Skip to main content
Banks design systems to protect your accounts, so scammers will try to trick you into giving them your account information. Here's how scammers may try to get your bank information — and how you can stay safe.

Scammers are creative — finding ways to try and get your banking or other personal information. They might use social media, email, texting to make contact and try to convince you to share account information. Of course, their ultimate goal is financial gain but first, they must convince you they are someone who you can trust. This is where phishing and smishing come in.

Phishing and smishing are scams to get you to reveal personal information using fraudulent email and text messages. For example, you might receive an email message from someone claiming to work in your bank’s fraud detection division.

The scammer will ask for access to your account — which requires your username and password. Without a doubt, that message is not from your bank.

How scammers try to get your bank information

1. Gain your trust

First, a scammer wants to gain your trust by pretending to be someone from an organization you already trust, like your bank. Managing money is important, so a message from your bank about possible fraud is likely to grab most people’s attention. If you are convinced your bank is contacting you about something going wrong with your accounts, then the scammer has succeeded in the first major challenge of a scam.

2. Use scare tactics

Scammers don’t want you to think about their message. They use phrases to scare or intimidate you. Texts or emails like: “Your credit card has been deactivated,” or they’ve, “detected unusual activity on your account and want to verify that you made several transactions.”

They try to make you think you need to respond immediately. Banks don’t send messages like that.

Email scams are a common trick used by cybercriminals. Here’s how you can stay safe — in two minutes or less.

3. Ask for your account information

Once they have your trust, now the scammer wants to access your accounts. Scammers count on the fact that most people are not familiar with how banking computer systems work. Since you access your account with a username and password, you might think people at a bank would too.

No, that message asking for your login information isn’t from your bank:

  • Your username and password are your way to access your accounts, no one else’s.
  • Your bank will never ask for your password.
  • Banks have their own secure ways of accessing your account information if needed.

There are multiple controls in place to protect your data — this includes having well-defined ways bank employees may access your data.

4. Access your account

Once a scammer has your username and password, they can do the same things you can do with your account — like transfer money or access credit cards.

Remember: Bank employees are limited in what they can do based on their role and responsibility at the bank. A real bank employee investigating fraud won’t be able to transfer funds from your savings to your checking account. Bank employees are limited in what they can do.

Banks design systems to protect your accounts, so scammers will try to trick you into disclosing your account information. For scammers, they do not need to successfully trick everyone, their rate of return can be quite high even if they only con a small number of people.

Scammers will try new ways to trick you, but a careful eye for fraudulent messages and understanding that banks will never ask for personal information in an email or text message.

If you receive an email or text from RBC you think is suspicious, don't click it. Ask yourself these questions and forward it to phishing@rbc.com — then delete it.