Fake major US bank account suspended phishing — non-official sender impersonates Chase, Wells Fargo, Bank of America, Citibank, Capital One, or another major bank falsely claiming the recipient's account has been suspended, locked, frozen, or restricted due to suspicious or unauthorized activity, and directing them to click a link to verify their identity or restore access through a credential-harvesting portal

Phishing emails impersonating major US banks — Chase, Wells Fargo, Bank of America, Citibank, Capital One, TD Bank, PNC, Barclays, HSBC — falsely claiming the recipient's account has been suspended, locked, restricted, or frozen due to suspicious activity or an unauthorized transaction, and directing them to click a link to verify their identity or restore account access through a credential-harvesting portal. Bank account phishing is among the top-3 most common phishing categories by volume. Key facts: (1) Bank impersonation phishing is the #2 most reported phishing type to the FTC after government impersonation; banks collectively lose over $10B annually to account takeover fraud, much initiated through phishing; (2) Chase, Bank of America, and Wells Fargo are consistently the top-3 most impersonated bank brands in phishing emails (Verizon DBIR 2024, APWG 2024); (3) Legitimate bank security alerts arrive from verified bank domains, never link to external verification portals, and never ask users to enter full credentials through email links — legitimate banks direct users to their official app or website directly; (4) Account takeover attacks enabled by bank phishing involve credential harvesting followed by rapid fund transfers, new payee additions, and debit card control changes — median ATO loss per victim exceeds $500. Warning signs: non-bank domain sender, urgency about account being locked, click-to-verify link, request to enter full account credentials.