Email purporting to be an Activity Summary from US-based bank SunTrust claims that the recipient’s contact information has been updated and that he or she can click a link to view the updates.
The email is not from SunTrust. It is a phishing scam designed to trick recipients into divulging their account details and other personal information to cybercriminals.
Subject: Your SunTrust Activity Summary
Your contact information has been updated
We have updated your Suntrust Bank contact information:
To view the updates, or make additional updates, sign on to update your contact information.
If you did not make this request online, by phone, or at a Suntrust branch, please call us immediately at 1-800-330-4684 for personal banking and for small business banking. We are available 24 hours a day, 7 days a week. Please do not reply to this email.
Note: If you use Bill Pay, you will need to update your contact information for that service separately. You’ll find a link on the right side of the Update Your Contact Information screen.
This email, which masquerades as an Activity Summary from US bank SunTrust claims that the recipient’s contact information has been updated. The message states that the recipient can view this supposed update by clicking a link and signing in to his or her account. The message includes the SunTrust logo and message formatting.
However, the email is not from SunTrust Instead it is an attempt by phishing scammers to trick SunTrust customers into sending their account login details and other personal information to Internet criminals. The scammers hope that some recipients will be panicked into believing that their account has been compromised and therefore follow the link without due forethought.
Those who fall for the trick and click the link will be taken to a bogus website that is virtually identical to the genuine SunTrust login page. Once they provide their user ID and password on the bogus site, they will be taken to a second bogus page that asks for further banking details as well as email account information:
All of the information submitted can be collected by scammers and used to hijack bank and email accounts belonging to victims.
This phishing attempt is somewhat more sophisticated than some. Many banks will send an automatic email to customers if account details have been updated so the message may resemble genuine banking messages that the user has received in the past. Moreover, the bogus site even displays a fake data verification message after users enter the requested information in an attempt to make the process seem more legitimate. Finally, victims are automatically redirected to the genuine SunTrust website and shown a message notifying them that have successfully signed out of the banking session. Thus, users may continue to believe that they have successfully verified their account details and may not realize that they have handed their accounts to criminals until it is far too late.
Never click links or open attachments in unsolicited emails purporting to be from your bank. Even if the email looks genuine. The safest way is to always log in to your online accounts by entering the web address into your browser’s address bar rather than by clicking an email link. If you receive a scam email pretending to be from SunTrust, you can report it to the bank.