Fraudulent Emails

Stay on guard for fake emails and websites designed to steal your financial information.

You can help protect yourself from this kind of fraud. Here are some things to keep in mind:

Exercise caution

Emails that look like they came from BB&T might be fake. If the email asked for confidential personal information, you can be sure it wasn't from us.

Fraudsters will ask for payments or give new account numbers for future payments. The email requests may look like regular communication between you and another party. They may even be inserted into an ongoing conversation. The email requests will often have a sense of urgency that plays on your desire to help solve a problem.

BB&T does not ask for confidential client information this way. These messages are fraudulent, and they aren't from BB&T. If you get one, don't respond to it, and don't click any of the links in the message.

If you've already responded to one of these messages—or have reached a site that looks like BB&T online banking after following a link in one of these emails—please call 888-BBT-ONLINE (888-228-6654) right away.

Report phishing emails

Report suspicious email that uses the BB&T brand by forwarding the email to us at

Protect yourself and your organization

Fraudsters rely on social engineering to prey on the expected behavior of an employee to open an email, click on a link or open an attachment. These fake emails often appear to come from an executive or senior manager.

Criminals try to get sensitive or confidential information directly from fake emails. First, they figure out who your company does business with. Then they exploit employees by sending emails that look like they're from business associates.

Criminals also know it's easier to profit from trusted relationships than to try to hack into a company. Taking advantage of that trusted relationship—whether it's with a senior manager, executive or trading partner—is easier when they pose as somebody you trust.


  • Always verify requests for wire or ACH transfers received by email. Call the vendor requesting the payment, and use known numbers to validate all requests that you've received by email.
  • Match up requests with known invoices.
  • Use dual approval for payments.
  • Create policies and procedures for ACH and wire transactions for your company. 
  • Don't be afraid to question suspicious requests or transactions. A one-minute phone call can be all it takes to protect your company.
  • Share this information with anyone in your organization authorized to make wire or ACH transfers. Ask your employees to be aware of fraudulent emails.

What you need to know about electronic fraud

Electronic fraud is just like any other type of fraud. It involves a criminal pretending to be someone they're not. In the electronic world, this can be emails with forged addresses or websites made to look like real businesses. These false solicitations usually ask you to “update your account information.” They often request personal information like Social Security numbers and credit card numbers. Once they have this information, it's easy for an experienced criminal to create a false identity by using your name and credit.

The technology behind these crimes is complex, but preventing them is easy. Never give out sensitive personal information online unless you're absolutely sure you can trust the site. Never send out sensitive information in an email.

If BB&T ever asks for sensitive account information online, we use one of our secure, online contact forms or the secure message feature of BB&T online banking. If you're uncomfortable with giving any financial data online, you can always contact us at BB&T Phone24, 800-BANK-BBT (800-226-5228). Or simply visit your local branch.

BB&T does occasionally conduct surveys. But we won't contact you by email and offer to pay you for your feedback. And we'll never ask you to verify your account information or Social Security number by email as part of a survey.

Beware of fraudulent emails

Fraudulent emails can appear to come from a legitimate source, such as a well-known company, bank, manager, executive, online payment service or government organization. Be wary of what you read—messages can be very convincing. Scammers register web addresses that look like real sites. They also copy logos, content and supporting links from legitimate sites. Even the "From" address can be masked. This makes their emails look like they're from a company you trust.

Be suspicious of any message threatening dire consequences, promising a reward or asking you to provide personal or company information. Ask yourself, "Do I know the sender? Am I expecting a message from this company? Did I ask for something that would result in a response from this organization?" If you don't know the sender or weren't expecting a message, it could be a fraudulent email.

4 simple rules to help protect yourself

Keep these simple rules in mind to better protect yourself against email fraud:

  1. Never send sensitive personal or financial information through email.
  2. Don't open email attachments unless you trust the source.
  3. Don't follow links in an email asking for sensitive personal or account information, even if the source looks familiar.
  4. Ask questions. If you're suspicious, call the company that the email appears to be from, and ask about the message.

Examples of common email scams

Most email scams will ask you to send money, cash checks, provide information or establish business relationships.

Nigerian letter

This scam is appealing because it promises fast cash. Also known as an "advance-fee" or "419" scam, the locations have changed over time, but the concept remains basically the same.

