Many people have had the experience of receiving an email, phone call, or text from someone claiming to be their bank that they instinctively know is a scam. Although these messages may look authentic, scammers send them in a scheme known as “phishing”. The scammers attempt to get as much personal information from you as possible and use those details to steal your money and personal information, take control of your accounts, or apply for credit in your name.
While it’s great to be on high alert for scammers, it’s important to remember that there may be times when your bank is legitimately attempting to contact you, and you wouldn’t want to ignore those messages. Let’s take a look at exactly how banks contact their customers and what you can do to identify if a message is legitimate or not.
Get Ahead of Hackers
If you receive a call from someone claiming to be your bank, the best thing you can do is tell them you are going to hang up, and call them back at their publicly listed phone number. You can usually find this number on the back of your credit card or debit card, or on the bank’s official website. If the person calling you was a legitimate bank representative, then they will have no problem with you returning their call. If the call was a scam, they would likely try to keep you on the phone and convince you to tell them your sensitive information before hanging up. Here are some additional steps you can take to protect yourself from being a victim of phishing:
• Ensure you’re using your bank’s official mobile app. Many banks offer their own apps on the Apple and Google Play Stores, and these can be a great tool for staying on top of your account activity. Once logged in, many of these apps also give you a way to securely contact a bank representative. However, you should always use caution to ensure you’re downloading the official app issued by your bank, and not a phony lookalike app. One way to ensure you’re downloading the correct app is to use a link provided by your bank on their website.
• Change passwords frequently. Although certain passwords can be easier for you to remember you should not have the same one for two or more accounts. In the event that you do fall victim to a phishing scam, the perpetrator can do a lot more damage if all of your passwords are the same. It is also recommended that passwords should be changed at least once every three months. Strong passwords contain unique phrases, upper and lower case letters, numbers, and special characters. A password manager that you access with a single password could be a good option if it gets too challenging to remember all your unique passwords.
• Utilize your bank’s alert system. If possible, set up your online banking accounts so that you receive notifications for such things as withdrawals, low balances, failed login attempts, or logins from unknown devices. Many banks offer these kinds of alerts via email or text. By being notified, you can help identify fraudulent activity in your accounts as soon as it happens instead of seeing it hours or days later when you log into your account.
What Information Can a Bank Ask You For?
Financial institutions will ask you the most questions when you are opening an account. In that situation, federal law gives them the right to ask for your full name, physical address, date of birth, social security number, and other contact information. You will also need to show proof of a driver’s license or other form of photo identification to prove that you are the person you claim to be when opening an account.
Your bank can also send you a text message asking you to confirm a transaction, but only if you previously opted into receiving text messages from them. If your bank contacts you by phone or text message, they will not ask you for sensitive information like your social security number or account number. They will only ask you for this information when you call them directly, so they can verify your identity before divulging information about, or granting access to your accounts. If your bank leaves you message, they will either leave a general informative message, or ask that you to return their call. If you are returning their call, just be sure to verify that the phone number is accurate by looking it up on their website, or in account documentation you may already have, like a bank statement or mortgage paperwork. If your bank needs to contact you with confidential information, it should come addressed to you in writing via postal mail, or via a secure communication delivered to your online banking account. If you receive something in mail asking for confidential information, you should still keep your guard up if it’s something you weren’t expecting. A quick call to your bank’s official phone number (not the number on the mailing) should help you verify whether it’s legitimate or not.
In 2020, the American Bankers Association ran a campaign titled “Banks Never Ask That”, highlighting some of the things a bank would not call or text you for. These include: your pin, account number, social security number, password, or security question answers. Here are other some tips to follow if your bank reaches out to you unexpectedly:
• Verify links lead to the website they claim. Hover over a hyperlink before clicking on it to see if it matches. Financial institutions are not likely to have a different website domain than their bank name.
• Be aware of urgent requests. Scammers will often attempt to make you panic by saying you need to do something right away. Another common tactic is to threaten you with a monetary loss, lawsuit, or other consequence. Take a minute to pause and verify the source before you frantically hand over information.
• Look for misspellings. Bank communications usually go through several proofreading channels to ensure the bank’s reputation. While it’s not impossible for a bank to send an email or other notice that contains a single typo, seeing grammatical errors or misspellings in a bank communication should be a major red flag that the mailing is not legitimate.
It seems scammers are gaining new techniques every day. If you notice any suspicious activity on your account or believe that you have fallen victim to a phishing attempt, you should contact your bank immediately.