Even the real thing can look sus

Bank Scams Are Hard to Spot. Here's How to Tell if That Message Is Legit

Even the real thing can look sus

Arielle Burton usually ignores emails from her bank. They're typically advertisements for products she doesn't need, such as a new credit card. But she noticed when she got a message about an account change that would cost her money.

"When I saw an email about how my checking account maintenance fee was doubling, I paid attention to that wording," said Burton, an editor at CNET.

TAX SOFTWARE DEALS OF THE WEEK

H&R Block Free Simple Tax Returns eFile: $0 (save $0)
TurboTax Deluxe 2024 (Federal and State, PC/Mac Download): $56 (save $24)
TurboTax Premier 2024 (Federal and State, PC/Mac Download): $83 (save $32)
TaxSlayer Classic Plan: $28 (save $10)

Deals are selected by the CNET Group commerce team, and may be unrelated to this article.

It was a Sunday, and no one answered when she called the number in the email. TD Bank's customer service was supposed to be 24/7. When she reread the email, she noticed some of the links were broken, and she got worried. She'd shared some personal information when she called. Was she being targeted by a banking scam?

Burton reached a TD Bank customer service representative on Monday, who told her the message was legitimate and that the best phone number to call was listed on the mobile app. She also learned her current account was being phased out so she looked into a newer TD account to avoid the higher fees.

But she had a big unanswered question: How is she supposed to know when her bank is really contacting her? After all, a legitimate email raised a bunch of red flags.

If you're worried about whether you can trust a message claiming to be from your bank, here's what you need to know.

Read more: Is That Text Message From Your Bank Legit? How to Detect and Avoid SMS Phishing Scams

Legitimate reasons your bank might contact you

Your bank will need to get in touch with you sometimes. Here are four common reasons you'll hear from it.

🪪 To verify your identity

When you open an account, your bank will verify your identity. This is part of a federal law known as Customer Due Diligence, which is designed to ensure that you are who you say you are and that you aren't involved in illegal actions such as money laundering.

Your bank may ask you to provide your Social Security Number or Tax ID, along with other details, including your mailing address, phone number, email and birthdate. For example, when my wife and I recently opened an Ally joint savings account, she received a physical notice in our mailbox with a request to log in and confirm her Social Security Number

Note that a bank will never call, text or email you to verify your identity. They'll only request this via mail to your physical address or within the bank's secure message center.

Your bank may also verify your identity when you take certain actions. For example, if you call the bank's customer service line, you may be asked to share a private password you created. If you need to reset the password to your online bank account, you may need to verify using two-factor authentication with a unique code sent to your mobile number. Anytime you're making a change to your account, your bank will want to make sure it's really you.

⚠️ To alert you of suspicious activity

If your bank thinks your account behavior is unusual, it may text you to confirm that you initiated the transaction.

That said, keep in mind that most banks have advanced algorithms that can spot fraudulent activity and automatically reject transactions that seem sketchy. If you're worried someone has hacked into your account, it's best to log into your banking app to review your transactions. If you spot something suspicious, contact the bank using official avenues (more on that below).

🚨 To warn you about a low balance

If you've opted into account alerts, you may receive a notification when your balance dips below a certain amount. Depending on the preferences you selected, this may be by email, text or push notification.

Take a moment to review your account settings and see how these messages will arrive. Then, log into your account to verify that your balance is actually low.

🔓 To inform you of a data breach

While banks use best-in-class encryption to protect your data, they're also prize targets for hackers. When a bank suffers a data breach, it's legally required to tell customers about it, along with what types of data may have been compromised.

This may come as an email but it's often a piece of physical mail with additional information about what the bank is doing to safeguard your details, such as offering identity monitoring services for a certain period of time.

Be aware that some scammers create fake data breach alerts to try to get your information. Here's what these scams look like and how to stay safe from them.

How to make sure you're really talking to your bank

Even if you receive a communication that looks legit, it's wise to take these precautions to verify you aren't being duped.

📱Call the bank's official customer service number or chat with an agent

Call the toll-free number on the back of your debit or credit card or visit the bank's official website and look for the "Contact Us" section. You also may be able to log into your online account and chat with a representative.

✉️ Send a secure message through the online portal

Sign in to your account through the bank's official website or app and send a secure message. This is my go-to option for communicating with one of my banks, Chase. I usually get a response within one business day, as well as an email alert letting me know I've received a message.

🏦 Visit a branch

You can also visit your local bank branch and talk to a human being. You can walk in and ask if someone is available but scheduling an appointment with a representative can ensure you're able to speak with someone promptly.

Should you automatically respond to a message from your bank?

No. While it's important to take communication from your bank seriously, don't feel pressured to respond immediately. Scammers often create a sense of urgency to make you act before you think twice.

When you receive a message about your bank account, take a deep breath and scrutinize the details before taking any action. Is the sender's address odd? Are there misspellings? Are they asking you to share your PIN or other sensitive information? Review these common red flags from the American Bankers Association to know what to avoid.

A note on voice authentication

Banks have increasingly adopted biometric-enabled authentication to step up their security game, which should provide peace of mind for most customers. No one can replicate my face or my fingerprint so I feel pretty good about my account security when I use these features. There's one method, however, that I'm not as confident about: voice authentication.

Banks like Wells Fargo use voice verification services to grant some account holders access to their details. I'm skeptical of the safety of this because it only takes $5 to get AI to clone your voice. Burton is similarly skeptical.

"Whenever I hear that invitation to enroll in automatic voice security, I always opt out," Burton said. "Absolutely not. I see what AI can do. You can send a six-digit code to my text every time or a link to my email. People are getting very crafty and very clever."

Better safe than sorry

According to data from the Federal Trade Commission, consumers lost more than $12.5 billion to fraud last year. While it may be easy for a bad actor to get in touch with you via email, text or social media, you can take steps to make it hard for them to walk away with anything. With something as important as your money, it's always smart to be cautious.