How to spot phishing scams

PROTECTING WHAT MATTERS

Got a suspicious-looking message? It may be a phishing scam. These best practices can help you protect your personal info and better spot those fishy cyber scammers. 

The highlights:

  • In the digital age, taking your cybersecurity seriously is critical, especially when it comes to your emails and messages. Look out for phony messages designed to steal your information.
  • Phishing scams can be very sophisticated and hard to spot, but knowing what to look out for can help you safeguard your personal data.
  • If you think you may have fallen for a phishing scam, don’t panic, but do act quickly.

Cyber thieves are becoming more sophisticated, making it harder to tell whether a spam message may have been sent to you. The number of phishing cases reported continues to rise each year and experts estimate that 3.4 billion phishing emails are sent each day.Disclosure 1 Luckily, there are ways you can help protect yourself so you can confidently scroll and swipe through the digital world.

What to know about phishing scams

Phishing is the process of fraudulently accessing your personal data by posing as a person, brand, or company you trust. If they're successful, scammers can use your passwords, Social Security number, birthday, credit card numbers, or bank account info to try to make purchases, transfer funds from your accounts, or open new accounts using your identity.

Scammers are creative in their ploys but often predictable in their mindset. The whole idea is to fool you as much as they can, for as long as they can, to steal as much as they can. Scammers will take different approaches to try to get your info—it can start with an email asking you to reset your password, claiming your account was compromised, or appearing to be a friend request from a fake profile. While phishing scams continue to evolve, cybercriminals often use the same strategies and schemes to try and lure potential victims. Look for company name misspellings or URLs that are slightly different from a legitimate website. Read on to see examples of common phishing scams.

Four different types of phishing scams.

Americans lost approximately $12.5 billion to online fraud in 2023, according to the FBI's Internet Crime Complaint Center. The more you know about phishing scams, the easier it can be to identify these risks—and the more confident you can feel online. No doubt you’ve been bombarded with pop-ups claiming you have a virus or text messages that provide fake package tracking links. Those types of scams are only the beginning—watch out for these other common types of phishing attacks:

1. Social media phishing: You know that random account that followed you on Instagram? There’s a chance it could be a fake profile set up to target you and others in your friend circle. Social media phishing accounts sometimes have minimal traffic and lack authentic content and engagement when you dig into their profiles. Cyber thieves often pose as a relative or a friend of a friend.

Tip: If you’re not sure the account is 100% legit, just don’t accept the request. This isn’t about being nice or polite—it’s about staying safe.

2. Email phishing: Scammers have gotten really good at creating emails that look official, posing as your bank or a retailer you shop with. They may claim that you need to reset your password or update your payment information, often making the matter out to be urgent. Their goal is to trick you into handing over your account information or clicking a link that contains malware. 

 Tip: If you’re ever unsure if an email is legit, it’s important to reach out to the company that supposedly sent it to confirm. If you’re even a little unsure—just don’t click it. If you want to check your account, do it through the company’s Website and not through the link in the email.

3. SMS phishing (smishing): Similar to the types of messages you may receive from email or social media phishing, scammers who are able to get your phone number may also send text messages that contain harmful links or urgently request sensitive information. 

Tip: Most financial institutions, Truist included, will never ask for your personal data via text, email, social media, or phone call. Urgency and pressure are red flags—no matter what a message says, you have time to research the matter yourself. Go to the company’s home page to log into your account or find a way to contact them.

4. Spear phishing: A targeted scam that zeroes in on people or companies with status or wealth. Typical targets include the elderly, organizations, and employees who have access to money or sensitive account information. 

Tip: You may get an email at work that appears to be from one of your executives requesting a company credit card or transfer of funds for an urgent business matter. Urgency is a red flag. Verify this request by reaching out to a trusted leader or to your IT cybersecurity department. Better to check and be safe than to get caught in a sneaky spear phishing scam.

5 steps to help protect yourself from phishing

These steps can help you take action quickly if your information is compromised.