Here's how it works: The email usually starts off by saying that a wealthy individual in another country has died and left a large amount of money that's available to be transferred. The message then encourages the recipient to participate in the transfer in return for a share of the funds.

For example, the email may say something like: "To release funds we are looking for an overseas partner into whose account we would transfer the sum of $21 MIL. We have agreed to share 1.2% with the account holder."

Over time, the sender may ask for additional funds to cover taxes, bribes and legal fees that will be reimbursed once the funds are transferred. The sender may even encourage travel to the country in question to complete the transaction.

If you have lost money to one of these schemes, contact your local US Secret Service field office.

Lottery winnings

This scam appeals to one's sense of being lucky. An email will arrive notifying the recipient that they've won a lottery. The email may even mention a legitimate lottery organization. There is usually a request to keep the winnings a secret. The email then asks that a claims agent (or some other official-sounding person) be contacted to arrange payment. Once those conversations start, there is usually a request for funds to cover taxes, legal fees or other processing costs.

Keep in mind:

  • Unless you bought a lottery ticket, you aren't going to win
  • Legitimate lottery organizations don't charge fees
  • Most of these emails come from free email accounts such as Yahoo, Hotmail, Gmail, MSN or those associated with an Internet service provider

Check-cashing schemes

Check-cashing schemes may take the form of an email indicating that the sender wants someone to cash checks in return for keeping a portion. It may say, "I will send a check made payable to you drawn on XYZ Bank in the amount of $10,000. All you have to do is deposit it. In return for doing this, you can keep $1,000 and wire $9,000 back to me."

This scam is usually promoted through emails but may also be found on job listing sites. Often, the original check and the scam artist are from overseas.

The check may look real, but in reality, there is no account or the account has insufficient funds to cover the check. Because of the way check clearing works, funds are probably available to be transferred out before the incoming check actually clears. In this scam, the victim wires the $9,000 to the thief and a couple of days later receives word that the check has bounced. The result is a loss of $9,000.

Refund scams

These scams can take many forms but usually involve an email indicating that the recipient has a refund due, but needs to provide information to speed the processing of the refund. The scam artists may claim to represent the IRS, state tax officials or a well-known business or retail establishment.

The email directs the recipient to a website that may look legitimate but is, in fact, a spoof. Once there, the person will be asked to provide various forms of personal information, such as Social Security number, credit card number or account information so the refund can be directly deposited.

Providing this information is dangerous. Once in the hands of a fraudster, it can lead to credit card fraud, unauthorized access to your financial accounts or identity theft.

The IRS and most state taxing authorities don't use email for such correspondence. Commercial establishments may use email, but you should be very wary of emails like this. Before providing the information online, contact the establishment by phone to make sure the request for information is legitimate.

Financial account confirmation scams

Emails that request sensitive information are often called phishing emails. They often take the form of a message from a financial institution asking for the recipient to provide their account information because of a computer error. Reasons for the request include "system upgrades" and "enhanced Internet security initiatives."

The recipient is usually directed to a website that may look legitimate but isn't. The information requested may include account numbers, user names, access codes and passwords. All of this information is dangerous in the hands of scam artists.

BB&T will never ask for this type of information in an unexpected email. If you receive this type of phishing email, contact us immediately.

Related topics

ATM Security  (Article)

If you plan to use ATMs as a convenient way to conduct financial transactions, you must make electronic banking security a priority.

Online Security Measures  (Article)

BB&T uses Internet security technology to protect our clients' personal information when it's transmitted online.

Phishing  (Article)

Protect yourself from scams that could trick you into providing confidential information, and learn what to do if you do get "phished."

Protecting Your Internet Activities and Electronic Data  (Article)

With more financial activity occurring online than ever before, it's essential to know how to reduce the risks to your data.

Branch Banking and Trust Company, Member FDIC.

New York City residents: Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at

Branch Banking and Trust Company is now Truist Bank. Learn more.

BB&T and SunTrust have merged to become Truist. Both institutions will continue to offer independent product lines for a period of time. This may include differing underwriting guidelines, product features, terms, fees and pricing. Our friendly teammates at your local SunTrust branches will be happy to walk you through their respective products. You can also learn more by contacting them at 800-SUNTRUST or

BB&T Complete Client Protection

about Truist Bank