to avoid them and includes additional FDIC and FTC resources.

Bank of San Francisco is committed to keeping your account and personal information safe and secure. If you believe that you have received a fraudulent email, mistakenly disclosed confidential information or have questions about online security, please contact us immediately.
Everywhere you look, people are using smartphones and tablets as portable, hand-held computers. “Unfortunately, cybercriminals are also interested in using or accessing these devices to steal information or commit other crimes,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “That makes it essential for users of mobile devices to take measures to secure them, just as they would a desktop computer.” 

Since October is Cybersecurity Month, we wanted to share a few basic steps from the FDIC for keeping your smartphone and tablet secure.

Avoid apps that may contain malware. Buy or download from well-known app stores, such as those established by your phone manufacturer or cellular service provider. Consult your financial institution’s website to confirm where to download its official app for mobile banking. 

Keep your device’s operating system and apps updated. Consider opting for automatic updates because doing so will ensure that you have the latest fixes for any security weaknesses the manufacturer discovers. “Cybercriminals try to take advantage of known flaws, so keeping your software up to date will help reduce your vulnerability to foul play,” said Robert Brown, a senior ombudsman specialist at the FDIC. 

Consider using mobile security software and apps to protect your device. For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor. 

Use a password or other security feature to restrict access in case your device is lost or stolen. Activate the "time out" or "auto lock" feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet. 

Back up data on your smartphone or tablet. This is good to do in case your device is lost, stolen or just stops working one day. Data can easily be backed up to a computer or to a back-up service, which may be offered by your mobile carrier. 

Have the ability to remotely remove data from your device if it is lost or stolen. A “remote wipe” protects data from prying eyes. If the device has been backed up, the information can be restored on a replacement device or the original (if you get it back). A number of reputable apps can enable remote wiping... 
1This article was originally published in the FDIC's Consumer News Special Edition, as it appears here.
Cyber attackers often target small to mid-size businesses because they are perceived to be less secure and more likely to pay a cyber ransom than larger companies. You can help to protect your business by identifying cybersecurity risk and developing a successful security strategy.

Begin by considering the following questions:  
  • Does your business have off-site storage of critical data backups?
  • Does your business have up-to-date endpoint protection (Antivirus, Anti-malware) installed on every desktop and laptop?
  • Does your business email system protect against spam, phishing, and other email security issues?
  • Does your security team perform regular vulnerability assessments on your networks and systems?
  • Does your firewall solution provide additional security services such as Gateway Antivirus, Gateway Antispyware, Intrusion Prevention and Content Filtering?
  • Does your business educate employees about security threats, such as ransomware, phishing, spyware; and how to avoid them?
If you have any questions about best practices for protecting your business, don’t hesitate to reach out to us.
Bank of San Francisco is committed to keeping your account and personal information safe and secure. Below, we have compiled several tips that you can use to keep your identity safe and strategies for being on the lookout for possible threats.
  • The first thing you should do if you suspect you’re a victim is check all of your credit reports – Equifax, Experian and TransUnion – by getting a free credit report at
  • Monitor your credit card and bank accounts for unauthorized activity. If you find or suspect you’ve been a victim of fraudulent activity, put a freeze on your credit.
  • If your debit or credit card number or bank account information has been stolen, contact your bank to cancel your card and/or close your account. Review all of your transactions and call the bank’s fraud department if you notice any unwanted charges.
  • Set up fraud alerts on your credit file to warn creditors that your identity was stolen. This will prompt them to verify the identity of anyone looking to get credit in your name.
  • File your taxes early to prevent a scammer from filing for you and collecting your refund.
If you believe that you are the victim of identity theft, have received a fraudulent email, mistakenly disclosed confidential information, or have questions about online security, please contact us immediately.
Social engineering refers to the use of deception as a way of manipulating others into performing actions or divulging confidential information for fraudulent purposes. The deception could take place via phone, email, postal mail or direct contact.
Below, we have outlined several types of social engineering, as a resource for our clients, so they may be aware of, and on the lookout for, possible threats. 
  • Baiting – When an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto their computer, unintentionally installing the malware.
  • Phishing – When a malicious party sends a fraudulent email disguised as a legitimate email, purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.
  • Spear phishing – Similar to phishing, spear phishing is targeted at a specific individual or organization.
  • Whaling – A type of fraud that targets high-profile end users such as corporate executives, politicians and celebrities. The email message is often meant to trick the recipient into generating funds transfer requests to their financial institution.
  • Pretexting – When one party lies to another to gain access to privileged data usually over the phone.
  • Scareware – Tricking the victim into thinking their computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers a solution that will fix the problem; in reality, the victim is tricked into downloading and installing the attacker’s malware.
Bank of San Francisco is committed to keeping your account and personal information safe and secure. If you believe that you have received a fraudulent email, mistakenly disclosed confidential information or have questions about online security, please contact us immediately.