Skip to main content
Background >

Blog

Don't Get Hooked: Common Banking Phishing Scams & How to Protect Yourself

June 30, 2025

Hackers and other online scammers are constantly devising phishing schemes to trick everyday hardworking people into revealing sensitive personal information, accessing financial accounts, or making other costly mistakes. At Finger Lakes Federal Credit Union, we understand the risks posed by cybercriminals and want to help you recognize and avoid common banking phishing scams.  

 

Understanding Phishing in Banking

Financial institutions remain among the top targets for hackers due to the valuable data and assets they protect. Cybercriminals frequently attempt to compromise accounts, steal debit and credit card data, or harvest personal information that can be sold on the Dark Web.

 

What Is Phishing?

“Phishing” is aptly named—it mimics fishing by casting bait to lure victims. A hacker might send thousands of fraudulent messages at once. The email message is designed as bait to ensnare victims into a call to action that could include prompting the recipient to send money, providing a debit or credit card number, checking account number, or online banking credentials to resolve a financial emergency. Today’s phishing scams are varied and growing more sophisticated—but their goal remains the same: to exploit trust and gain unauthorized access to your personal or financial information.

 

Why Financial Institutions Are Prime Targets

Banks and Credit Unions are primary targets for hackers because they store a wealth of valuable data and financial assets of their clients. These fraudulent criminals also attempt to impersonate financial institutions to use the trust you have built to their advantage. Checking and savings account balances are just the tip of the iceberg when it comes to cybercrime. Hackers are also after confidential information such as Social Security numbers, healthcare information, passwords, and login credentials.

   

Common Banking Phishing Scams

An estimated 3.4 billion phishing emails are sent daily - more than the number of people on the planet every three days. Why so many? Because they work. Over 90% of cyberattacks begin with a phishing email attempt. Here are some common types:

  • Fake Emails from a company or service provider
  • Phony Text Messages (Smishing)
  • Spoofed Websites that appear to be legitimate
  • Voice Call Scams (Vishing)
  • Social Media Impersonations

Scammers often combine tactics, such as sending an email followed by a phone call, to create a sense of legitimacy and urgency.

 

Red Flags to Watch For

Hackers rely on well-established and effective playbooks and storylines to deceive unsuspecting targets. While their methods continue to get people to click on a malicious link, download a malware-laced file, and give up critical information, many can be easily identified. These are red flags to look for when receiving an unsolicited email message:

  • Urgent or threatening language
  • Unsolicited “Donation” requests (including phony political support campaigns)
  • Emails containing attachments you were not expecting (Don’t open them!)
  • Requests for personal, financial, or login information
  • Suspicious email addresses or phone numbers (although these can be masked to appear as legitimate contact information, including caller ID)
  • Unsecured or Mismatched URLs
  • Spelling and grammatical errors

 

If anything feels off, don’t engage. Delete the message and contact the organization directly through a verified phone number or website.

 

The Rise of Spear Phishing

While many phishing attempts are generic, more advanced scams—known as spear phishing—are highly targeted. These scammers research their victims, using social media and online profiles to follow or connect with you, and gather information to craft convincing, personalized messages. Details like where you bank, shop, or dine may be used to gain your trust.

 

How to Protect Yourself

  1. Call us directly if you are ever confronted with an alarming situation so we can help you.
  2. Use strong passwords for all online logins and never share them! Change your passwords periodically and avoid reusing the same passwords for different types of online logins.
  3. Enable Multi-Factor Authentication to all your online logins. This adds an extra layer of security, like a code sent to your cell phone or generated by an app to confirm your identity when you log in. NEVER give these out to anyone over the phone! We will never ask you for these codes. If you are ever asked for these codes – it’s a scam!
  4. Be guarded and naturally suspicious of unsolicited emails, calls, and text messages. Avoid the trap and don’t try to resolve situations by clicking on email links or divulging login credentials. Instead, it is safer to call or log into the company or service yourself to confirm the situation before proceeding. Give yourself time and avoid the immediate urgency the criminals are trying to convince you of. Never move money if you are being directed by another person for any reason.
  5. Keep Software and operating systems up to date. Install antivirus on all devices. Never click on email messages related to antivirus software or subscription issues – always go to the official site to manage the service.
  6. Practice Safe Online Habits
    • Avoid Public Wi-Fi for banking
    • Don’t overshare on social media (especially your date of birth)
    • Monitor your bank accounts regularly
    • Turn on debit and credit card purchase alerts
    • Don’t fill out random surveys that come by mail or email – this information can be collected and sold to third parties.
    • Freeze your credit with all credit bureau reporting agencies for added protection
  7. Consider using a password manager to generate, store and manage strong passwords.
  8. Educate your household, especially vulnerable older adults and teens, about common phishing tactics.
  9. Consider subscribing to a service that can monitor your credit and when your personal information is sold on the Dark Web. (The Credit Union offers such a service if you are interested.)

 

What to Do If You’re Targeted

  • NEVER provide login credentials or dual authentication codes! We, and any legitimate business, will never ask for them. Hang up in this situation immediately.
  • Slow down and disengage: DO NOT engage, respond, or click links. Scammers use urgency to pressure victims. Almost nothing requires immediate action. Avoid the immediate urgency of the situation presented which can come in several different forms. NEVER move money or buy gift cards if you are being directed to do so. Hang up and don’t allow them to keep you on the phone or “transfer your call” as this could be yet another criminal.
  • Stop and Verify: Contact the company directly with contact information that is found on a company website. Confirm the situation well before you make any decisions to act.
  • If the contact was not legitimate, block it on your devices.
  • Change your password immediately related to the service or company, just to be safe.
  • Report the scam to the Credit Union immediately if you have been targeted. If you are a senior citizen, also consider letting a family member know. Report the scam to Authorities if you have become a victim.

     

At Finger Lakes Federal Credit Union, your security is our top priority. If you suspect phishing or receive suspicious communication claiming to be from us, call us at 1-855-866-9328 or visit your local branch.

Stay alert, stay secure!