Skip to main content
Federal Deposit Insurance Corporation
FDIC-Insured - Backed by the full faith and credit of the U.S. Government
Please Enter User ID
Go
Privacy and Security

Phishing Threats

Phishing attempts are on the rise, and it is important to familiarize yourself with the different attempts in effort to protect private and sensitive information.

Phishing
Phishing is the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messaging. The attacker's goal is to steal money, gain access to sensitive data and login information, or to install malware on the victim's device. 
Smishing
Smishing is a cyber-attack that targets individuals through SMS (Short Message Service) or text messages. In a smishing attack, cybercriminals send deceptive text messages to lure victims into sharing personal or financial information, clicking on malicious links, or downloading harmful software or applications.
Vishing
Vishing, short for voice phishing, refers to fraudulent phone calls or voice messages designed to trick victims into providing sensitive information, like login credentials, credit card numbers, or bank details. These details can then be exploited for criminal activities such as fraud, identity theft, or financial theft.

How Does a Smishing Attack Work? 

  • You receive a text message, possibly from a spoofed number that makes it seem as though it's coming from a legitimate business or individual, perhaps even one you're familiar with, such as your bank .
  • The message describes an urgent issue with one of your accounts, asking you to verify information to resolve it.
  • You respond either by clicking on a link, calling a phone number provided, or handing over credentials to clear up the error.
  • You could be directed to a phony website or call center that seems legitimate and be prompted to provide sensitive information or download some type of malware.
  • If you download the malware, you've granted the attacker access to your device. Any personal information you provide can be used to steal your identity and login to your accounts.

The information cybercriminals are after in smishing attacks includes:

  • Social Security numbers
  • Credit or debit card numbers
  • Home Addresses, specifically zip codes, which allows use of your card if they already have the number.
  • Login information
  • Device and network information

How To Prevent Smishing

Smishing prevention for individuals includes:
  • Be cautious of unknown texts using grammatically incorrect language
  • Avoid clicking on links within text messages
  • Do not respond to texts appearing to be from a financial institution asking you to update your account information or provide personal information
  • If you get a message that looks to be from a bank or a company with whom you do business with, call the business directly from the phone number found on their website, not the phone number provided in the text
  • Never click a link or call the phone number provided in a message if you're unsure whom it's from

If you suspect you have been a target of a phishing attempt that uses IBC Bank's name and received a suspicious email or text message, DO NOT reply. Instead, forward the content to reportscam@ibc.com DO NOT forward any personal account information.

If you have any fraudulent activity on your IBC account or provided personal information to a phishing attempt, please call or visit your local IBC Branch immediately. If you need assistance in forwarding a suspicious email or text, please call or visit your local IBC Branch for help.

Other ways to report phishing:
Check with your local carrier for other methods to block and report suspicious text or phone calls. You can also forward a suspicious text message to the Anti-Phishing Working Group at reportphishing@apwg.org or report it to the FTC. Go to the Federal Trade Commission or IdentityTheft.gov to learn more.

Remember, It is not IBC Bank's practice to:

  • Send email or text that requires you to enter personal information directly into the email or text
  • Send email, text or call threatening to close your account if you do not take the immediate action of providing personal information
  • Send email or text asking you to reply by sending personal information
  • Share your name with any contacts outside our firm in a manner inconsistent with our Privacy Policy.

 

DON'T LET A FRAUDSTER STEAL YOUR MONEY! 


About Fraud & Scams
How do scams usually start?
Most scams begin with an email, text message, or phone call that looks or sounds like it comes from a trusted source—such as your bank, a business, or a government agency.
Can scams really happen that fast?
Yes. Some scams can unfold very quickly—sometimes within minutes—especially if the scammer creates urgency or pressure.


Phone Calls, Emails & Text Messages
Can scammers make a call look like it's coming from my bank?
Yes. Scammers can "spoof" caller ID so the phone number appears to be your bank's real number.
What should I do if I get a scary message saying my account is at risk?
Pause. Do not click links, do not share information, or do not act immediately. Contact your bank directly using the phone number on your debit card or official website.
Are fraud alert text messages always legitimate?
Not always. Scammers often send fake fraud alerts to trick you into responding or clicking a link.


Passwords, Passcodes & Security
Will the bank ever ask for my password or one time passcode?
No. Your bank will never ask for your full password or one time security codes by phone, text, or email.
Why are one time passcodes so important?
These codes are designed to protect your account. If a scammer gets them, they may be able to access your account or approve transactions.
What information are fraudsters trying to obtain?

  • Online banking passwords
  • One time passcodes or tokens (OTP/MEA codes)


Wires & Money Transfers
What is a wire fraud scam?
A scammer tricks you into sending money—often claiming it's urgent or necessary to protect your account.
What is "authorized payment" fraud?
This happens when a scammer convinces you to approve or send money yourself, even though the request is fraudulent.
Why is it hard to recover money once it's sent?
Scammers move funds quickly through multiple accounts, often making recovery difficult or impossible.


Common Scam Tactics
Why do scammers try to rush me?
Urgency prevents you from stopping to verify information or contacting the bank independently.
Why would a scammer tell me NOT to contact the bank?
That's a red flag. Scammers want to isolate you so the fraud isn't discovered.
What phrases should make me cautious?

  • "Act now or funds will be lost"
  • "This is confidential—don't tell anyone"
  • "We're protecting your account"
  • "You will be reimbursed later"

If You Suspect Fraud
What should I do if I think I'm being scammed?
Stop the interaction immediately and contact your bank using a trusted phone number.
What if I already shared information or sent money?
Contact your bank right away. Acting quickly improves the chance of protecting your account.
Will my account need changes after fraud?
Yes. This may include changing passwords, updating security settings, and reviewing recent activity.

How You Can Protect Yourself
What are the best ways to stay safe?

  • Slow down—never act under pressure
  • Verify requests using trusted contact methods
  • Never share passwords or passcodes
  • Be cautious with links, attachments, and urgent messages

What preventative controls are in place?

  • Multi‑wire feature removed
  • Stronger password requirements
  • Enabled Q2 Sentinel - Automated fraud detection tool to identify anomalies for High-Risk transactions (ACH & Wires).  If a transaction is flagged, the transaction is placed on HOLD until it is reviewed and approved by fraud team and/or the TMO and customer.


Important Reminder!
We are your bank and we have this information. IBC Bank will NEVER:

  • Ask for your full password
  • Ask for one time passcodes
  • Pressure you to act immediately
  • Tell you not to contact the bank directly