Every day, regular people like you lose their hard-earned money to online phishing scams.
Don't fall for fake. Use these tips from the American Bankers Association to learn how to spot shady texts, emails, and phone calls by knowing the things your bank would never ask.
What is phishing?
Phishing is a type of online scam where criminals make fraudulent emails, phone calls, and texts that appear to come from a legitimate bank. Every year, people lose hundreds, even thousands, of dollars to these scams. The communication is designed to trick you into entering confidential information (like account numbers, passwords, PINs, or birthdays) into a fake website by clicking on a link, or to tell it to someone imitating your bank on the phone.
You've got fraud: Email scams
Email scams account for 96 percent of all phishing attacks, making email the most popular tool for the bad guys. Often, the scammer will disguise the email to look and sound like it’s from your bank.
Here are some tell-tale signs of email phishing:
Avoid clicking suspicious links
If an email pressures you to click a link — whether it’s to verify your login credentials or make a payment, you can be sure it’s a scam. Banks never ask you to do that. It’s best to avoid clicking links in an email. Before you click, hover over the link to reveal where it really leads. When in doubt, call your bank directly, or visit their website by typing the URL directly into your browser.
Raise the red flag on scare tactics
Banks will never use scare tactics, threats, or high-pressure language to get you to act quickly, but scammers will. Demands for urgent action should put you on high alert. No matter how authentic an email may appear, never reply with personal information like your password, PIN, or social security number.
Watch for attachments and typos
Your bank will never send attachments like a PDF in an unexpected email. Misspellings and poor grammar are also warning signs of a phishing scam.
Be skeptical of every email
In the same way defensive driving prevents car accidents, always treating incoming email as a potential risk will protect you from scams. Fraudulent emails can appear very convincing, using official language and logos, and even similar URLs. Always be alert.
BRB, stealing somebody’s identity: Text swindlers
Phishing text messages attempt to trick you into sharing personal information like your password, PIN, or social security number to gain access to your bank account. As long as you don’t respond to these messages and delete them instead, your information is safe. All you need to do is spot the signs of a scam before you click or reply.
If you suspect that a text you receive is a phishing attempt:
Slow down — think before you act
Acting too quickly when you receive phishing text messages can result in unintentionally giving scammers access to your bank account — and your money. Scammers want you to feel confused and rushed, which is always a red flag. Banks will never threaten you into responding or use high-pressure tactics
Don’t click links
Never click on a link sent via text message — especially if it asks you to sign in to your bank account. Scammers often use this technique to steal your username and password. When in doubt, visit your bank’s website by typing the URL directly into your browser or log in to your bank’s mobile app.
Never send personal information
Your bank will never ask for your PIN, password, or one-time login code in a text message. If you receive a text message asking for personal information, it’s a scam.
Delete the message
Don’t risk accidentally replying to or saving a fraudulent text message on your phone. If you are reporting the message, take a screenshot to share, then delete it.
Reach out and scam someone: Phishy phone calls
Scammers sometimes try to cheat you out of your money by impersonating your bank over the phone. In some scams, they act friendly and helpful. In others, they’ll threaten or scare you. Scammers will often ask for your personal information or get you to send them money. Banks never will.
Don’t rely on caller ID
Scammers can make any number or name appear on your caller ID. Even if your phone shows it’s your bank calling, it could be anyone. Always be wary of incoming calls.
Never give sensitive information
Never share sensitive information like your bank password, PIN, or a one-time login code with someone who calls you unexpectedly —?even if they say they’re from your bank. Banks may need to verify personal information if you call them, but never the other way around.
Watch out for a false sense of urgency
Scammers count on getting you to act before you think, usually by including a threat. Banks never will. A scammer might say act now or your account will be closed, or even we've detected suspicious activity on your account do not give in to the pressure.
Hang up — even if it sounds legit
Whether it’s a scammer impersonating your bank or a real call, stay safe by ending unexpected calls and dialing the number on the back of your bank card instead.
What to do if you fall for a scam email, call, or text.
Contact your bank, financial institutions, and creditors.
- Speak with the fraud department and explain that someone has stolen your identity
- Request to close or freeze any accounts that may have been tampered with or fraudulently established.
- Make sure to change your online login credentials, passwords, and PINs.
Secure your email and other communication accounts.
- Many people reuse passwords and your email or cell phone account may be compromised as well.
- Immediately change your accounts’ passwords and implement multi-factor authentication — a setting that prevents cybercriminals from accessing your accounts, even if they know your password — if you haven’t already done so.
Check your credit reports and place a fraud alert on them.
- Get a free copy of your credit report from annualcreditreport.com or call 877.322.8228.
- Review your credit report to make sure unauthorized accounts have not been opened in your name.
- Report any fraudulent accounts to the appropriate financial institutions.
- Place a fraud alert on your credit by contacting one of the three credit bureaus. That company must tell the other two.
- Experian: 888.397.3742 or experian.com
- TransUnion: 800.680.7289 or transunion.com
- Equifax: 888.766.0008 or equifax.com
Contact ChexSystems.
- Place a security alert on the compromised checking and savings accounts when a deposit account has been impacted. Make your report to ChexSystems online or call 888-478-6536.
Contact the Federal Trade Commission.
- Visit identitytheft.gov or call 877-438-4338 to report an ID theft incident.
File a report with your local law enforcement.
- Get a copy of the report to submit to your creditors and others that may require proof of the crime.
Get scam smart.
Learn more at BanksNeverAskThat.com, follow #BanksNeverAskThat on social media for quick tips, or speak with your trusted banking representative about steps you can take to protect your accounts.