Using electronic communications to "fish" for personal information is such a prevalent form of identity theft that most dictionaries include a word for it: “phishing.” A phish typically comes to people's inboxes or phones via email, text, or voicemail from a seemingly reputable source, such as a financial institution or popular e-commerce site, then tricks recipients into sharing sensitive information or downloading malicious software.

Fortunately, phishing email messages contain clues that may help you identify them as such. To help protect your information, take note of the following basic warning signs of a phish:

  • False sender information: Be on the watch for emails that state they are from KeyBank, but are sent from a non-KeyBank email domain. For example, the fraudulent email address may say “KeyBank Online <>," but a closer examination of the domain name shown after the “@” symbol reveals that it is not related to KeyBank.

  • Suspicious message: Phishing emails and texts are typically unsolicited and contain an alert of some kind that triggers an emotional reaction. They also include a request to provide or validate sensitive information by clicking a link or attachment in an email or by calling a phone number in a text message – each of which should be considered signs of a phish.

  • False hyperlinks: Always hover over embedded hyperlinks to ensure that it actually goes where the name of the link says it will. Embedded hyperlinks in email messages may refer to reputable sites, while the link URL itself can point to a scam site. Cyber-crooks can easily create scam sites by simply changing a letter or character in the URL, or by using a different extension, such as “.biz” instead of “.com.” If any part of a URL in an email hyperlink seems awry, do not click through to it.

If you receive a suspicious email message that appears to come from KeyBank, do not respond to the message. Instead, forward the message to then delete the message from your mailbox. If you have already responded to the fraudulent email or have further questions, please call us at 800-539-1539.

* Examples of previously reported fraudulent emails (PDF)


The information and recommendations contained here have been compiled from sources believed to be reliable and represent the best current opinion on the subject. No warranty, express or implied by KeyBank, is made as to the absolute correctness or sufficiency of the information contained. This is meant as general information only; particular situations may require additional actions.

This document is designed to provide general information only and is not comprehensive nor is it legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. KeyBank does not make any warranties regarding the results obtained from the use of this information.