Email Scams

1. Unusual Email Address

   Slow it down. Does that look like an email address your bank would use? Be wary of unexpected emails from addresses that aren’t like the ones your bank typically employs.

2. Misspelled Words

   Spot check! If you see misspelled words or odd grammar, they are all clear signs of an impersonator. Real banks use spell check.

3. Scare Tactics

   Don’t panic. If an email uses scare tactics, such as urgent warnings of account closure or security breaches, you can safely assume it’s a scam.

4. Suspicious URLs

   Hold up — banks will never ask you to log in via email. Phishing emails use deceptive URLs to take you to malicious websites. Never click links that you weren’t expecting.

5. Unexpected Attachments

   Something’s phishy, because real banks will never send an email attachment — especially when you didn’t ask for it. Attachments can contain malware that can compromise your computer or personal information. Never click on attachments from emails supposedly from your bank.

Text Scams

1. Strange Phone Numbers

   Slow it down. Is that the number your bank usually uses to send text messages? Legit text message updates come from an official 4-5 digit number used by your bank.

2. Urgent Warnings or Requests

   Take a breath. Phishing texts try to create a sense of panic, such as threatening to suspend your account or urging you to log in to verify. Real bank texts won’t.

3. Odd Grammar or Spelling Mistakes

   Spot check! If you see misspelled words or odd grammar they are all clear signs of an impersonator. Real banks use spell check.

4. Requests for Personal Information

   If a text message requests personal or sensitive information, such as account numbers, PINs, passwords, or social security numbers, you can assume it’s a scam.

5. Suspicious Links

   Banks rarely — if ever — send links via text. Don’t click them. Instead, verify the message by visiting your bank’s official website, or calling the number on the back of your card.

Phone Scams

• Unusual Caller ID

  While caller ID can be spoofed, legitimate calls from your bank are more likely to display an official phone number or a known identifier. If not, be very skeptical.

• Scare Tactics or Threats

  Phishing calls rely on a sense of urgency. If the caller pressures you into immediate action or threatens negative consequences, just hang up and call the number on the back of your bank card.

• Asking for Personal Information

  Banks will rarely ask for your account number, PIN, or password during a phone call — and will never ask for a one-time login code. Never share such confidential details unless you’ve called the number on the back of your bank card.

• Calling you unexpectedly

  Be very skeptical of calls you receive out of the blue. Normally, bank representatives will only reach out if you initiate contact first. Stay safe by ending the call and dialing the number on the back of your bank card.

Payment App Scams

• Unexpected Requests

  Be cautious if you receive unexpected requests from strangers or organizations asking you to send money through a payment app. This is a scammer move.

• Sending Money to Yourself

  If someone who claims to be your bank says you have to send money to yourself, you can be 100% certain it’s a scam. Banks never ask that.

• Overpayment Claims

  Be skeptical if a sender claims to have accidentally overpaid you through Zelle® and requests a refund of the excess amount. Scammers use this tactic to trick you into sending them money.

• Suspicious Links

  If you receive a payment app-related message that contains a link, never click it. Scammers often send links to fake login pages to steal your username and password.

• Pressure and Urgency

  Scammers attempt to trick you by creating a sense of urgency. If they mention unforeseen emergencies, unverified transactions, account suspension, or unsolicited prize winnings, it’s a scam.

About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/cybersecurity-awareness-month/

About NCSA
NCSA is the Nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry, and civil society. NCSA’s primary partners are the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and NCSA’s Board of Directors, which includes representatives from ADP; AIG; American Express; Bank of America; Cofense; Comcast Corporation; Eli Lilly and Company; ESET North America; Facebook; Intel Corporation; Lenovo; LogMeIn; Marriott International; Mastercard; MediaPro; Microsoft Corporation; Mimecast; KnowBe4; NortonLifeLock; Proofpoint; Raytheon; Trend Micro, Inc.; Uber: U.S. Bank; Visa and Wells Fargo. NCSA’s core efforts include Cybersecurity Awareness Month (October); Data Privacy Day (Jan. 28); STOP. THINK. CONNECT.™, the global online safety awareness and education campaign co-founded by NCSA and the Anti-Phishing Working Group with federal government leadership from the Department of Homeland Security; and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information on NCSA, please visit https://staysafeonline.org.