Scam Alert: Bogus Banking Emails
Fraudulent banking emails are a common form of phishing, a scam that uses fake emails, texts, or websites to lure people into disclosing sensitive information like their account numbers, login IDs, passwords, and Social Security numbers.
Here's an example: You get an email telling you a transfer to your bank account has been canceled for security reasons, and the funds in that account are now frozen. The sender instructs you to open a link or call a number to speak to someone about resolving the problem.
Before you click or call, do some checking. You could be the target of a bogus banking email scheme.
Read on to learn how to spot these scams — and how to report fake banking emails if you receive them.
How the scams work
Cyber thieves who try to hook you with an email are after your identity, your money, or both. They play on your trust as a customer of the bank identified as sending the message — and your fear of what might happen if you don't respond.
“These emails leverage an established relationship and often attempt to create a false sense of urgency to act quickly or suffer a consequence," says Aimee Sufka, Senior Director of Information Security at Synovus.
When you receive a message from a familiar-looking name and email address, you probably assume it's legitimate. However, Sufka points out that hackers can forge the information in the email header to make it look authentic and hide where it's really coming from. Even the website connected to the link might be fake, but it could be copied well enough to fool you into thinking it belongs to your bank.
Did you know? One of the biggest telltale signs of a fake banking email is when the message sounds urgent or threatening.
How to spot a bogus email
One of the biggest telltale signs of a fake banking email is when the message sounds urgent or threatening. It tells you that unless you act right away, you'll face some unfortunate consequence. That's not how banks communicate with their customers.
“As a general rule, our bank is never going to send you an email that says you have to log into your account right now because your credentials have changed," Sufka says. “We're not going to reach out to you and ask you for personal information, whether it's an email or a phone call."
Another tip-off is when the email refers to an action you don't remember taking or contains an attachment you weren't expecting to receive. You'd probably pause before opening a package at your door that you didn't order and weren't expecting — even if it came from a store where you shop all the time. Sufka recommends exercising the same caution about opening unexpected email attachments.
What if you're not sure?
Let's say you receive a banking email that doesn't raise any big red flags and you think it could be legitimate, but you're not certain. If you don't want to ignore the message, here's how to respond:
- Don't click on the link that comes in the email. Instead, find your bank's website through a search engine.
- If you decide to contact customer service, use the email address or phone number listed on the bank's website — not the contact information in the email. Alternatively, you can use the contact information found on a copy of your bank or credit card statement.
How to report fake banking emails
You can report fraudulent banking emails, along with other phishing emails and texts, to the Federal Trade Commission.1 You should notify your bank too.
- Synovus customers can report suspicious emails to the Customer Care Center at 1-888-SYNOVUS (1-888-796-6887). Based on your report, we can help prevent other customers from falling victim to similar scams.
- Business banking customers at Synovus can also take advantage of the free Trusteer Rapport® service that will detect computer malware, issue customer alerts, and quarantine any malicious software found.
How to increase your protection
If you want to better protect yourself, make sure your passwords are secure and that each one is unique, especially passwords for your banking and other financial accounts. If you use the same weak password for multiple accounts, you're just making the hacker's job easier.
The other key step to avoid becoming a victim of bogus banking emails and other forms of phishing is never to share your personal or account information by email.
Important Disclosure InformationThis content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.
- “FTC Complaint Assistant," Federal Trade Commission, accessed December 3, 2018. Back
Do you have questions or ideas?
Share your thoughts about this article or suggest a topic for a new one