Identified Scam:

How to Identify a Fake Email from Your Bank & Protect Yourself

Scammers impersonate well-known banks, such as Citibank and Chase, to trick you into giving up your sensitive information—learn how to beat these scams.
Updated 21 October 2021
How to Identify a Fake Email from Your Bank & Protect Yourself

Phishing Statistics 2021

90% of data breaches are caused by phishing
3.4 billion phishing emails are sent every day

1.4 million phishing websites are created every month

Source: Digital InTheRound, 2021

Sections on this page
  1. What Are Bank Phishing Emails?
  2. Red Flags of a Bank Phishing Email Scam
  3. How to Beat This Scam
  4. Fallen for Fake Bank Emails?
  5. Frequently Asked Questions

In today’s digitally-driven financial world, it’s common to receive emails and texts from your bank, especially if you signed up to receive those messages. However, not all of those emails are legitimate. In fact, every day, thousands of people fall victim to some version of a bank phishing email, according to the American Bankers Association.

What Are Bank Phishing Emails?

Bank phishing email scams happen when scammers pretend to be a bank and send out fake emails with malicious links or attachments in an attempt to steal consumers’ personal and financial information. Here’s how the scam works. 

You Receive an Email That Appears to Come From Your Bank

You open your email to find an urgent message from your bank. The email asks for you to provide information to protect your account or confirm your login or password information. The bank phishing email will typically provide a link so you can enter that information.

Example Phishing Email

Dear Member, 

Our records show that one of the following information is outdated:

  • Personal ID
  • Password
  • Contact Information

We ask you to verify your information. Failure to verify your information will result in account suspension. 

Please, Click Here to verify your information


Bank of America

There are several variations of these emails, but the end goal will be the same—to have you enter your information on a website.

Chase bank phishing email.
Example of a fake Chase email that uses the bank's logo to trick you into thinking it's legitimate.

You Click the Link Provided & Enter Your Information

You click the link provided, which appears to lead to your bank’s website. In actuality, the scammer sent you to a fake version of the legitimate bank website.

You fill out your personal or financial information as the email requested because you want to avoid the problems that the email may have mentioned. 

Example of fake Bank of America website.
Example of a fake Bank of America website. The URL is the first sign that it's fake—the bank's genuine URL starts with

Your Financial Information and Identity Are Compromised

You have now entered your sensitive information on a fraudulent website. Scammers can access your bank account and make fraudulent purchases. They may also use your login information to hack other accounts and try to steal your identity.  

Red Flags of a Bank Phishing Email Scam

Whenever you see an email from your bank—or any financial institution, for that matter—you should be on high alert for signs of a scam. Usually, if you get a bad feeling about an email, your instincts are probably right. It’s a good idea to keep an eye out for these red flags in emails from banks:

Requests for personal and financial information

  • An email from an institution that you don’t bank with
  • A sense of urgency
  • Awkward grammar and typos
  • Impersonal greetings
  • An email sent to “undisclosed-recipients”
  • Links that take you to a different website

Citibank phishing email.
Example of a fake Citibank email that has tell-tale signs of a scam.

Request for Personal and Financial Information

Scam emails typically ask for sensitive account information, such as login names or passwords, Social Security numbers, or PIN codes. Legitimate banks would never ask for that kind of information via email, even if there were a problem with your account.

An Email from an Institution You Don’t Bank With

Another tip-off of a scam is that you do not even have an account with the bank. Scammers are hoping their victims won’t read the emails too closely and may not stop to check the actual name of the financial institution. 

Sense of Urgency

You’ll notice that the email includes high-pressure language with a sense of urgency. It may warn of an unfortunate outcome if you don’t follow the email’s instructions and provide your personal information. Scammers commonly use these scare tactics to pressure you into taking action. 

Awkward Grammar and Typos

Bank phishing emails tend to feature multiple typos and incorrect spelling and grammar. The overall appearance and language of the email don’t fit with the professional image of a real bank. 

Impersonal Greetings

A bank phishing email won’t address you by name. They’ll use the impersonal “Dear Customer” or “Dear Sir or Madam.” 

