How to Spot Phishing, Smishing & Vishing Bank Scams

There’s a cruel irony to phishing, smishing and vishing bank scams that cheat anxious account holders out of tens of millions of dollars each year.

Fraudsters behind these rampant social engineering schemes violate the trust banks cultivate with their customers so they can trick individuals into providing access to their accounts. Using bogus texts, emails or phone calls, these con artists claim an account has been compromised and needs immediate attention. But providing the requested personal information, clicking a link or transferring funds could be a costly mistake.

So how do you know if that urgent email or abrupt text message is really from your bank? Answer: It usually isn’t. 

Financial institutions follow strict rules for corresponding with customers when sensitive account details are involved. In 2020, the American Bankers Association launched the #BanksNeverAskThat awareness campaign to help the public spot red flags associated with different types of phishing and related scams.

Like the ABA says, the best offense is a good defense. Don’t let tech-savvy imposters posing as bank employees outsmart you. Here are our pointers for staying free and clear of phishing, smishing and vishing bank scams orchestrated to empty your accounts.

Don’t Fall Victim to Phishing

This history of phishing dates back to the mid-1990s, when email became the primary form of electronic communication. In one of the first recorded scams, a group of hackers pretending to be AOL employees stole user passwords. And in the early 2000s, phishing scams began targeting people with PayPal and eBay accounts. 

Phishing scams have become highly sophisticated, and the FBI has released alarming statistics about their proliferation. In 2020, amid coronavirus lockdowns, phishing and related scams accounted for nearly one in every 10 internet crime complaints, according to the bureau. 

Unfortunately for banks and their customers, financial services is one of three industries most often used as fronts for phishing scams. Banking recently moved into the No. 3 spot behind technology and shipping after surpassing retail. Larger banks are particularly susceptible, with one study suggesting a 300% increase in bogus Chase sites between May and August 2021. 

If you receive an email that appears to be from your bank, treat it with a healthy dose of skepticism. Banks don’t typically ask for any personal or account information in emails, texts or phone calls. If you see any of these suspicious signs, be sure to contact your bank directly to verify the email actually came from them:

  • Urgent language warning of drastic action
  • Incorrect grammar or misspelled words  
  • Requests to provide personal information
  • Links to unfamiliar websites
  • Attachments with instructions to download
  • Oddities in the sender’s email address like an unfamiliar domain

Watch for These Smishing Red Flags

“SMiShing” is the nickname for bank scams targeting victims via text, or short message service (SMS). Anyone with a smartphone has likely received one of these texts, which should be promptly deleted and the number blocked.

As with phishing, smishing scams have exploded. They didn’t just double or triple in the first half of 2021—they saw a shocking sevenfold increase. About one in five smishing attacks were scammers sending a text message hoax under the guise of a bank or financial services provider. Again, unless you’ve signed up for text alerts related to your account, your bank isn’t likely to text you.

Sometimes determining if a bank text is legitimate can be tough. Follow these tips to save yourself from getting smished:

  • Be leery of out-of-the-blue texts purporting to be from your bank
  • Call your bank to verify before replying, tapping any links or calling a phone number in the text
  • Don’t be swayed by scare tactics suggesting your account is in jeopardy
  • Don’t provide a password or any account information
  • Screenshot the text, delete it and then block the number 

If you think you’re a victim of smishing, go a step further and file a complaint with the Federal Communications Commission. When you’re done, consider using your cellular provider’s text alias option to conceal your actual number. Your carrier might also be able to enable a feature that blocks texts from the internet since most smishing scams use an internet text relay service. Here’s a rundown of other strategies to rid your phone of text spam and scams. 

How to Spot Vishing Attempts

Vishing, or voice phishing, is another way scammers try to dupe bank customers. A vishing attack often comes in the form of a robocall, or an automated message delivered through auto-dialing software. Sometimes, though, there’s an actual person pretending to be with your bank on the other end of the line. Either way, there’s bad intent at play.

If you don’t recognize the number and your bank rarely calls you, there’s a good chance you might be the target of a vishing scam. The gist of the call, recording or voicemail will likely mirror others mentioned above. Be stingy if someone asks you to divulge or confirm personal account information and follow these guidelines to shut the scam down:

  • Don’t trust caller ID—scammers sometimes “spoof” legitimate numbers 
  • Let the call go to voicemail if you don’t recognize the number
  • If you do answer, ask the caller their full name, phone number and email address
  • If the call feels squirrely, hang up and call your bank’s main number to ask someone about the matter

Sadly, vishing is also on the rise, and the schemes are becoming more complex. Be sure to report vishing attacks to your bank or directly to the Federal Trade Commission

Community Point Bank is committed to keeping you safe from scammers. Never hesitate to contact us to verify any emails, texts or calls you receive regarding your account. Better safe than sorry!