Skip to main content

Related content

Close save Save

How to spot a suspicious email or text

Read, 2 minutes

Clicking a link in an email or text that isn’t what it appears to be could cost you or your business time and money. Fraud tactics are becoming increasingly sophisticated, and according to the FBI’s annual Internet Crime Report, cyber crime accounts for billions of dollars of losses to businesses and individuals each year. Use these tips to keep your information safe.

Know the red flags

Phishing attacks, typically communications that attempt to lure individuals into providing personal information, can be difficult to distinguish from legitimate emails. However, there are a number of clues. For instance, be wary of:

Subject lines that demand urgent or immediate action

Odd or unfamiliar senders

Unexpected requests

Close text version

Take a look at this example of a suspicious email and the signs it isn't legitimate

From: MyBank

Uses incorrect company name or email address.



Dear Customer,

Doesn’t use your name.

We suspeck a unauthorized transaction on your account.

Has misspelled words or awkward wording.

To ensure that your account is not compromised, please click the link below and confirm your identity.

Asks you to verify or provide personal information.

Our records indicate your account was overcharged. Do not call us, to receive your refund, you must click on the link below ASAP.

Tells you not to call.

Includes unusual URLs or ones that appear to be altered.

Article continues below

Related content

If you receive a suspicious email:

Do not click on any links, reply to the message or download any attachments.

Even if the link looks legitimate, it could be a phishing link in disguise. Always go to a company’s website by entering its correct URL directly in your browser or using their official app if one is available.

If you are a Bank of America customer, forward the email to and then delete the email. You will only receive a reply if additional information is required.

Stay vigilant against phishing attacks

Email scammers change their tactics regularly. Your best defense is to be on the lookout at all times. You can also protect yourself by following a few online and mobile security best practices, such as using strong passcodes and making sure your devices have the latest security patches.

Other social engineering attacks to know about

Smishing: Utilizes SMS and messaging apps instead of email. Avoid clicking links or responding.

Vishing: A cyber criminal impersonates a trusted source or utilizes tactics such as robocalls. Avoid sharing information, especially if you didn’t initiate the call.

Close Disclaimer

The material provided on this website is for informational use only and is not intended for financial or investment advice. Bank of America Corporation and/or its affiliates assume no liability for any loss or damage resulting from one’s reliance on the material provided. Please also note that such material is not updated regularly and that some of the information may not therefore be current. Consult with your own financial professional when making decisions regarding your financial or investment management. ©2024 Bank of America Corporation.

What to read next