Education Center

Fraudulent emails

Stay on guard for fake emails and websites that have been designed to steal your financial information. You can help protect yourself from this kind of fraud by familiarizing yourself with the following information and advice.

Exercise caution

If you received an email message that appeared to be from BB&T and requested confidential personal information, know that it was disguised to look like a legitimate message but didn't come from BB&T.

Fraudsters will request payments or give new account numbers for future payments. The email requests may look like regular communication between you and another party or even be inserted into an ongoing conversation. The email requests will often have a sense of urgency that plays on your desire to quickly resolve a potential problem.

BB&T does not solicit confidential client information this way. These messages are fraudulent, and they aren't from BB&T. If you happen to get one, don't respond to it, and don't click any of the links in the message.

If you've already responded to one of these messages—or have reached a site that appeared to be BB&T online banking after following a link in one of these emails—please call 888-BBT-ONLINE (888-228-6654) immediately.

Report phishing emails

Report suspicious email that uses the BB&T brand by forwarding the email to us at InternetFraud@BBandT.com.

Protect your yourself and your organization

Fraudsters rely on social engineering to prey on the expected behavior of an employee to open an email, click on a link or open an attachment because the email appears to come from an executive or senior manager.

Criminals also target employees in an attempt to gain sensitive or confidential information directly from the messages. They can determine with whom your company does business, and then exploit employees by sending them emails appearing to come from business associates.

Overall, criminals have found it easier to profit from trusted relationships than try to hack into a company. Exploiting that trusted relationship—whether it's with a senior manager, executive or trading partner—is easier when they pose as somebody you trust.

Remember:

  • Always verify requests for wire or ACH transfers received by email. Call the vendor requesting the payment, and use known numbers to validate all requests that you've received by email.
  • Match up requests with known invoices.
  • Use dual approval for payments.
  • Create policies and procedures for ACH and wire transactions for your company.
  • Don't be afraid to question suspicious requests or transactions. A one-minute phone call can be all it takes to protect your company.
  • Share this information with anyone in your organization authorized to make wire or ACH transfers. Ask your employees to be aware of fraudulent emails.

What you need to know about electronic fraud

Electronic fraud is just like any other type of fraud. It involves a criminal pretending to be someone they're not. In the electronic world, this can mean emails with forged addresses or websites that are designed to resemble legitimate businesses. Typically, these false solicitations ask you to “update your account information.” They often request personal information like Social Security numbers and credit card numbers. Once they have this information, it's easy for an experienced criminal to create a false identity by using your name and credit.

While the technology behind these crimes is complex, preventing them is easy. Never give out sensitive personal information online unless you're absolutely certain you can trust the site, and never send out sensitive information in an email.

All electronic contact with BB&T, through which we might request sensitive account information, is done either from one of our secure, online contact forms or inside the secure message feature of BB&T online banking. If you're uncomfortable with transmitting any financial data online, you always have the option to contact us at BB&T Phone24, 800-BANK-BBT (800-226-5228), or to visit your local branch.

BB&T does occasionally conduct surveys. However, we won't contact you by email for your feedback in return for a cash incentive. Also, in any survey, BB&T will never ask you to verify your account information or Social Security number by email.

Beware of fraudulent emails

Fraudulent emails can appear to come from a legitimate source, such as a well-known company, bank, manager, executive, online payment service or government organization. Be wary of what you read—messages can be very convincing. Scammers register web addresses similar to real sites and also copy logos, content and supporting links from legitimate sites. Even the "From" address can be masked, making emails appear to originate from a company.

Be suspicious of any message threatening dire consequences, promising a reward or asking you to provide personal or company information. Ask yourself, "Do I know the sender? Am I expecting a message from this company? Did I initiate action that would result in a response from the organization?" If you don't know the sender or weren't expecting a message, it could be a fraudulent email.

4 simple rules to help protect yourself

Keep these simple rules in mind to better protect yourself against email fraud:

  1. Never send sensitive personal or financial information through email.
  2. Don't open email attachments unless you can trust the source.
  3. Don't follow links in an email asking for sensitive personal or account information, even if it looks like the source is one you know.
  4. Ask questions. If you're suspicious, call the company that the email appears to be from, and ask if it's legitimate.

