
Don't fall for fake. Keep your money safe by learning the red flags of phishing.
Don't fall for fake. Keep your money safe by learning the red flags of phishing.

Don't fall for fake. Keep your money safe by learning the red flags of phishing.
Don't fall for fake. Keep your money safe by learning the red flags of phishing.
Get scam smart.
Every day regular people like you lose their hard-earned money to online phishing scams. Don’t fall for fake — learn how to spot shady texts, emails, and phone calls by knowing the things your bank would never ask.
RULE 1: WATCH FOR RED FLAGS
Know what banks will never ask
How to protect your money from email scams.
Avoid clicking suspicious links
If an email pressures you to click a link — whether it’s to verify your login credentials or make a payment, you can be sure it’s a scam. Banks never ask you to do that. When in doubt, call your bank directly, or visit their website by typing the URL directly into your browser.Raise the red flag on scare tactics
Banks will never use scare tactics, threats, or high-pressure language to get you to act quickly, but scammers will. Demands for urgent action should put you on high alert. No matter how authentic it may appear, never reply to an email with personal information like your password, PIN, or social security number.Watch for attachments and typos
Your bank will never send attachments in an unexpected email, and won’t have misspellings and poor grammar — one of the surest signs of a phishing scam.Be skeptical of every email.
Fraudulent emails can appear very convincing, using official language and logos, even similar URLs. Always be on the alert.How to protect your money from text message scams.
Slow down — think before you act.
Acting too quickly when you receive phishing text messages can result in giving scammers access to your money. The scammers want you to feel confused and rushed, which is always a red flag. Banks will never threaten you into responding, or use high-pressure tactics.Don’t click links.
Never click on a link sent via text message — especially if it asks you to sign into your bank account. Scammers often use this technique to steal your username and password. When in doubt, visit your bank’s website by typing the URL directly into your browser or login to your bank’s mobile app.Never send personal information.
Your bank will never ask for your PIN, password, or one-time login code in a text message. If you receive a text message asking for personal information, it’s a scam.Delete the message.
Don’t risk accidentally replying to or saving a fraudulent text message on your phone. If you are reporting the message, take a screenshot to share, then delete it.Lorem ipsum dolor sit amet, consectetur adipisicing elit. Optio, neque qui velit. Magni dolorum quidem ipsam eligendi, totam, facilis laudantium cum accusamus ullam voluptatibus commodi numquam, error, est. Ea, consequatur.
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Optio, neque qui velit. Magni dolorum quidem ipsam eligendi, totam, facilis laudantium cum accusamus ullam voluptatibus commodi numquam, error, est. Ea, consequatur.
RULE 2: BEEF UP YOUR DEFENSES
Lock down your accounts
RULE 2: BEEF UP YOUR DEFENSES
Lock down your accounts
- Set up multi-factor authentication on your bank and email login.
- Use random or complex passwords.
- If you receive a text or call from your bank, hang up and call the number on the back of your card.
- Keep your browers up-to-date with the latest defenses, like virus protection and malware alerts.
Play Scam City the Game
Play your way to phishing safety by dodging, jumping and ducking different scams. Can you survive a day in Scam City?
Americans lost $5.8 billion to phishing and other fraud in 2021, a 70% increase from 2020.
Source: Federal Trade Commission 2021
FAQs
Phishing is a type of online scam where criminals make fraudulent emails, phone calls and texts that appear to come from a legitimate bank. Every year, people lose hundreds, even thousands, of dollars to these scams. The communication is designed to trick you into entering confidential information (like account numbers, passwords, PINs or birthdays) into a fake website by clicking on a link, or to tell it to someone imitating your bank on the phone.
Email or Text
If you suspect that an email or text you receive is a phishing attempt:
- Take a deep breath. In most cases, it’s perfectly safe to open a scam email or text. Modern mail apps, like Gmail, detect and block any code or malware from running when you open an email. The key is not to click links or download any attachments.
- Do not download any attachments in the message. Attachments may contain malware such as viruses, worms or spyware.
- Do not click links that appear in the message. Links in phishing messages direct you to fraudulent websites.
- Do not reply to the sender. Ignore any requests from the sender and do not call any phone numbers provided in the message.
- Report it. Help fight scammers by reporting them. Forward suspected phishing emails to the Anti-Phishing Working Group at [email protected]. If you got a phishing text message, forward it to SPAM (7726). Then, report the phishing attack to the FTC at reportfraud.ftc.gov.
Call
If you receive a phone call that seems to be a phishing attempt:
- Hang up or end the call. Be aware that area codes can be misleading. If your Caller ID displays a local area code, this does not guarantee that the caller is local.
- Do not respond to the caller’s requests. Financial institutions and legitimate companies will never call you to request your personal information. Never give personal information to the incoming caller.
- If you feel you’ve been the victim of a scam, and you did provide personal or financial information, contact your bank immediately at their publicly listed customer service number. Often, this is found on the back of your bank card. Be sure to include any relevant details, such as whether the suspicious caller attempted to impersonate your bank and whether you provided any personal or financial information to the suspicious caller.
- Contact your bank, financial institutions and creditors
- Speak with the fraud department and explain that someone has stolen your identity.
- Request to close or freeze any accounts that may have been tampered with or fraudulently established.
- Make sure to change your online login credentials, passwords and PINs.
- Secure your email and other communication accounts
- Many people reuse passwords and your email or cell phone account may be compromised as well.
