Is Your Bank Really Contacting You Or Is It a Scam?

The ultimate goal of scams is to steal your money, so it's common for thieves to impersonate your bank or credit union. So, how do you tell who's really contacting you?

Bridget Clerkin
Updated 2 September 2021
Is Your Bank Really Contacting You Or Is It a Scam?

Phishing Statistics 2021

90% of data breaches are caused by phishing
3.4 billion phishing emails are sent every day

1.4 million phishing websites are created every month

Source: Digital InTheRound, 2021

Sections on this page
  1. Phishing: The Most Common Bank Scams
  2. Common Bank Phishing Scams
  3. Red Flags of a Bank Scam
  4. What to Do If You Receive a Scam Call/Email/Text
  5. What to Do If You’ve Been Scammed
  6. Frequently Asked Questions

Like it or not, we live in a digital world, and all numbers of daily transactions can and do take place through platforms like email, app, or even text. The communication methods can make many things much more convenient—but they can also provide cover for scammers hoping to anonymously trick you out of money and valuable information.

And several scams use these methods to target some of the most valuable details of all: Your financial information.

Phishing: The Most Common Bank Scams

The way most scammers try to unlock your secretive information is through phishing. In these schemes, scammers masquerade as a trusted source—in this case, your bank or credit union—to ask you sensitive questions and possibly get some useful answers.

Phishing scams can take many forms, including emails, texts, and phone calls. The details may change every time, but the overall goal remains the same: To get as much information from you as possible. This includes your:

  • Social Security number (SSN)
  • Bank account details
  • Passwords
  • PINs
  • Credit or debit card number
  • Personal facts like your date of birth or address

Unfortunately, phishing scams are pretty common in the banking realm. In fact, according to one Forbes investigation, banking became the number three industry scammers target for phishing scams in 2021, trailing only technology and shipping companies.

Still, there are some standard scripts and red flags you can look out for that may help you avoid becoming the next banking scam victim.

Common Bank Phishing Scams

Scammers are constantly changing their schemes to stay one step ahead of the wary consumer to keep luring people in, but the broad strokes of these scams tend to remain the same.

Fake Bank Emails

The classic phishing scam, fake bank emails, saw a surge in the confusing wake of the COVID-19 breakout, with one report finding the number of phishing emails jumping from around 4,000 in January and February 2020 to nearly 900,000 in March and 2.9 million by that April.

Part of its popularity stems from the simplicity of the gambit. The emails are designed to look like the ones you would get from your bank, including everything from logos to email signatures.

Example fake bank email
Scam email from someone impersonating a Citibank representative, which was luckily marked as spam.

The body of the email can include any type of story to get you to part with your information. Some common examples include:

  • Your account was hacked, and you need to update your password
  • You have an overdraft or pending purchase issue
  • You're eligible for a new credit card offer
  • Your credit card was compromised

To resolve these “issues,” you’ll either be asked to send your details directly or to click a link. Links could lead to pages that either download malware on your device, send any information you enter to scammers, or both.

Fake Bank Texts

Also called smishing (for SMS phishing), these scams are very similar to email phishing schemes.

Instead of an email, you’ll receive a text, supposedly from your bank or credit union. Once again, the “reason” for contact can include a broad range of things, such as:

  • Confirming a payment
  • Confirming (or denying) a recent deposit or withdrawal
  • Receiving a new credit card offer or bonus
  • Having to “re-verify” your account after a security breach

Fake Bank of America text message
Fake Bank of America text message.

Typically, smishing texts include a link, which, like with the phishing emails, sends you to a malicious website. They can also include a phone number for you to call, which will also go straight to a scammer.

Fake Bank Phone Calls

When phishing takes place over the phone—or via voice—it’s called vishing. Once again, the concept (and desired outcome) remains close to the other common forms of phishing.

Vishing scams can sometimes take the form of robocalls, which will once again inform you of some issue with your bank account and ask you to call back or press a specific number to resolve it. You can also speak to a real person on the phone who’s impersonating a bank representative. These people will often ask you for all manner of personal information in the name of “solving the problem.”

