Fake bank fraud alert credential phishing — non-official sender impersonates Chase, Bank of America, Wells Fargo, Citibank, or other major banks claiming unusual, suspicious, or fraudulent activity has been detected on the recipient's account and directing them to verify credentials (PIN, account number, routing number, password, SSN) through a phishing link or call, enabling full account takeover

Phishing emails impersonating Chase, Bank of America, Wells Fargo, Citibank, US Bank, Capital One, or other major financial institutions claiming the recipient's bank account has been flagged for suspicious activity, unauthorized access, fraudulent transactions, or policy violations — and directing them to verify credentials (PIN, account number, routing number, password, online banking login, or SSN) through a phishing link or by calling a spoofed number. Bank account takeover leads to unauthorized wire transfers, ACH withdrawals, or new account opening in the victim's name. Key facts: (1) FBI IC3 2023: phishing/spoofing caused $18.7 billion in losses — bank impersonation is the most common form of financial phishing; (2) Legitimate banks never ask for PINs, full account numbers, routing numbers, or passwords via email — security verification is done through the bank's official app or by calling the number on the back of your card; (3) "Account will be suspended in X hours" urgency framing is a social engineering technique designed to prevent the victim from calling the real bank first; (4) Credential harvesting portals replicate bank login pages using cloned HTML and are hosted on lookalike domains (chase-secure.net, bankofamerica-alerts.com). Warning signs: sender domain not matching official bank domain, urgency about account suspension or fraud, request to verify PIN or routing number by email, links to non-official domains.