Alcatraz Island
Alcatraz Island

Security and Fraud Center

Protecting your accounts is central to how we serve you. We use layered digital safeguards across every channel to help protect your information. 
 
If you receive an unexpected call requesting personal information on our behalf, hang up and call your Relationship Manager or a team member whose number you already have. Our Client Services team is also here to help at 415-744-6700. 
Phone-based fraud is on the rise, and fraudsters have gotten good at impersonating bank employees. Caller ID can be spoofed. Voices can sound calm and professional. Here’s how it actually works when Bank of San Francisco is on the line. 
 
If you call us, we’ll ask a few questions to confirm it’s really you. We may also send a one-time verification code to the phone number or email address on file and ask you to read it back, which helps protect your account from unauthorized access. The code will never be your password or your PIN. 
 
If we call you, it will be your Relationship Manager or a member of Client Services regarding a specific and expected matter. We will never ask you to share your password or your PIN. 
 
If a call feels off — if it’s unexpected and urges you to act fast — hang up and call your Relationship Manager or a team member whose number you already have. They know you, and they can confirm whether the call was really from us. If you can’t reach them, our Client Services team is here to help at 415-744-6700.
 
If you think you may have shared something, call us right away. The sooner we know, the more we can do: flagging activity, resetting credentials, and walking you through next steps.
 
For additional background on phone, text, and email scams, the American Bankers Association maintains resources at banksneveraskthat.com.
Most online fraud attempts share a few patterns. If you recognize them, you can stop most of them in the first few seconds. 
 
  • Don't click unexpected links or open unknown attachments, even from senders you recognize. If something looks off, it usually is.
  • Never respond to unexpected requests to "verify" your information. If you didn't initiate the contact, don't click the link or call the number provided. Reach out through a channel you already trust instead.
  • If a message demands you act immediately, slow down. Real notifications tell you what happened and how to respond. 
  • Confirm directly with the sender using contact information you already have, not what's provided in the message. 

Learn more from official sources:

Small and mid-size businesses are frequent fraud targets. A few practices thwart most attempts: 
 
  • Require dual approval for wires, ACH transactions, and other high-value transfers.
  • Verify any request to change vendor payment information by phone, using a number you already have (not one supplied in the request itself).
  • Educate staff on phishing and social engineering. Most business fraud begins with an email, not a hack.
  • Keep systems current and maintain an incident-response plan you've actually tested. 
If you suspect fraud on your business accounts, contact your Relationship Manager right away. 

We use multi-layered authentication, secure cookies, and automatic time-outs to safeguard online sessions.

You can help by:

  • Creating strong, unique passwords and updating them regularly.
  • Keeping login credentials private.
  • Logging off or closing the app when finished.
  • Downloading the Bank of San Francisco mobile app only from verified app stores.
  • Reporting suspicious emails to mainoffice@bankbsf.com.

Bank of San Francisco may send you legitimate emails and texts – statement notifications, account alerts, security codes you’ve requested. What we won’t do is ask you to share your password or PIN through any of these channels. If you receive a message that looks like it’s from us but you weren’t expecting it, don’t click any links. Open a new browser window and go to bankbsf.com directly, or call your Relationship Manager. 

Most scams we see fall into two categories: 
 
  • Phishing: fraudulent emails, texts, or calls that appear to come from a trusted source and ask you to share information or click a link.
  • Pretexting: a caller posing as a colleague, vendor, or authority figure (including a bank employee) to get you to act quickly or share sensitive data. 
The common thread is that you didn't initiate the contact. When in doubt, stop, and reach out through a channel you already trust. 

If you believe you’ve been a victim:

  1. Call your Relationship Manager immediately if your Bank of San Francisco accounts are involved. If you can‘t reach them, call Client Services at 415-744-6700.
  2. Change your PINs and passwords for any account that may have been exposed. 
  3. Contact the three credit bureaus (Experian, Equifax, TransUnion) and request a fraud alert.
  4. File a report with your local police and, for financial crimes, the FBI's Internet Crime Complaint Center.
  5. Review your credit reports and account statements for any unauthorized activity. 
  6. For business accounts, notify the California Attorney General and the Better Business Bureau.
Links to external websites are provided for informational purposes only. Bank of San Francisco does not endorse or guarantee third-party content.