Tech Tips

February 12, 2020

Received an Email Alert from Your Bank? Don't Click the Link—Do This Instead

If you get a "Security Alert" from your bank, it may be a phishing email in disguise. To avoid the trap, don't click the link in the email – instead, use a simple workaround.

Phishing emails have become so sophisticated that they can mimic a banking website … down to its authentication process.

The latest scam targeted Citibank customers. Full details: 

Whoever set this up put in some serious effort. The scam email sends you to a website that looks so much like Citibank's, it astounded cybersecurity professionals. The phony website even used "authentication" methods…stealing your personal information at every step.

How do you avoid falling victim to a phishing email like this?  The easiest way is to bypass the email entirely.

If you see an email alert from your bank you didn't expect, don't click anything in the email. Switch to your Web browser, and go to your bank's website directly. Log in to your account like normal, and check it for any alerts. They will show up under News, Alerts, or a notification pop-up.

If you don't see anything there, the "alert" email was a phishing attempt. Delete it, congratulate yourself on good Cyber Fu, and go about your day.


Do you have a cybersecurity question you want answered? Send it in to and it may show up in our next "Cyber Fu Tip."