  1. Monitor your credit and know how to freeze it. Regularly monitor your credit report and dispute any false information. If you have no big purchases planned and aren’t looking to get a new line of credit or loan, you can simply freeze your credit. Freezing your credit is free but requires you to contact each credit bureau (Equifax, Experian, and TransUnion).
  2. Keep an up-to-date digital financial inventory. Using a password manager or a password protected document, keep track of your account numbers, login IDs, passwords, and customer service numbers. Having this list handy can allow you to quickly change your passwords and contact your bank/creditors.
  3. Know how to file a report with your credit or banking institutions. They may also have an internal fraud investigation team that can provide an additional layer of support. Truist customers can file online or call 844.487.8478.
  4. Know how to notify the right authorities. Ensure you file a report with the Federal Trade Commission at ftc.gov/complaint. If you’ve been the victim of fraud through a phishing scam, your local authorities may be able to pursue criminal charges. Report phishing email cases to the Anti-Phishing Working Group at reportphishing@apwg.org. Phishing text messages should be forwarded to SPAM (7726).
  5. See something? Say something. If someone is targeting you with a fake profile, report the profile on the site or app and inform family and friends so they know to watch out.
Three tips to create a strong password 1. Make your passwords complex. 2. Don’t recycle passwords. 3. Use a password manager.

If you’re a Truist client, you should call 844-4TRUIST (844-487-8478) if you think you’re a victim of fraud or think you’ve received fraudulent contact from someone impersonating Truist. You should also forward any suspicious emails to EmailAbuse@Truist.comVisit Truist’s Fraud and Security center for additional instructions on what to do if you’ve been targeted.

Next step suggestions:

Your best line of defense against cybercriminals is to arm yourself with knowledge and be proactive. Consider the following:

  • Trust your instincts: Accept friend requests with care—and don’t click suspicious links, answer emails from senders you don’t know, download unsolicited attachments, or give out your personal info via email, text message, or unsecured site.
  • Secure your network: You can install a firewall (software that blocks unauthorized access), a virtual private network or VPN (where a private network uses encryption over a public network), or a two-step authentication system (where you have to receive a code or text message to verify the account) to help prevent potential attacks.
  • Update passwords and browsing software: Change passwords frequently to help prevent breaches. Also, update your browser when prompted—older versions could have security risks.
  • Have a backup plan: Back up important data to prevent losing it.
  • Pay attention in public: If you’re in a public setting, be careful of sharing sensitive information online (or on your phone). Use the same precautions with public Wi-Fi because bad actors may be able to capture your personal information.

Following these strategies can help guard your sensitive information from online threats. Hopefully, doing so will give you a confidence boost while browsing. Download this checklist for additional ways to help protect your data.

Related resources

Component ID : "accordionGridLayout-1624256768"
Model : "disclaimer"
Position : "left"

Disclosure 1The Latest 2024 Phishing Statistics,” AAG, updated June 2024.

This content does not constitute legal, tax, accounting, financial, investment, or mental health advice. You are encouraged to consult with competent legal, tax, accounting, financial, investment, or mental health professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

Disclosures

Truist Bank, Member FDIC. © 2025 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

Equal Housing Lender

Investment and Insurance Products:

  • Are Not FDIC or any other Government Agency Insured
  • Are Not Bank Guaranteed
  • May Lose Value

TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and /or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by McGriff Insurance Services, LLC (McGriff), Kensington Vanguard National Land Services, LLC (Kensington Vanguard) and Crump Life Insurance Services, LLC (Crump). Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable (PJRV), LLC, Arkansas License #100110185. Member FINRA.

McGriff, Kensington Vanguard, Crump, TLIS, and PJRV are not affiliated with Truist Financial Corporation or any of its subsidiaries.

Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

"Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Truist offers the following resources for consumers that have Limited English Proficiency:

  • Multilingual teammates available at our Multicultural Banking Centers
  • Materials for some products and services are available in Spanish, Korean, Vietnamese, Mandarin, and other languages spoken in the communities we serve.
  • Phone assistance in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages please speak to a representative directly.

New York City residents:

Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

  • Limited English Proficiency Support
  • New York City residents

Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

Site footer

Footer Navigation

Banking products
About Truist
Resources
Support

© 2025, Truist. All Rights Reserved.