What's that smell? It's phishing emails.

Authors: Franklin Hambrick & Joshua Wilbourn

What is that smell?

Does this link look suspect? http://bankofamericafakewebsite.com

It smells fishy and it’s called phishing. Ever receive an email from, what initially looks like, your bank warning you that your savings and checking accounts have been locked out due to suspicious withdrawals, your account is out of date, or you are eligible to raise your credit limit on a credit card? These could be fake emails are all scams called phishing emails.

What is phishing

Email phishing is a form of social engineering and it is as old as email itself.  These emails pose as a trusted organization or individual to trick you into providing information. These scams are an attempt to get you to volunteer your personal information to criminals or to install malware on your devices. Criminals will try to trick you into providing personal or financial information that they use to steal money from your bank accounts, or even open new lines of credit.

How to tell if it is a phishing email

If you are careful, you can tell what a fake email looks like versus a legitimate email. A good phishing email, however, will be extremely hard to tell the difference. They will have the proper letter head, the proper bank icons, and if they did their homework, they would have the proper authorities at the bottom. Some things to look at though is if the information they are requesting is correct. Your bank will never ask you, via email, to disclose your personal information such as your password, credit card number, or mother’s maiden name. That information is already stored in their database. Does the email have an urgency date on it? If you receive a warning about closing your account or your access is limited if you do not reply, is a good sign of a phishing email. Many phishing emails are filled with grammatical errors. Many will have misspellings, and capitalizations that are not needed. One of the easiest ways to tell if it is a phishing email, is in the URL (website they want you to go to). If it says anything other than your bank, it is most likely a phishing email. Another tall tale sign is about fraudulent charges, stating that your account will be suspended if you do not reply.

Banks protect you from phishing

Banks take extensive steps to protect your personal information. Banks have their own teams of cyber security personnel working to find these websites and shut them down. Banks will also pass out information and teach you more about what to look for in phishing emails.

What should you do if you receive a phishing email?

Call you bank at a known correct number. Explain to them what is going on and your bank will provide information on next steps. Do not call the number in your email. If you do not want to call your bank, open a new web browser, and enter your bank’s website. Never click the link in the phishing email or hit the reply button.

Always be skeptical. Phishing emails can look like they come from your bank or even your HR department. If you have any doubts, call your bank with the phone number you know is correct or go there in person. Take a screenshot of the phishing email address and show it to your bank. Their cyber security team will act on their end to make sure it does not happen again. Go to your bank and ask for information about how you can better prepare if you ever receive a phishing email. Remember, never send personal information or financial information by email!