It’s October, and Halloween is on the brains — oops, we mean brain! — and in homes and schools across Utah, kids (of all ages!) are asking themselves: “What should I be this year?” The answers are endless. A zombie? A cheerleader? A Martian? A zombie cheerleader from the mysterious Red Planet?

Speaking of outer space, do you believe in aliens?

Wait.

That’s a strange question, right? Someone from the bank wouldn’t really ask you that, would they? Well, definitely not in a text message, phone call or email, just like they would never ask you for your PIN in a text message, phone call or email.

I292 bnataba aliensThe question is actually part of a witty anti-phishing program called “Banks Never Ask That!” created by the American Bankers Association (ABA) to help you spot a scam and stop bank imposters in their tracks. Bank of Utah is partnering with the ABA on this educational effort because we are committed to helping you protect your personal and financial information.

Throughout the month of October — which is National Cybersecurity Awareness Month — we’ll be sharing videos, quizzes and advice to help you recognize suspicious messages because when you know how fraudsters “phish” for information, you’ll be less likely to be misled.

What is ‘Phishing’ and Why You Need to Know

Do you prefer M&Ms or Swedish Fish? Again, banks would never ask you that, but if you picked the gummy fish, you’re not alone! It’s one of the most popular Halloween candies out there, but there’s another type of fish that is no treat. In fact, it’s a terrible trick that can cost you your personal information and thousands of dollars — and it’s spelled p-h-i-s-h.

According to the ABA, “phishing is when you get emails, texts or calls that seem to be from companies or people you know, such as your bank, but they’re actually from scammers. They tempt you to click on a link or share personal information (like a password or social security number), so they can use that information to steal your money and/or identity.”

Cyber scams are unfortunately both common and widespread today. According to FBI data compiled by CCTV Camera World, victims lost $4.2 billion nationwide to cybercriminals in 2020, up from $3.5 billion
the year prior. Utah ranks fifth highest in the nation in cybercrime losses, with the average victim losing $9,562 to fraudsters. It is important to be alert — always.

You might receive phishing scams three different ways:

1. Via Text Message
Be wary of text messages from people claiming to be bank employees, asking you to sign in to your account online or to give them your personal information. It’s a scam. Banks never ask that!

2. Via Email
Watch out for emails that ask you to provide your social security number. The sender may claim to be someone from the bank, but it’s a scam. Banks never ask that!

3. Via Phone Call
Be wary of phone calls asking you to verify your bank account number, even if the person on the other line says they’re from the bank. It’s a scam. Banks never ask that!

In fact, banks will never reach out to you via phone, email or text and ask for the following to verify your identity:

  • Account number;
  • Username or password;
  • Social security number;
  • PIN number;
  • Birthday;
  • The answers to your security questions;
  • A one-time code needed to log in; and/or
  • Address.

Did a Phone Call, Text or Email Make You Feel Uneasy? Go to the Source!

Would you rather have the power of invisibility or the power to fly? Banks wouldn’t ask you that either, but as a customer you do have an important power — the power to hang up on a suspicious caller, delete a worrisome text message or trash an email that doesn’t read quite right. And from there, you can go to the source. Call your bank directly to talk to a bank employee about the message you received.

When you call, make sure you’re using a verified phone number such as the number you find on the institution’s website. Never call a number on a suspicious email or text, and never trust the number on your caller ID. You can find Bank of Utah’s phone number, for example, in the Contact Us section of our secure website. You know it’s secure because of the padlock icon in front of the address.

And remember, when you call, you may be asked to verify confidential information, but a bank employee will not contact you asking for personal information.

Fight Scams with Knowledge!

Can you spell chrysanthemum? Asking you to spell the popular fall flower is definitely something a bank would never ask, but watching for spelling errors is a good way to spot a scam. The “Banks Never Ask That!” program is filled with tidbits of information like this, so you can be aware, be prepared and take simple precautions to avoid becoming a victim.

In addition to the tips already mentioned, take these steps to ensure your personal and financial safety:

  1. When available, enable multi-factor authentication (MFA) for all of your accounts, such as your email, PayPal and Amazon accounts, etc. Think of MFA like adding a deadbolt. It requires you to input your password and a random code on your phone. The extra work required is a great deterrent.
  2. Set unique log-in IDs, something more than a variation of your name, if possible.
  3. When creating a password use a passphrase – a sentence or random series of words – where possible. Length is key, the longer the better.
  4. Always use unique passphrases for all of your online accounts. If you’re afraid you won’t be able to remember all of them, a few dollars a month spent on a credible password manager, such as LastPass, Keeper or 1Password, is a great investment.
  5. Combine all of the above for the best results.

You can get even more cybersecurity advice and information about the latest scams from Bank of Utah’s new Financial Security Center and Fraud Resource Library. And, as always, if you’re afraid you’ve become a victim to fraud, call your bank or financial institution right away. We’re here to help — not ask you about aliens!

For more information, tips and to take the quiz to know your scam IQ visit the ABA’s page BanksNeverAskThat.com.