Woman looking at computer

Can You Spot a Phishing Scam?

It may be harder than you think.

Every day, thousands of people fall victim to fraudulent emails, texts and calls from scammers pretending to be their bank. As online banking grows, this problem is getting worse.


We want our clients to spot a phishing scam easily — and stop bank fraudsters immediately. It starts with these four words: Banks Never Ask That. Review these red flags to know what sounds suspicious because the more you know the less likely you’ll be deceived:

  • Text: If you receive a text message from someone claiming to be your bank asking you to sign in, or offer up your personal information, it’s a scam. Banks never ask that.
  • Email: Watch out for emails that ask you to click a suspicious link or provide personal information. The sender may claim to be someone from your bank, but it’s a scam. Banks never ask that.
  • Call: Would CBB ever call you to verify your account number? No! Banks never ask that. If you’re ever in doubt that the caller is legitimate, just hang up and call the bank directly at a number you trust.


You can prepare yourself and your business against phishing scams if you know what to look for. At Community Bank of the Bay, we’re committed to helping you protect your personal information and financial accounts. Follow these simple steps to secure your bank account:

  • Set up multi-factor authentication (MFA) on your online banking and email login.
  • Use random and complex passwords. Change your passwords often.
  • Call CBB directly, or log in to your online banking account, to verify messages or emails received.
  • Keep your browser and computer up-to-date with virus protection and malware alerts.
Graph showing loss to phishing 2018, 2019 and 2020

Did you know?

Americans lost $3.3 billion to phishing and other fraud in 2020, a 2x increase from 2019.
Source: Federal Trade Commission 2021

Think you can spot a scam?

Take the #BanksNeverAskThat quiz and find out.


Take The Quiz

Frequently Asked Questions

Phishing is a type of online scam where criminals send fraudulent emails, phone calls and texts that appear to come from a legitimate bank. Every year, people lose hundreds, even thousands, of dollars to these scams. The message is designed to trick you into entering confidential information (like account numbers, passwords, PINs or birthdays) into a fake website by clicking on a link or telling it to someone pretending to be from your bank on the phone.

Email or Text:

If you suspect that an email or text you receive is a phishing attempt:

  • Take a deep breath. In most cases, it’s perfectly safe to open a scam email or text. Modern mail apps, like Gmail, detect and block any code or malware from running when you open an email. The key is not to click links or download any attachments. 
  • Do not download any attachments in the message. Attachments may contain malware such as viruses, worms or spyware.
  • Do not click links. Links in phishing messages direct you to fraudulent websites. These websites may look similar to CBB’s website, but it is not real.
  • Do not reply to the sender. Ignore any requests from the sender and do not call any phone numbers provided in the message. 
  • Report it. Help fight scammers by reporting them. Forward suspected phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. If you received a phishing text message, forward it to SPAM (7726). Then, report the phishing attack to the FTC at reportfraud.ftc.gov.


If you receive a phone call that seems to be a phishing attempt:

  • Hang up or end the call. Be aware that area codes can be misleading. If your Caller ID displays a local area code, this does not guarantee that the caller is local.
  • Do not respond to the caller’s requests. Financial institutions and legitimate companies will never call you to request your personal information. Never give personal information to the incoming caller.
  • If you feel you’ve been the victim of a scam, and you did provide personal or financial information, contact CBB immediately at 510-433-5400. Be sure to include any relevant details, such as whether the suspicious caller attempted to impersonate a bank employee and whether you provided any personal or financial information to the suspicious caller.

1. Contact CBB immediately.

  • Speak with Client Services and explain that someone has stolen your identity.
  • Request to close or freeze any accounts that may have been tampered with or fraudulently established.
  • Change your online login credentials, passwords and PINs.

2. Secure your email and other communication accounts

  • Many people reuse passwords and your email or cell phone account may be compromised as well.
  • Immediately change your accounts’ passwords and implement multi-factor authentication (MFA) — a setting that prevents cybercriminals from accessing your accounts, even if they know your password — if you haven’t already done so.

3. Check your credit reports and place a fraud alert on them

  • Get a free copy of your credit report from annualcreditreport.com or call 877-322-8228.
  • Review your credit report to make sure unauthorized accounts have not been opened in your name.
  • Report any fraudulent accounts to the appropriate financial institutions.
  • Place a fraud alert on your credit by contacting one of the three credit bureaus. That company must tell the other two.
  • – Experian: 888-397-3742 or experian.com
  • – TransUnion: 800-680-7289 or transunion.com
  • – Equifax: 888-766-0008 or equifax.com

4. Contact ChexSystems at 888-478-6536 to place a security alert on the compromised checking and savings accounts when a deposit account has been impacted. Or, make your report to ChexSystems online.

5. Contact the Federal Trade Commission to report an ID theft incident: visit identitytheft.gov or call 877-438-4338.

6. File a report with your local law enforcement and get a copy of the report to submit to your creditors and others that may require proof of the crime.