Message Isn’t Directed to You

When you check the “To” field in the email, the recipient may not be your email address. Instead, the recipient field will state the email is directed to “undisclosed-recipients,” which means many people received it.  

Fake Links

Hover your mouse or cursor over the link provided in the email. If the URL that pops up does not match your bank’s website or has an unfamiliar domain name, that’s a telltale sign of a phishing attack. Scammers also deliberately misspell the words in a fake website link, such as adding in extra letters or numbers that they’re hoping victims won’t notice. Legitimate bank sites also start with “https,” with the “s” at the end indicating the heightened level of security—so a fake link would not start with “https.” 

How to Beat This Scam

Phishing emails are a well-known scammer tactic, and they’re especially effective when scammers impersonate financial institutions. With the help of these tips, you can avoid phishing email traps.

Don’t Click on Links or Attachments in Bank Emails

Unless you’re 100% sure that the email came from your bank, don’t click on a link or open an attachment in the email—especially if the message contains strange, off-putting, and urgent language and asks you to provide or update your personal details. 

Call Your Bank

If you’re suspicious about any emails you receive from your bank, it’s best to call and confirm their legitimacy. 

Review Your Bank’s Fraud Procedures

Most banks have enacted their own set of fraud procedures. You can find them by searching the name of your bank and the words “fraud” or “fraud prevention.” Typically, banks will offer or recommend enhanced security controls, such as real-time alerts if someone attempts to access your account from an unknown device or makes an unusually expensive purchase. 

If you can’t find the bank’s fraud prevention techniques online, call your bank and ask to speak with a representative about any steps you can take to secure your account. 

Use Your Bank Account Website or App to Log In

When you’re trying to access your bank account, always log in by typing the address into your Internet browser directly, or via the app on your mobile device. Don’t attempt to log in by clicking on any links from emails or other sites. 

Fallen for Fake Bank Emails?

Whether you clicked a link or provided the information requested in a bank phishing email, here’s what you should do next.

Contact Your Bank

Call your bank immediately using the phone number published on its website and explain that you have accidentally provided your personal bank account details to a scammer. Your bank will likely freeze your account and encourage you to change your login information so the scammer won’t be able to access your accounts. 

If you are unsure about whether a bank email is legitimate, it’s always best to call and make sure before you take any other action. 

Change Your Passwords

If you use the same password across multiple accounts, change the password for any accounts sharing the same or similar login credentials as your bank. Most banks also allow you to enable multi-factor authentication, which will require you to provide a second identifier such as a code sent by text or email. That serves as an additional layer of protection against scammers. 

It’s also a good time to make sure your phone, tablet, and computer are updated with the latest browser and antivirus software. If you think your device may be infected with a virus as a result of clicking on the link in the bank phishing email, contact a security or IT professional for assistance. 

Report the Scam

If you want to freeze your credit report, credit bureaus or creditors may request a copy of the police report as proof of the scam. File a report with your local police. It’s also a good idea to report the bank phishing email to the Federal Trade Commission (FTC).

Frequently Asked Questions

How common are bank phishing emails?

According to a Brand Phishing Report from Check Point Research, banks are the third most likely industry target for scammers who use phishing emails. The Federal Trade Commission reported that in 2020, Americans lost $3.3 billion to phishing, which is double the amount from 2019. The increase may be because more people are conducting their banking online, and scammers see an opportunity to take advantage.

What are some red flags of bank phishing emails?

Bank phishing emails usually contain some very glaring signs of fraud. Some red flags of bank phishing emails include the following:

  • Awkward grammar, phrasing, and typos
  • Impersonal greetings
  • Message has a sense of urgency
  • Message is directed to “undisclosed recipients”
  • Request for personal and financial information
  • URLs that don’t match the bank’s website when you hover your cursor over the link

How do I stop bank phishing emails?

It may not be possible to stop bank phishing emails entirely, but you can mark them as spam so that they are instantly redirected to your spam folder instead of your inbox. To do that, mark the emails as “junk” or “spam” in your email program. If you still find yourself receiving a higher than normal amount of phishing emails, consider using a third-party spam filter for additional protection.


Featured Reads