Security Center

Types of online fraud: phishing, smishing and vishing

Phishing

“Phishing” (pronounced “fishing”) is when criminals use email to try to lure you to fake websites, where you are asked to disclose confidential financial and/or personal information, like passwords, account numbers or transaction information.

How to recognize common phishing tactics:

• You do not recognize the “From” email address as valid
• The email requests you to verify your account/personal information (account number, user ID, password, etc.)
• The email address looks correct, but clicking it opens a message to a different address
• The email conveys a sense of urgency or threatens some dire consequence if you do not respond

Avoid responding to emails that:

• Ask you to click links, open attachments or provide account details
• Request personal or company information by email or through unfamiliar websites or forms
• Threaten to close or suspend your account unless you act immediately
• Invite you to surveys that ask for personal information
• Ask for passwords, PINs or token codes
• Direct you to make wire transfers at the request of senior staff
• Claim your account is compromised and ask for account details
• Report unauthorized transactions and request your account information
• Ask you to enter your user ID, password or account numbers into an email or non-secure webpage
• Direct you to screens requesting more data than your usual login
• Ask you to validate account information for banking systems you don’t use

Smishing and vishing: what to watch for

• Vishing is when a fraudster calls you, pretending to be someone you trust, and asks for sensitive information.
• Smishing is when a fraudster sends a text with a fraudulent link, often asking for login credentials or trying to install malware.
• These scams often involve criminals posing as company executives, banks, or government agencies and requesting payment or information.

How to protect yourself

• Use the same precautions you would for suspicious emails—never share sensitive information over calls or texts from unknown sources.
• If you have any doubts about a call or text, end the conversation and contact your service team using official phone numbers.
• You can report phishing, vishing, and smishing attempts to the U.S. Federal Trade Commission and the FBI.