Skip to main content

Related content

Close save Save

How to spot a suspicious email or text

Read, 2 minutes

Clicking a link in an email or text that isn’t what it appears to be could cost you or your business time and money. Fraud tactics are becoming increasingly sophisticated, and according to the FBI, cyber crime accounts for billions of dollars of losses to businesses and individuals each year. Use these tips to keep your information safe.

Know the red flags

Phishing attacks, typically communication that attempts to lure individuals into providing personal information, can be difficult to distinguish from legitimate emails. However, there are a number of clues. For starters, be wary of:

Subject lines that demand urgent or immediate action

Odd or unfamiliar senders

Unexpected requests

Close text version

Take a look at this example of a suspicious email and the signs it isn't legitimate

Inbox

From: MyBank

Uses incorrect company name or email address.

Subject: Re: Urgent request

Attachment.doc

Dear Customer,

Doesn’t use your name.

We suspeck a unauthorized transaction on your account.

Has misspelled words or awkward wording.

To ensure that your account is not compromised, please click the link below and confirm your identity.

Asks you to verify or provide personal information.

Our records indicate your account was overcharged. Do not call us, to receive your refund, you must click on the link below ASAP.

Tells you not to call.

http://mybank.co.za/1233

Includes unusual URLs or ones that appear to be altered.

If you receive a suspicious email:

Do not click on any links, reply to the message or download any items.

Even if the link looks legitimate, it could be a phishing link in disguise. Always go to a company’s website by entering its correct URL directly in your browser or using their official app if one is available.

Contact the Federal Trade Commission Complaint Assistant—and then delete the email. (Bank of America clients can forward the email to abuse@bankofamerica.com, though the bank will only reply to your message if it requires additional information.)

Stay vigilant against phishing attacks

Email scammers change their tactics regularly. Your best defense is to be on the lookout at all times. You can also protect yourself by following a few online and mobile security best practices, such as using strong passcodes and making sure your technology has the latest security patches.

Other social engineering attacks to know about

Smishing: Utilizes SMS and messaging apps instead of email. Avoid clicking links or responding.

Vishing: A cyber criminal impersonates a trusted source or utilizes tactics such as robocalls. Avoid sharing information, especially if you didn’t initiate the call.

Close Disclaimer

The material provided on this website is for informational use only and is not intended for financial, tax or investment advice. Bank of America and/or its affiliates, and Khan Academy, assume no liability for any loss or damage resulting from one’s reliance on the material provided. Please also note that such material is not updated regularly and that some of the information may not therefore be current. Consult with your own financial professional and tax advisor when making decisions regarding your financial situation.

What to read next