Online Security

Spoofing, Phishing and Other Forms of Internet Fraud

As an internet user, it is important to be aware of spoofing, phishing and other forms of internet fraud that could put you at risk.

Fraudulent, or so-called spoof emails appear to be from a company that you may know of or use. In general, these emails ask you to provide or update personal information, credit and debit card numbers, and account passwords, with the goal of stealing personal and financial information. The Bank will never ask you for your financial information, your personal password, PIN, or any other information that would allow access to your account.

A spoof email, pop-up window or web search engine may provide a link to a phony website, which may look like a site that you're familiar with. Upon closer examination, however, you may be able to determine that the site is a fake.

STOP. THINK. CONNECT.™ is the global online safety awareness campaign created by a coalition of private companies, non-profits, and government organizations. It is focused on keeping all digital citizens safe and more secure online. View their helpful tips and advice.

The Federal Home Loan Bank of San Francisco encourages you to follow these guidelines to protect you and your institution against phishing and other forms of internet fraud.

  • If you receive an email or pop-up window that appears suspicious do not open it. If you believe that you've received a fraudulent email or visited a fraudulent website that is impersonating the FHLBank San Francisco website, please forward that email or website information to us at abuse@fhlbsf.com.

  • Do not rely on links contained in emails or search engines. Instead, open a new browser window and enter the full address for the site you want to visit, for example, https://fhlbsf.com.
  • Keep your software current.

  • Create a passphrase to secure your account.

  • Protect your information and privacy when you conduct business with us online. The Bank will never ask you for your financial information, your personal password, PIN, or any other information that would allow access to your account.

  • Become educated. Visit the Cybersecurity & Infrastructure Security Agency for additional recommendations on protecting your information and reporting phishing scams to the proper authorities.