Three Signs of a Phish

Using electronic communications to "fish" for personal information has become so prevalent a form of identity theft that most dictionaries have added a new word for it: “phishing.” A phish typically comes to people's inboxes or phones via email, text, or voicemail from a seemingly reputable source, such as a financial institution or popular e-commerce site, then tricks recipients into sharing private information or downloading malicious software.

Fortunately, many phishing email messages may contain clues that may help you identify them as such and protect your information. Take note of the following warning signs of a phish: 

  • Incorrect URL: Cyber-crooks can send emails from phony websites that mimic reputable ones. They create these hoax sites by changing a letter or character, or using a different extension, such as biz instead of com. If any part of a URL in an email seems awry, do not click through to it.

  • Suspicious text: Watch for incorrect grammar, unusual urgency, or messaging that is uncharacteristic of the supposed sender – each may be the sign of a phish.

  • False hyperlinks: Always hover over embedded links to ensure that the link actually goes where the text says it will. Online or email text with embedded links may seem to refer to reputable sites, while the hyperlink itself can link to a scam site.

If you receive a suspicious email message that appears to come from KeyBank, do not respond to the message. Instead, forward the message to emailfraud@keybank.com then delete the message from your mailbox.If you have already responded to the fraudulent email or have further questions, please call us at 800-539-1539.

* Example of a previously reported fraudulent email (PDF)