Examples of common email scams

Most email scams involve requests to send money, cash checks, provide information or establish business relationships.

Nigerian letter

This scam is appealing because it promises fast cash. Also known as an "advance-fee" or "419" scam, the locations have changed over time, but the concept remains basically the same.

Here's how it works: The email usually starts off by saying that a wealthy individual in another country has died and left a large amount of money that's available to be transferred. The message then encourages the recipient to participate in the transfer in return for a share of the funds.

For example, the email may say something like: "To release funds we are looking for an overseas partner into whose account we would transfer the sum of $21 MIL. We have agreed to share 1.2% with the account holder."

Over time, the sender may ask for additional funds to cover taxes, bribes and legal fees that will be reimbursed once the funds are transferred. The sender may even encourage travel to the country in question to complete the transaction.

If you have lost money to one of these schemes, contact your local US Secret Service field office.

Lottery winnings

This scam appeals to one's sense of being lucky. An email will arrive notifying the recipient that they've won a lottery. The email may even mention a legitimate lottery organization. There is usually a request to keep the winnings a secret. The email then asks that a claims agent (or some other official-sounding person) be contacted to arrange payment. Once those conversations start, there is usually a request for funds to cover taxes, legal fees or other processing costs.

Keep in mind:

  • Unless you bought a lottery ticket, you aren't going to win
  • Legitimate lottery organizations don't charge fees
  • Most of these emails come from free email accounts such as Yahoo, Hotmail, Gmail, MSN or those associated with an Internet service provider

Check-cashing schemes

Check-cashing schemes may take the form of an email indicating that the sender wants someone to cash checks in return for keeping a portion. It may say, "I will send a check made payable to you drawn on XYZ Bank in the amount of $10,000. All you have to do is deposit it. In return for doing this, you can keep $1,000 and wire $9,000 back to me."

This scam is usually promoted through emails but may also be found on job listing sites. Often, the original check and the scam artist are from overseas.

The check may look real, but in reality, there is no account or the account has insufficient funds to cover the check. Because of the way check clearing works, funds are probably available to be transferred out before the incoming check actually clears. In this scam, the victim wires the $9,000 to the thief and a couple of days later receives word that the check has bounced. The result is a loss of $9,000.

Refund scams

These scams can take many forms but usually involve an email indicating that the recipient has a refund due, but needs to provide information to speed the processing of the refund. The scam artists may claim to represent the IRS, state tax officials or a well-known business or retail establishment.

The email directs the recipient to a website that may look legitimate but is, in fact, a spoof. Once there, the person will be asked to provide various forms of personal information, such as Social Security number, credit card number or account information so the refund can be directly deposited.

Providing this information is dangerous. Once in the hands of a fraudster, it can lead to credit card fraud, unauthorized access to your financial accounts or identity theft.

The IRS and most state taxing authorities don't use email for such correspondence. Commercial establishments may use email, but you should be very wary of emails like this. Before providing the information online, contact the establishment by phone to make sure the request for information is legitimate.

Financial account confirmation scams

Emails that request sensitive information are often called phishing emails. They often take the form of a message from a financial institution asking for the recipient to provide their account information because of a computer error. Reasons for the request include "system upgrades" and "enhanced Internet security initiatives."

The recipient is usually directed to a website that may look legitimate but isn't. The information requested may include account numbers, user names, access codes and passwords. All of this information is dangerous in the hands of scam artists.

BB&T will never ask for this type of information in an unexpected email. If you receive this type of phishing email, contact us immediately.

Related topics

ATM security

If you plan to use ATMs as a convenient way to conduct financial transactions, you must make electronic banking security a priority.

Internet activity and electronic data protection

With more financial activity occurring online than ever before, it's essential to know how to reduce the risks to your data.

Phishing

Protect yourself from scams that could trick you into providing confidential information, and learn what to do if you do get "phished."

Online security measures

BB&T uses advanced Internet security technology to protect our clients' personal information when it's transmitted online.

Branch Banking and Trust Company, Member FDIC.