Red Flags of a Bank Scam

Bank phishing scams are especially insidious as scammers have become very deft at impersonating financial institutions. Still, there are some red flags that may point to something fishy afoot, including:

  • Generic greetings. If a bank or credit union has your information, an email, text, or phone call would most likely address you by name.
  • Bad grammar. Misspellings, poor punctuation, run-on sentences, or strange turns of phrases are common signs of a scam.
  • Email addresses. Make sure the email address has the official domain registered by the company (e.g., an email from Apple won't ever come from @gmail or
  • Links. Nearly every phishing or smishing scam involves one. Hover your cursor over the link to see where it’s taking you without clicking on it. And look closely: Many scammers use similar-but-not-quite-the-same domain names.
  • Corporate details. Companies use specific fonts, colors, and logos that may not look exactly right in a scam message.
  • Vague or incorrect details. A bank will have your most up-to-date information on file.
  • Asking for personal information. Banks will never ask you for your password, PIN, Social Security number, or bank account numbers to confirm your identity.
  • A sense of urgency. This is how most scammers set the hook, making you feel pressured to act quickly.
  • Unsolicited loan offers. Most banks will not call or text you about these offers.
  • Any robocall messages left on your voicemail.
  • You don’t have an account with the company.

What to Do If You Receive a Scam Call/Email/Text

Receiving scam messages can be disturbing, but avoiding any major consequences can be easier than you think.

What to Do if You Receive Scam Email or Text

  • Check all email addresses and links for proper domain names.
  • Never click on any links. Instead, type the company’s website directly into a new browser page and start from there.
  • Never share any personal information, such as your password, PIN code, Social Security number, or bank account information unless you’re sure you’re speaking with a bank officer.
  • Log in to your actual bank account to look for any alerts or messages corresponding to the email or text.

What to Do if You Receive a Scam Call

  • Don't pick up the phone unless you recognize the number.
  • Just hang up!
  • Don't press any buttons or respond to any prompts.
  • Never give out any personal information.
  • Verify the caller’s identity. Then call the bank’s official number to ask for more information.
  • Tell the caller you’ll call them back. Then call the bank’s official number for more information.

What to Do If You’ve Been Scammed

If you think you’ve received a scam phone call, email, or text and responded with potentially sensitive information, there are still a few steps you can take to protect yourself, including:

Your banking institution may also offer additional security features to protect your bank account. See if you can initiate any of the below or other options to help beef up your account security:

  • Requiring PIN codes for transactions.
  • Requiring fingerprints to complete transactions.
  • Initiating two-step authentication.
  • Setting up email or text notifications for account activity or suspicious account activity.

Depending on the type and severity of the scam, you may even consider contacting your local authorities.

Frequently Asked Questions

How do I confirm if my bank or credit union contacted me?

Unfortunately, it can be a bit tricky to confirm that it was actually your credit union who contacted you—especially through text or phone calls.

If you received a phone call, tell them you’ll call them back and hang up. Otherwise, regardless of how you were contacted, your best bet is to call the credit union’s official public number. Tell them as much as you can about the phone call, text, or email you received and ask them if they can help you clarify what’s going on.

My bank is calling asking me for my account information. Is it a scam?

Most likely. Most financial institutions will not ever ask you for such sensitive information, especially out of the blue.

Never answer the initial phone call, or if you do, hang up. Then do a little research. Go on your bank’s website to see how they will contact you for different scenarios. If you still have questions, call the bank’s official public number back and ask to speak to an agent about the situation.

Will my bank/credit union ever ask for my Social Security number?

Sometimes. In some situations, such as opening a new account, your bank will require your Social Security number. But these situations are few and far between.

And a bank will never ask you out of the blue for your SSN. You should never give out your Social in response to emails, texts, or calls saying they’re from your bank.

How do I check if my account has been compromised?

The best way to check if your bank account has been compromised is to log into the actual account. If there are any issues, you’ll likely receive a message or alert from your bank on the website or app.

Other signs that your account has been hacked include your password or personal information being changed, a string of small, unexplainable payments, or unexpected notices from your bank about account activity.

If you’re worried about the security of your account, you should call the official customer service number for your bank or visit a branch in person to discuss the issue.


Featured Reads