Skip to main content


What it is and what you can do to protect yourself

Phishing is a scam that uses email messages to either install malware or other malicious software onto your computer or deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information via phony websites.

Back to Security Center

To help protect your personal information, we maintain physical, electronic, and procedural safeguards.

A phishing scam begins with an email or pop-up message being sent to a potential victim that claims to be from a legitimate business or organization you deal with as, for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message will usually state that you need to "update" or "validate" your account information and request that you follow the link included within the e-mail. Typically, these messages will threaten some dire consequence if you don't respond in an attempt to lure you into responding. The message directs you to a Web site that looks just like that organization's site, but it isn't. The purpose of the site is to trick you into divulging your personal information so the operators can steal your identity and access your account to make unauthorized transactions or commit crimes in your name.

Another method frequently relied upon is to download malicious software onto your PC. In these instances, you are asked to either open an attachment to the email or once again, click on a link that has been included. In either case, once your PC has been infected, it can be quite difficult to detect without the proper anti-virus/malware software. Be aware and cautious when opening an attachment, responding to an email, clicking on a link or pop-up message or replying to a text message from known or unknown senders that ask you to verify personal or account information, such as passwords, Social Security numbers, personal identification numbers (PINs), credit or debit card numbers, or other confidential information.

While we maintain physical, electronic, and procedural safeguards to protect your information; it is equally important that you be aware of the existence of these phishing emails, and that you notify us of any suspicious email you might receive that purports to be from the bank. Your greatest defense is awareness of these types of fraudulent activities. If you receive what appears to be a suspicious email claiming to be from the NYCB Family of Banks, please forward it to: