Scam Alert: Email from Your Bank is Not What it Seems
It’s just a fact of life that when you have any sort of presence on the Internet, you’re bound to get targeted by phishers—people who are intent on extracting your personal information—at some point or another. A lot of the time these criminals attempt to take the guise of your bank and send you “alerts” asking you to confirm your account through your email for some arbitrary reason. Now, why wouldn’t your bank just call you if there was a problem? Seems a little strange, doesn’t it?
Well, just recently, I was indeed the proud recipient of one of these strange little emails. It wasn’t the only time that I had received an email of that sort from a bank but this time, it really came from “my bank”. I don’t want anyone to get caught by one of these because if it did, you could lose a lot of money. If I could save just one person from this article, I will be so happy!
So in order to study this phenomenon for your future reference, let’s take a look at this example from the wild:
This is what it looks like:
[my email address], you have received this e-mail because we have recorded several unsuccessful login attempts on your account.
Due to this, your access has been suspended temporarily. You will not be able to use your online banking or your credit card until you verify your information.
As soon as your information is verified , you will be able to use your account as usual.
You can unfreeze your access and funds by verifying your information on our secured [my bank] website below:
http://[some web address that seems to use my bank’s domain name]
This security verification is part of our continuous commitment to keep your funds safe at all times.
We are sorry for this inconvenience.
Right away my guard went up along with my eyebrows as I stared at the screen. I knew I was dealing with a scam immediately. At first, it was just a gut reaction born from experience, but soon enough as I began to re-read the email more closely, the obviousness of the phishing attempt became more and more apparent with every little detail that practically spelled in huge neon letters that the email was absolutely not from my bank.
How did I know it was a scam, though? And how can you tell if it ever happens to you? Well, there were a few key things that quickly alerted me to the fact that this was simply an Internet criminal (and not a very smart one at that) trying to con me:
One way that banks tend to subtly verify that they are legitimately contacting you is by addressing you by your full legal name. While some phishers could still conceivably have this information, you know that your bank will always have it, so be suspicious if an alleged email from a banking institution refers to you using generic terms like “Dear Customer” or simply, as in this case, your email address. Why would your bank call you by your email address as if it were your name? This is extremely suspicious.
Red Flag #2: My bank never called me on the phone to discuss the issue.
If a bank places a hold on your account or freezes your funds, the least they could do is give you a call about it, especially if they suspect that there is fraudulent activity occurring. If they just email you about it and send you a random link to “confirm,” that’s absolutely strange. It’s either a scam, or you have an account with a terrible bank.
Red Flag #3: The link is a bait and switch.
On the surface, the link appears to bear a web address that uses my bank’s domain name (i.e. [mybank].com), but upon closer inspection of the link, that’s not the case at all find out. The link’s title is my bank’s web address, in the same way that you can name a link “click here” or any other number of arbitrary phrases, but the link’s target, or its actual address, is a completely different website altogether. This red flag alone, even if everything else seems fine, should tip one off to the fact that this is a scam.
This may seem minor, but misspellings and bad grammar are obvious signs of an email scam. Sure, a few typos may be able to sneak past the radar of a real bank every once in awhile, but on a presumably automated form letter like this, typos and misspellings would be highly unlikely.
As you can see, this email is a perfect example of the kind that you should never trust. Remember that banks are extremely cautious these days when it comes to fraud and they generally will not ask you to send them account information via email or any similar means. If an unsolicited email from your bank appears in your inbox, do not follow any of the directions in the email and call your bank immediately if you have any doubts. Representatives should be able to tell you over the phone whether the email is legitimate or not.