Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
Leaving Website

You are now leaving and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

How to Stay Safe From Online Banking Scams

Criminals may target older adults who are managing accounts digitally

spinner image Man using online banking with credit card on touch screen device.
Getty Images

The COVID-19 pandemic has spurred older adults to rely more on digital banking, using computers and smartphones to move money across accounts, pay bills or deposit checks.

A June survey by digital payments provider Zelle found that 82 percent of consumers ages 55 to 72 who have a smartphone and a checking or savings account are doing more of their banking online. Fifty-five percent are using mobile tools to manage their accounts more often.

spinner image Narrow Letter A

Watchdog Alerts

Sign up for biweekly updates on the latest scams.

Get Alerts

Fraud experts warn this new normal could create ripe opportunities for scammers to exploit the newer, older ranks of people banking electronically. Crooks posing as bank representatives email, call or text customers hoping to pry loose private information that gets them access to online accounts.

"We're all now digital bankers, whether you wanted to be or not,” says Donna Turner, chief operations officer at Early Warning, the parent company of Zelle. “What we see right now is this perfect storm for the bad guys to really focus and dive in."

Online banking scammers may target older people for several reasons, says Brian Krebs, a journalist who runs the respected cybercrime website KrebsOnSecurity. After decades of work, older adults are more likely to have higher incomes and greater assets. They are often perceived, fairly or not, to be less tech savvy and more inclined to answer the phone.

Isolation can also be a factor, particularly amid the pandemic, notes Amy Nofziger, director of fraud victim support at AARP. “When people are in crisis — and who's not in crisis or at an elevated emotional level right now with COVID — they actually want to connect and speak with somebody,” she says.

No Phishing

The first defense against banking scams is knowing that a reputable bank will not contact you out of the blue and ask for your Social Security number, online account password or other personal information. It won't ask for money. Anyone that does is almost certainly phishing.

3 Ways to Stay Safe From Online Banking Scams

This type of scam isn't new, but “scammers have gotten really, really sophisticated” at it, says Kathy Stokes, director of fraud prevention programs at AARP.

These scams start with an email or text that appears to come from a real financial institution, down to an authentic-looking logo. These spoofed communications carry urgent but phony warnings about problems with an account or transaction.

You might be directed to call a supposed customer service line (where you'll be pressed for personal information like a Social Security number), or to click on a link that takes you to a fake banking website. That could be a trap to infect your device with malware that allows crooks to track your keystrokes and capture account credentials.

spinner image cartoon of a woman holding a megaphone

Have you seen this scam?

  • Call the AARP Fraud Watch Network Helpline at 877-908-3360 or report it with the AARP Scam Tracking Map.  
  • Get Watchdog Alerts for tips on avoiding such scams.

Signs of phishing can include misspellings and poor grammar; email or web addresses that resemble but don't quite match the real domain (look for a switched letter or extra punctuation mark); or generic greetings like “Dear Valued Customer."

But even these clues can be tricky, Stokes says: Some fraudsters purposely put them in emails to “weed out people that would be more aware” from clicking through or calling the bogus help line.

"It's akin to a marketing strategy. Get people who are sufficiently fraud-savvy to opt out by ignoring the lure,” she says. “Those who remain are the ones that will be easier to deceive.”

See more Health & Wellness offers >

"Vishing,” or voice phishing by phone, has also gotten “orders of magnitude more sophisticated” and harder to detect, says Krebs.

For example, scammers may come armed with information about you, gleaned from social media or a prior data breach (a kind of targeted attack called "spear phishing"). They'll mention personal details like your birth date, where you work or the last four digits of your Social Security number to make their claim to be from your bank more convincing.

Know whom you're talking to

If you get a call like that, hang up immediately. Similarly, don't reply to an email or text that seems at all suspicious, and don't call a phone number listed in one.

Nor should you necessarily trust a number found via Google search, chat room or social media. For the same reason, don't ask Alexa on a smart speaker to connect you either, experts caution.

spinner image Encryption your data. Digital Lock. Hacker attack and data breach. Big data with encrypted computer code. Safe your data. Cyber internet security and privacy concept.
Getty Images

"Just about every major company is being targeted by the bad guys,” Krebs says. “They spam all these forums and you end up calling scammers for help."

To find out if there's an actual issue with your account, contact the bank via a channel you know to be legitimate, like the customer service number printed on your bank statement or the back of a debit card.

Here are some other ways to bank online safely and avoid scams:

Choose a unique account password. Don't use the same or similar passwords across multiple websites. That's “far and away the biggest source of cybercrime today. It's just epidemic,” says Krebs

Use two-factor authentication. With this extra layer of protection, you get a onetime code (via text, phone call or email) whenever you log in to your online account. But beware, because a scammer who has obtained your password through a hack or other means may try to persuade you to get a two-factor code and read it back to them, giving the criminal access to your account. “This is really, really common,” Krebs says.

Make sure you're on your bank's genuine website by typing its web address into your browser. Don’t click links from a text or email to get there, as this could be a scam message that sends you to a cloned version of your bank’s website, seeking to capture your log-in credentials.

Make sure you're using your bank's official app. Download it from a trusted source, like an official app store or your bank's website, and keep it updated. The FBI warns that rogue actors create lookalike apps that mimic those of major financial institutions in a bid to get your log-in credentials.

Read the security and privacy sections of your bank's site. Get to know about alerts and other protections the bank makes available for online customers, Turner recommends

Only bank using secure Wi-Fi, like your private home network. Public Wi-Fi is more susceptible to hacking.

Regularly review your bank statements and activity, and report anything that looks questionable to the bank, immediately.

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?

spinner image cartoon of a woman holding a megaphone

Have you seen this scam?

  • Call the AARP Fraud Watch Network Helpline at 877-908-3360 or report it with the AARP Scam Tracking Map.  
  • Get Watchdog Alerts for tips on avoiding such scams.