Get the app


Warning Signs of Online Banking Scams and How to Protect Yourself

January 11, 2022


Warning Signs of Online Banking Scams and How to Protect Yourself

Most banking institutions utilize state-of-the-art cybersecurity techniques and tools to protect their customers' accounts. For this reason, cyber criminals find it easier to target the customers rather than their banks. Bad actors have developed techniques to trick potential victims into providing access to their accounts by convincing them to disclose sensitive information or to download malicious software. Knowing what to look for will help you to recognize online banking scams and avoid them. Implementing technical security controls for your devices and network connections will add an extra layer of protection.

Recognizing a scam

Phishing emails and text messages are tools frequently used by cyber criminals. Very commonly, scammers will try to convey a sense of urgency to cause their targets to act immediately without taking time to verify the legitimacy of a claim. Messages may indicate that your bank account has been compromised, that you've missed a loan payment, or that you need to validate a suspicious charge made to your account. Before you act, use a number you know to be correct, not a number provided in the message, to contact your bank and ask them if the message is legitimate. Don't allow yourself to be rushed into taking some action requested in an unsolicited, unexpected email or text.

Many scam emails lack personal information. They may be addressed to "dear customer" rather than using your name. A lack of personal information is a good indicator that the message is a scam. Criminals may also ask you to provide account information like your username, password, security questions and answers, your PIN, or your account number. Your bank will not request this type of information via email or text message.

Often, you can identify a malicious email by expanding the header information of the message and looking at the underlying email address of the sender. While criminals may spoof the From address causing it to appear as though the message came from the bank, the underlying address will be something completely different. The To address field may have a long list of recipients or be the same as that of the sender. Sometimes the address will look similar to that of your bank, but it may contain subtle differences like an extra letter, a hyphen, or a misspelled word. Delete messages like these and block the senders.

If you receive an email purportedly from your bank and the message includes a link or attachment, contact your bank at a number you know to be valid and ask if the message is authentic. Never click a link or open an attachment in a suspicious email or click links in questionable text messages. Doing so you may cause malware to be installed on your device. This could provide an attacker with remote access to the device or allow for the monitoring of all keystrokes, thus providing the criminal with the capability to steal login credentials and account data.

If you find yourself on a website that raises your suspicions, check for a security certificate. Click on the small padlock to the left of the URL. Doing so should reveal information about whether the site has a security certificate and, depending on the browser you use, should indicate whether any data you enter (like login information) is protected.

Be wary of suspicious phone calls as well. If you receive a call from someone claiming to be from your bank and asking for information about your account, discontinue the call and contact your bank immediately to report the incident.

Additional security controls for your devices and network

Your bank should be offering multi-factor authentication to its online customers. This adds an extra step to the login process and is usually accomplished through sending a PIN to your device after you enter your username and password. Unless a hacker has access to your device, he or she cannot breach the account without that additional authentication factor. Take advantage multi-factor authentication at your bank and anywhere else it is offered. The few extra seconds it takes to log in using this process is well worth the added security it provides.

Viruses and other malware can make it onto your devices in a number of ways even if you are careful about the sites you visit and the links you click. If a malicious application provides an attacker with remote access to your device or the ability to monitor your keystrokes, the criminal may intercept your banking credentials. Make sure all of your devices are set to download and install updates automatically. These updates may include critical security patches. Also make sure your devices are running anti-malware software. It, too, should be set to update automatically. It should also be set to scan the device periodically to find and remove threats.

If you receive an email with an attachment, use your antivirus software to scan the attachment before you open it. You should do this even if the message appears to have come from someone you know. The sender's device may have been compromised and a criminal may be using it to infect the devices of the owner's contacts.

Always use a different password for each of your online accounts. Never use your bank account password for any other accounts. Passwords should be complex and include upper and lowercase letters, special characters, and numbers. If you don't want to try and remember that many complex passwords, consider using a password manager. They are available for download at no cost.

Give serious thought to implementing a virtual private network (VPN) application on any device you use to access online accounts, especially those of financial institutions. A VPN creates a secure tunnel between your device and the site you are visiting. All data sent and received is encrypted and sent through the secure tunnel. Even if a hacker monitoring the network is able to capture encrypted data, it will be useless as the criminal would not have the key necessary to decode it. VPN use is especially important if you are on an unprotected Wi-Fi network. Many quality VPN applications are reasonably priced. Some are free, but do your research before downloading. Free VPN apps are known to slow network performance and have other defects that can make their use problematic.

In closing...

Banks have implemented many security safeguards and policies to protect depositors. Contact your bank or peruse its website to learn what security resources and controls are in use and what tools are available to you to help you secure your account. Make sure you have a good number on hand to call should you need assistance. Remember, if you receive a suspicious message or telephone call or have any reason to believe your account is in jeopardy, call your bank immediately. Don't allow yourself to be rushed into taking some action that may put your assets and your sensitive information at risk.




Continued Learning

For more personal finance education and tips check out the rest of our blog posts at