Woman sits at a desk and uses a laptop computer with a phishing warning on the screen.

How to Recognize Phishing Scams

06/23/2025

Recognize and protect your personal information and finances with these tips.

Phishing scams are becoming increasingly sophisticated, especially with the help of generative artificial intelligence, or AI. The technology’s rapid advancement has allowed scammers to imitate people you may already know.

Cybercriminals use phishing to target both individuals and businesses with the intent to steal sensitive information, money, or even your identity. It’s important to stay vigilant in today’s digital world to protect yourself from phishing attempts. If you think you have received a fraudulent email or text message, you can report it in your Fifth Third mobile app in the SmartShield® Dashboard.

What are the common warning signs of phishing scams? We’ll explain below, along with some tips for safeguarding your personal, professional, and financial data.

What Is Phishing?

Phishing is a form of cybercrime where attackers deceive you into revealing sensitive information, such as passwords, credit card numbers, or personal details. They do so by impersonating people or organizations you may already be in touch with, such as friends, colleagues, online businesses, government organizations, charities, banks, and more. Phishing attacks come via email, text message (also known as smishing), or phone calls. Generative AI, which can mimic human speech or writing, has made impersonation easier than ever.

These scams are widespread and constant. According to the Anti-Phishing Working Group’s Phishing Activity Trends Report, there were 989,123 phishing attacks in the fourth quarter of 2024 alone. With such a high volume of phishing attempts, it’s important to recognize the variety of warning signs.

What Are the Red Flags?

Recognizing phishing and smishing attempts is key to protecting yourself. Here are some key indicators to help you identify phishing attempts:

  • Unusual email subject lines. Legitimate emails from trusted organizations typically have specific subject lines that clearly describe the content of the message. A vague or alarming subject line can be a red flag that the email is a phishing attempt. Always be cautious if the subject line seems too broad or unclear. A scammer might write "Your Immediate Action Required" or "Verify Your Information Now" or "Critical Security Update."
  • Spelling and grammar errors. Today, with the growth of generative AI, cybercriminals have tools that allow them to write more convincing emails and text messages. You should still pay close attention to the quality of the writing, especially if the email is supposedly from a trusted organization. Does the message have the same voice and tone that you are used to seeing from that contact?
  • Improper use of logos. When scammers impersonate businesses, their phishing emails may misuse logos, branding, and design elements from the legitimate company. Look out for poorly formatted logos, low-resolution images, or colors that don’t match the trusted branding of the organization. Most legitimate businesses maintain high-quality, consistent branding across all their communications. This is another area where generative AI has allowed criminals better options for spoofing.
  • Spoofed authority figures. Phishing scams often involve cybercriminals impersonating, or "spoofing," trusted figures or organizations to gain your trust quickly. In fact, the 2024 Phishing Threat Trends Report by cybersecurity company Egress found that 89% of phishing emails involve impersonation. Criminals may spoof legitimate email addresses you know, so look closely.

Deceptive senders may claim to be from a bank, governmental department, your doctor, or other authorities. By presenting themselves this way, criminals hope to bypass your skepticism and prompt an immediate response. Read emails with a sense of caution and skepticism, and always verify the sender’s identity through official channels (reference their official website for confirmation) before taking any action. If an email or text seems odd, calling a known contact number is usually a good way to verify its authenticity.

  • False sense of urgency. Cybercriminals frequently employ a sense of urgency. They may threaten fines, account closure, or other consequences if you don’t act quickly, which can lead you to make hasty decisions. They might send an email claiming you have a limited time to respond, such as "within 24 hours" or "immediately." Legitimate organizations seldom impose such time limits.
  • Claims of suspicious activity. Claims of suspicious activity or failed login attempts are common phishing tactics. A message may urge you to click a malicious link, for example, by prompting you to update your password. These links lead to a fake website designed to appear legitimate. Entering your information shares it with criminals.
  • Failed payment notices or payment requests. Notice of failed payment or requests to make a payment are common. These emails may claim that your account is on hold due to a billing issue and urge you to click a link to resolve the problem. Again, the link is often a fake website that asks you to enter sensitive financial information, which cybercriminals can then use for fraudulent activities.
  • Direct requests for personal info. It’s important to remember that legitimate companies, including banks like Fifth Third, will never ask for passwords, PINs, or Social Security numbers through email, phone calls, or text messages. If you receive such a request, always verify the authenticity of the message by contacting the company directly.

Ways to Protect Yourself From Phishing

Secure your checking account, savings account, and online banking presence by staying vigilant. Here are some smart ways you can keep your information safe:

  • Enable multifactor authentication. One of the most effective ways to protect your accounts is by enabling multifactor authentication wherever possible. This adds an extra layer of security by requiring not only your password but also a second verification method, such as a text message code or authentication app.
  • Utilize the SmartShield® Dashboard.1 The SmartShield® Security dashboard is a valuable tool that helps Fifth Third customers monitor accounts for unusual activity. By tracking your financial transactions and alerts in real time, SmartShield® can detect potential threats and notify you if something seems off.

Activate Fifth Third Identity Alert®.1 To help further protect your identity, enroll in Fifth Third Identity Alert®. This service provides comprehensive identity theft protection, including credit monitoring, identity restoration services, and alerts if your personal information is used fraudulently. Immediate notifications can help you take swift action if your personal or financial information is compromised.

  • Protect your online banking credentials. Do not allow others to access or view your online banking credentials. Never give out your login username or password, and don’t relay one-time passcodes to others. Fifth Third will not ask you for this information.
  • Create stronger passwords. Use unique passwords and avoid common ones. Change your passwords regularly and do not use the same one across multiple applications.
  • Set up online or mobile banking alerts. Create online or mobile banking alerts to ensure you are notified when large or high-risk transactions occur. Ensure your computer or login device is secure: Make sure your systems and antivirus protection are up to date.
  • Monitor bank activity and statements. Opt for electronic statements if possible—paper statements risk interception in the mail. Monitor your bank activity and statements regularly and dispute any unauthorized charges or transactions.
  • Move to digital payments. Eliminate check interception risk by using digital-based payments instead of checks.
  • Don’t click on suspicious links or open attachments. Avoid clicking on suspicious attachments or links found in email, instant messages, texts, or other communication applications.
  • Don’t use public and unsecured Wi-Fi. Avoid using unsecured public Wi-Fi connections.

For more information on how to secure your accounts and protect your digital banking experience, check out "10 Cybersecurity Tips for Digital Banking," or connect with your local Fifth Third banker to discuss specific concerns.

Send us suspected phishing emails and text messages via the SmartShield® Dashboard in your Fifth Third mobile app. Or you can forward them to 53investigation@security.53.com. If you would like to talk to a representative, call us at 800‑972‑3030, Monday through Friday, 8 a.m.‑6 p.m. and Saturday, 10 a.m.‑4 p.m. ET.