Scammers are creative — finding ways to try and get your banking or other personal information. They might use social media, email, texting to make contact and try to convince you to share account information. Of course, their ultimate goal is financial gain but first, they must convince you they are someone who you can trust. This is where phishing and smishing come in.
Phishing and smishing are scams to get you to reveal personal information using fraudulent email and text messages. For example, you might receive an email message from someone claiming to work in your bank’s fraud detection division.
The scammer will ask for access to your account — which requires your username and password. Without a doubt, that message is not from your bank.
How scammers try to get your bank information
1. Gain your trust
First, a scammer wants to gain your trust by pretending to be someone from an organization you already trust, like your bank. Managing money is important, so a message from your bank about possible fraud is likely to grab most people’s attention. If you are convinced your bank is contacting you about something going wrong with your accounts, then the scammer has succeeded in the first major challenge of a scam.
2. Use scare tactics
Scammers don’t want you to think about their message. They use phrases to scare or intimidate you. Texts or emails like: “Your credit card has been deactivated,” or they’ve, “detected unusual activity on your account and want to verify that you made several transactions.”
They try to make you think you need to respond immediately. Banks don’t send messages like that.
3. Ask for your account information
Once they have your trust, now the scammer wants to access your accounts. Scammers count on the fact that most people are not familiar with how banking computer systems work. Since you access your account with a username and password, you might think people at a bank would too.
No, that message asking for your login information isn’t from your bank:
- Your username and password are your way to access your accounts, no one else’s.
- Your bank will never ask for your password.
- Banks have their own secure ways of accessing your account information if needed.
- There are multiple controls in place to protect your data — this includes having well-defined ways bank employees may access your data.
4. Access your account
Once a scammer has your username and password, they can do the same things you can do with your account — like transfer money or access credit cards.
Remember: Bank employees are limited in what they can do based on their role and responsibility at the bank. A real bank employee investigating fraud won’t be able to transfer funds from your savings to your checking account. Bank employees are limited in what they can do.
Banks design systems to protect your accounts, so scammers will try to trick you into disclosing your account information. For scammers, they do not need to successfully trick everyone, their rate of return can be quite high even if they only con a small number of people.
Scammers will try new ways to trick you, but a careful eye for fraudulent messages and understanding that banks will never ask for personal information in an email or text message.
This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.