- Phishing: The Most Common Bank Scams
- Common Bank Phishing Scams
- Red Flags of a Bank Scam
- What to Do If You Receive a Scam Call/Email/Text
- What to Do If You’ve Been Scammed
- Frequently Asked Questions
Like it or not, we live in a digital world, and all numbers of daily transactions can and do take place through platforms like email, app, or even text. The communication methods can make many things much more convenient—but they can also provide cover for scammers hoping to anonymously trick you out of money and valuable information.
And several scams use these methods to target some of the most valuable details of all: Your financial information.
Phishing: The Most Common Bank Scams
The way most scammers try to unlock your secretive information is through phishing. In these schemes, scammers masquerade as a trusted source—in this case, your bank or credit union—to ask you sensitive questions and possibly get some useful answers.
Phishing scams can take many forms, including emails, texts, and phone calls. The details may change every time, but the overall goal remains the same: To get as much information from you as possible. This includes your:
- Social Security number (SSN)
- Bank account details
- Credit or debit card number
- Personal facts like your date of birth or address
Unfortunately, phishing scams are pretty common in the banking realm. In fact, according to one Forbes investigation, banking became the number three industry scammers target for phishing scams in 2021, trailing only technology and shipping companies.
Still, there are some standard scripts and red flags you can look out for that may help you avoid becoming the next banking scam victim.
Common Bank Phishing Scams
Scammers are constantly changing their schemes to stay one step ahead of the wary consumer to keep luring people in, but the broad strokes of these scams tend to remain the same.
Fake Bank Emails
The classic phishing scam, fake bank emails, saw a surge in the confusing wake of the COVID-19 breakout, with one report finding the number of phishing emails jumping from around 4,000 in January and February 2020 to nearly 900,000 in March and 2.9 million by that April.
Part of its popularity stems from the simplicity of the gambit. The emails are designed to look like the ones you would get from your bank, including everything from logos to email signatures.
The body of the email can include any type of story to get you to part with your information. Some common examples include:
- Your account was hacked, and you need to update your password
- You have an overdraft or pending purchase issue
- You're eligible for a new credit card offer
- Your credit card was compromised
To resolve these “issues,” you’ll either be asked to send your details directly or to click a link. Links could lead to pages that either download malware on your device, send any information you enter to scammers, or both.
Fake Bank Texts
Also called smishing (for SMS phishing), these scams are very similar to email phishing schemes.
Instead of an email, you’ll receive a text, supposedly from your bank or credit union. Once again, the “reason” for contact can include a broad range of things, such as:
- Confirming a payment
- Confirming (or denying) a recent deposit or withdrawal
- Receiving a new credit card offer or bonus
- Having to “re-verify” your account after a security breach
Typically, smishing texts include a link, which, like with the phishing emails, sends you to a malicious website. They can also include a phone number for you to call, which will also go straight to a scammer.
Fake Bank Phone Calls
When phishing takes place over the phone—or via voice—it’s called vishing. Once again, the concept (and desired outcome) remains close to the other common forms of phishing.
Vishing scams can sometimes take the form of robocalls, which will once again inform you of some issue with your bank account and ask you to call back or press a specific number to resolve it. You can also speak to a real person on the phone who’s impersonating a bank representative. These people will often ask you for all manner of personal information in the name of “solving the problem.”
Red Flags of a Bank Scam
Bank phishing scams are especially insidious as scammers have become very deft at impersonating financial institutions. Still, there are some red flags that may point to something fishy afoot, including:
- Generic greetings. If a bank or credit union has your information, an email, text, or phone call would most likely address you by name.
- Bad grammar. Misspellings, poor punctuation, run-on sentences, or strange turns of phrases are common signs of a scam.
- Email addresses. Make sure the email address has the official domain registered by the company (e.g., an email from Apple won't ever come from @gmail or @aple.com)
- Links. Nearly every phishing or smishing scam involves one. Hover your cursor over the link to see where it’s taking you without clicking on it. And look closely: Many scammers use similar-but-not-quite-the-same domain names.
- Corporate details. Companies use specific fonts, colors, and logos that may not look exactly right in a scam message.
- Vague or incorrect details. A bank will have your most up-to-date information on file.
- Asking for personal information. Banks will never ask you for your password, PIN, Social Security number, or bank account numbers to confirm your identity.
- A sense of urgency. This is how most scammers set the hook, making you feel pressured to act quickly.
- Unsolicited loan offers. Most banks will not call or text you about these offers.
- Any robocall messages left on your voicemail.
- You don’t have an account with the company.
What to Do If You Receive a Scam Call/Email/Text
Receiving scam messages can be disturbing, but avoiding any major consequences can be easier than you think.
What to Do if You Receive Scam Email or Text
- Check all email addresses and links for proper domain names.
- Never click on any links. Instead, type the company’s website directly into a new browser page and start from there.
- Never share any personal information, such as your password, PIN code, Social Security number, or bank account information unless you’re sure you’re speaking with a bank officer.
- Log in to your actual bank account to look for any alerts or messages corresponding to the email or text.
What to Do if You Receive a Scam Call
- Don't pick up the phone unless you recognize the number.
- Just hang up!
- Don't press any buttons or respond to any prompts.
- Never give out any personal information.
- Verify the caller’s identity. Then call the bank’s official number to ask for more information.
- Tell the caller you’ll call them back. Then call the bank’s official number for more information.
What to Do If You’ve Been Scammed
If you think you’ve received a scam phone call, email, or text and responded with potentially sensitive information, there are still a few steps you can take to protect yourself, including:
- Contacting your bank, credit card company, or credit union to report the incident.
- Change all passwords and PINs associated with your accounts.
- Cancel or freeze your current credit and debit cards and open new ones.
- Report the incident to:
- The Federal Trade Commission.
- The Internet Crime Complaint Center (IC3).
- Possibly create an IRS Identity Protection PIN.
Your banking institution may also offer additional security features to protect your bank account. See if you can initiate any of the below or other options to help beef up your account security:
- Requiring PIN codes for transactions.
- Requiring fingerprints to complete transactions.
- Initiating two-step authentication.
- Setting up email or text notifications for account activity or suspicious account activity.
Depending on the type and severity of the scam, you may even consider contacting your local authorities.