- Immediately change your accounts’ passwords and implement multi-factor authentication — a setting that prevents cybercriminals from accessing your accounts, even if they know your password — if you haven’t already done so.
- Check your credit reports and place a fraud alert on them
- Get a free copy of your credit report from annualcreditreport.com or call 877.322.8228.
- Review your credit report to make sure unauthorized accounts have not been opened in your name.
- Report any fraudulent accounts to the appropriate financial institutions.
- Place a fraud alert on your credit by contacting one of the three credit bureaus. That company must tell the other two.
– Experian: 888.397.3742 or experian.com
– TransUnion: 800.680.7289 or transunion.com
– Equifax: 888.766.0008 or equifax.com
- Contact ChexSystems at 888.478.6536 to place a security alert on the compromised checking and savings accounts when a deposit account has been impacted. Or, make your report to ChexSystems online.
- Contact the Federal Trade Commission to report an ID theft incident: visit identitytheft.gov or call 877.438.4338.
- File a report with your local law enforcement.
- Get a copy of the report to submit to your creditors and others that may require proof of the crime.
Most banks publish specific guidelines for their customers. To find your bank’s recommendations, just type your bank’s name and “fraud guidelines” into any modern search engine.

Do you know how to spot a scam?
Every year, thousands of people like you lose money to phishing. If a hacker were pretending to be your bank, would you be able to tell?
Think that call, text or email might be a trick?
Review these red flags, because
#BanksNeverAskThat.
- High-pressure language
- Scare tactics
- A sense of urgency
- Ask for sensitive account info
- Ask for passwords or your Social Security number
- Ask for your PIN or a login code that’s texted to you
- Ask you to visit an unfamiliar website
- Ask you to call a number different than the one listed on your card
- Incorrect grammar
- Unprofessional language
- Multiple typos
- Email attachments
- Suspicious links
The best offense?
A good defense.
Lock down your accounts before scammers strike.
The best offense?
A good defense.
Lock down your accounts before scammers strike.
- Set up multi-factor authentication on your bank and email login.
- Use random or complex passwords.
- Call your bank directly, or log in to your account, to verify messages or emails received.
- Keep your browser up-to-date with the latest defenses, like virus protection and malware alerts.
FAQs
Phishing is a type of online scam where criminals make fraudulent emails, phone calls and texts that appear to come from a legitimate bank. Every year, people lose hundreds, even thousands, of dollars to these scams. The communication is designed to trick you into entering confidential information (like account numbers, passwords, PINs or birthdays) into a fake website by clicking on a link, or to tell it to someone imitating your bank on the phone.
Email or Text
If you suspect that an email or text you receive is a phishing attempt:
- Take a deep breath. In most cases, it’s perfectly safe to open a scam email or text. Modern mail apps, like Gmail, detect and block any code or malware from running when you open an email. The key is not to click links or download any attachments.
- Do not download any attachments in the message. Attachments may contain malware such as viruses, worms or spyware.
- Do not click links that appear in the message. Links in phishing messages direct you to fraudulent websites.
- Do not reply to the sender. Ignore any requests from the sender and do not call any phone numbers provided in the message.
- Report it. Help fight scammers by reporting them. Forward suspected phishing emails to the Anti-Phishing Working Group at [email protected]. If you got a phishing text message, forward it to SPAM (7726). Then, report the phishing attack to the FTC at reportfraud.ftc.gov.
Call
If you receive a phone call that seems to be a phishing attempt:
- Hang up or end the call. Be aware that area codes can be misleading. If your Caller ID displays a local area code, this does not guarantee that the caller is local.
- Do not respond to the caller’s requests. Financial institutions and legitimate companies will never call you to request your personal information. Never give personal information to the incoming caller.
- If you feel you’ve been the victim of a scam, and you did provide personal or financial information, contact your bank immediately at their publicly listed customer service number. Often, this is found on the back of your bank card. Be sure to include any relevant details, such as whether the suspicious caller attempted to impersonate your bank and whether you provided any personal or financial information to the suspicious caller.
- Contact your bank, financial institutions and creditors
- Speak with the fraud department and explain that someone has stolen your identity.
- Request to close or freeze any accounts that may have been tampered with or fraudulently established.
- Make sure to change your online login credentials, passwords and PINs.
- Secure your email and other communication accounts
- Many people reuse passwords and your email or cell phone account may be compromised as well.
- Immediately change your accounts’ passwords and implement multi-factor authentication — a setting that prevents cybercriminals from accessing your accounts, even if they know your password — if you haven’t already done so.
- Check your credit reports and place a fraud alert on them
- Get a free copy of your credit report from annualcreditreport.com or call 877.322.8228.
- Review your credit report to make sure unauthorized accounts have not been opened in your name.
- Report any fraudulent accounts to the appropriate financial institutions.
- Place a fraud alert on your credit by contacting one of the three credit bureaus. That company must tell the other two.
– Experian: 888.397.3742 or experian.com
– TransUnion: 800.680.7289 or transunion.com
– Equifax: 888.766.0008 or equifax.com
- Contact ChexSystems at 888.478.6536 to place a security alert on the compromised checking and savings accounts when a deposit account has been impacted. Or, make your report to ChexSystems online.
- Contact the Federal Trade Commission to report an ID theft incident: visit identitytheft.gov or call 877.438.4338.
- File a report with your local law enforcement.
- Get a copy of the report to submit to your creditors and others that may require proof of the crime.
Most banks publish specific guidelines for their customers. To find your bank’s recommendations, just type your bank’s name and “fraud guidelines” into any modern search engine.