Every day, thousands of people fall victim to fraudulent emails, texts and calls from scammers pretending to be their bank. Last year, American consumers lost an estimated $8.8 billion to phishing scams and other fraud–an increase of more than 30% over 2021.
Fraud tactics change all the time, making it hard to spot a scam. Just one click on a link in a suspicious email can give a fraudster access to your password, login and more. If you understand the five telltale signs of phishing in calls, emails, and texts, you can choose not to the bait. If you’re looking after elderly loved ones who are still using phones and email, makes sure they are aware of these schemes, too.
Here's the basic rule of thumb: If the communication requests any of the following, it’s probably a phishing scam:
1. They direct you to open a link.
2. They use urgent or fear-inducing language to incite you to quick action.
3. They send an attachment.
4. They request personal info like PINs, passwords, or social security numbers.
5. They pressure you to log into, or send money with, payment apps.
According to the website BanksNeverAskThat.com, these red flags show up in real life phishing scams in predictable ways. Here’s what to watch for.
Unusual Email Addresses: Does that look like an email address your bank would use? Be wary of unexpected emails from addresses that aren’t like the ones your bank typically employs.
Misspelled Words: If you see misspelled words or odd grammar, they are all clear signs of an impersonator. Real banks use spell check.
Scare Tactics: If an email uses scare tactics, such as urgent warnings of account closure or security breaches, you can safely assume it’s a scam.
Suspicious URLs: Banks will never ask you to log in via email. Phishing emails use deceptive URLs to take you to malicious websites. Never click links that you weren’t expecting.
Unexpected Attachments: Real banks will never send an email attachment — especially when you didn’t ask for it. Attachments can contain malware that can compromise your computer or personal information. Never click on attachments from emails supposedly from your bank.
Strange Phone Numbers: Is that the number your bank usually uses to send text messages? Legit text message updates come from an official four or five- digit number used by your bank.
Urgent Warnings or Requests: Phishing texts try to create a sense of panic, such as threatening to suspend your account or urging you to log in to verify. Real bank texts won’t.
Odd Grammar or Spelling Mistakes: Misspelled words or odd grammar are both clear signs of an impersonator. Real banks use spell check.
Requests for Personal Information: If a text message requests personal or sensitive information, such as account numbers, PINs, passwords, or social security numbers, you can assume it’s a scam.
Suspicious Links: Banks rarely — if ever — send links via text. Don’t click them. Instead, verify the message by visiting your bank’s official website, or calling the number on the back of your card.
Unusual Caller ID: While caller ID can be spoofed, legitimate calls from your bank are more likely to display an official phone number or a known identifier. If not, be very skeptical.
Scare Tactics or Threats: Phishing calls rely on a sense of urgency. If the caller pressures you into immediate action or threatens negative consequences, just hang up and call the number on the back of your bank card.
Asking for Personal Information: Banks will rarely ask for your account number, PIN, or password during a phone call — and will never ask for a one-time login code. Never share such confidential details unless you’ve called the number on the back of your bank card.
Unexpected Calls: Be very skeptical of calls you receive out of the blue. Normally, bank representatives will only reach out if you initiate contact first. Stay safe by ending the call and dialing the number on the back of your bank card.
Payment App Scams
Unexpected Requests: Be cautious if you receive unexpected requests from strangers or organizations asking you to send money through a payment app. This is a scammer move.
Sending Money to Yourself: If someone who claims to be your bank says you have to send money to yourself, you can be 100% certain it’s a scam. Banks never ask that.
Overpayment Claims: Be skeptical if a sender claims to have accidentally overpaid you through Zelle® and requests a refund of the excess amount. Scammers use this tactic to trick you into sending them money.
Suspicious Links: If you receive a payment app-related message that contains a link, never click it. Scammers often send links to fake login pages to steal your username and password.
Pressure and Urgency: Scammers attempt to trick you by creating a sense of urgency. If they mention unforeseen emergencies, unverified transactions, account suspension, or unsolicited prize winnings, it’s a scam.
Did the Scammers Get You?
Here's what to do:
1. Strengthen your online bank account.
2. Enable multi-factor authentication on top of your username and password.
3. Use a strong and unique password.
4. Update your software and devices.
5. Use antivirus software on your computer.
 "New FTC Data Show Consumers Reported Losing Nearly $8.8 Billion to Scams in 2022," Federal Trade Commission (FTC), ftc.gov, Feb. 23, 2023.