Don't Take the Bait: How to Avoid a Phishing Scam

May 16, 2019

As a reminder, if Bank Iowa contacts you, we will never ask for your full card or account number, PIN number, access code or sensitive information like your online banking login ID or password.

If you are uncomfortable about any request for your Bank Iowa account information, do not respond and instead call your local Bank Iowa location for further assistance.

Phishing happens when a cybercriminal contacts a consumer by email, telephone or text message posing as a legitimate person or institution. The goal is to lure consumers into providing sensitive data, such as personally identifiable information, banking or credit card details and passwords. The fraudsters then use this information to access the consumers’ accounts or steal their identity.  

How to spotting a phishing scam

The following red flags can help you spot a phishing scam before you get hooked:

  • If the offer is too good to be true, it probably is.
  • Beware of offers or requests that instruct you to act immediately.
  • Pause before clicking hyperlinks. Hovering over a link shows you the actual URL where you will be directed when you click; if it’s an unusual or misspelled website, don’t click.
  • Never open attachments in an email you weren’t expecting or if it seems at all suspicious.
  • If the message is from someone you don’t recognize, it’s better to ignore it.
  • If the message is from someone you recognize, but something feels off (maybe they are requesting a wire transfer), double check by giving your contact a call.

How to preventing falling victim

Below are three important ways to safeguard yourself from phishing attacks:

  1. When in doubt, call. If an email, text or call you receive from a bank or other institution you do business with seems suspicious in any way, call using a phone number you know is legitimate. Remember, reputable businesses will never ask you disclose information they already know.
  2. Keep your security software up to date. Security patches for devices, browsers and other software are released regularly in response to vulnerabilities that hackers will inevitably discover and exploit. The minute an update is available, download and install it. Also install and periodically update firewalls and antivirus software.
  3. Use a secure access code. Secure access codes, like the one provided by Bank Iowa to protect our customers from hackers, are recommended by the Federal Trade Commission (FTC). To require a secure access code each time someone attempts to access your online banking, clear your cookies from your Internet browser. This will prompt the secure access code upon login. Next, click "Do Not Register Device" to ensure you will need a code the next time you log in.

How to report phishing attempts

If you receive a phishing email, text or call, you can take the following steps to report the incident and possibly prevent someone else from falling victim:

  • Forward phishing emails to
  • File a scam/phishing complaint with the FTC at
  • Visit Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
  • You can also report phishing to the Anti-Phishing Working Group at This group of Internet service providers, security companies, financial institutions and law enforcement agencies use reports to fight phishing.
  To learn more about how to avoid phishing scams, take this interactive quiz from the FTC. If after reading this information, you have any concerns please contact your local Bank Iowa or call us at 844.226.5421.