Safe Banking - ESAF Small Finance Bank

Safe Banking

At ESAF SFB, we put continuous effort in making our esteemed customers aware of the various steps to follow, to safeguard and avoid compromising of confidential customer information that leads to online scams such as Spoofing, Vishing, Phishing etc. In the event of suspect and abnormal transactions, ESAF SFB requests its esteemed customers to immediately inform us at our E-mail ID.
ESAF SFB desires to partner with its esteemed customers to counter such fraudulent attempts.


Phishing is an attempt to “steal or fish” the customer’s confidential details (Identity Theft). Phishing attempts are usually via e-mails that appear to be from reputed institutions like central banks, banks and popular websites. The email will be seeking customer's confidential data like user id, login and transaction passwords, One Time Password (OTP), Unique Reference No.(URN) etc. There are sub variants like “Spear Phishing“ which are more personalized and targeted phishing attempts, customized on the basis of your web browsing for various personal and professional requirements.


Smishing is an attempt to “steal or fish” the customers’ confidential details (Identity theft). Smishing attempts are via Short Message Service (SMS- Also known as text messages). This is a modified version of Phishing where SMS is used instead of e-mail. Smishing messages propagate ordinary and extraordinary benefits for the customers such as “ You/your mobile number has won Rs. 10,00,000, You/your mobile has been given 10 free movie tickets, Your mobile has been selected for free recharges worth 10,000, visit our website or click on the link or call certain number to claim the prizes”. Clicking on the link or calling on the number will lead you to websites or individuals seeking personal information. These are becoming more common due to smart phones becoming more popular. Smishing attacks are getting common because of easy sharing and compromising of customer mobile numbers by fraudulent service providers.


Spoofing is an attempt to trick and deceive the users, by duplicating and faking the identity of another user. Spoofing is commonly administered via email, phone, website etc. Website spoofing is the act of duplicating a legitimate website by using similar names, graphics, logos, URLs, padlock etc used in the legitimate website. Email Spoofing is an act to manipulate e-mails by duplicating the e-mail ID of the sender to make the recipient believe that it has been sent by “Trusted” sender and lead the recipient to share confidential information.


Vishing is an attempt to trick and deceive the users for sharing confidential personal and financial information, through phone calls, by fraudsters who claim to represent the Bank. Vishing is done to gain sensitive information such as account number, base branch, personal parameters like date of birth, mother’s maiden name, debit card, card pin and grid values, Internet banking user ID and passwords, OTP (One time password), URN (Unique registration number), CVV etc. The information gained will then be utilized to conduct fraudulent activities on your account without the customer's permission and knowledge, leading to financial loss for the customers.

SIM Swap:

SIM swap is an attempt to exchange the genuine SIM card of the customer with a duplicate SIM card of your mobile service provider. The SIM is then used for committing various fraudulent financial transactions. Mobile phones are becoming an important banking channel through which customers make financial enquiries, get account related alerts, receive one time password (OTP) to initiate and complete financial transactions initiated across various channels etc. OTPs are in fact becoming the key second factor authentication for completing financial transactions. The compromising of the SIM card by SIM swap allows fraudsters and criminals to modify account level information and conduct fraudulent financial transactions, leading to financial loss for the customers.

Social media and websites:

Social media sites are fast becoming primary drivers of identity theft by luring users with various rewards and benefits through customized and targeted messages centered around special occasions, promotional campaigns etc. They lead to installation of malicious software in the devices, which monitor the activities and attempts to steal personal information of the user's line name, mobile number etc.

General Safety Tips:

  • Regulatory Bodies like Reserve Bank of India, Government authorities including Income Tax department, ESAF SFB etc., never seek any confidential information like Name, Mobile Number, Bank Account details over e-mail or phone call.
  • Treat e-mail messages that seek confidential/personal information with suspicion. Do not respond to e-mails, calls, web forms etc. that ask for your Internet Banking credentials like user ID/ passwords, Email ID, Mobile number , Debit card number and PIN, Personal information such as Date of Birth, Mother’s Maiden name etc.,
  • Do not use public/unprotected computers and networks to access and transact using ESAF SFB Internet banking and debit card. Always use privately protected network to access, operate and transact on your account.
  • Do not open e-mail attachments and links from unknown/unverified sources received through e-mails and SMSs. Delete such suspicious e-mail and SMS communication immediately and categorize them as junk to avoid future e-mail messages.
  • Always use the ESAF SFB URL directly on your browser’s address bar to ensure you are accessing and transacting on the correct web page. Never use a link in an e-mail or SMS message to log on to the ESAF SFB website. Access the official ESAF SFB website via __________.