Fake Chime / SoFi / Ally Bank / Marcus online-only digital bank account suspended, locked, or unauthorized transaction phishing — fraudulent email impersonating Chime, SoFi Bank, Ally Bank, or Marcus by Goldman Sachs claiming the recipient's digital banking account has been temporarily suspended, locked for suspicious activity, or that an unauthorized transaction was detected — directing them to sign in, verify identity, or secure their account through a credential-harvesting portal; Chime 22M+ account holders; SoFi 9M+ members; Ally Bank 11M+ customers; Marcus 10M+ customers; online-only banks rely exclusively on digital communication — users receive all alerts by email and are less suspicious of security notifications sent this way

Phishing emails impersonating Chime, SoFi Bank, Ally Bank, or Marcus by Goldman Sachs claiming the recipient's online-only digital banking account has been temporarily suspended, locked for suspicious activity, or that an unauthorized transaction was detected — directing them to sign in, verify identity, or secure their account through a credential-harvesting portal. Key facts: (1) Online-only digital banks have grown enormously in the last five years: Chime has 22M+ account holders making it the largest US neobank; SoFi has 9M+ members offering banking, investing, and loans under one login; Ally Bank has 11M+ customers with high-yield savings and checking accounts; Marcus by Goldman Sachs has 10M+ customers with savings products; (2) Digital bank customers are specifically more susceptible to email-based account security alerts: because these banks have no physical branches, all customer service, security alerts, and account management happen digitally — email is the expected channel for account communications, so recipients are pre-conditioned to act on security emails without the backup verification option of walking into a branch; (3) The demographic profile of neobank customers creates specific vulnerabilities: Chime users skew younger (18-35) and lower-income, relying on Chime direct deposits as their primary banking — a suspended account means inability to access their paycheck, creating extreme urgency; Ally and Marcus users tend to have higher savings balances ($50K+) making them high-value individual targets for credential theft; (4) Online bank credential theft enables immediate access to checking/savings balances, ACH transfer capabilities, debit card details, and connected investment accounts — all within one login. Warning signs: sender domain not chime.com, sofi.com, ally.com, or marcus.com; digital banks never send security emails from non-company domains; any email with a link to 'verify your digital bank account' should be accessed only via the official app.