How to Avoid and Report Phishing, Smishing, Vishing, and Quishing Scams

<p>How to Avoid and Report Phishing, Smishing, Vishing, and Quishing Scams</p>

Fraudsters use malicious emails or websites (phishing), phone calls and voice messages (vishing), text and SMS messages (smishing), and QR codes (quishing) in an attempt to retrieve valuable information, gain access to your accounts, and steal funds.

What’s the difference between phishing, smishing, vishing, and quishing?

While all are types of social engineering — which is when a fraudster manipulates someone into taking a certain action or sharing sensitive information — the difference is the medium the fraudster uses to execute the scheme.

Fraudsters use malicious emails or websites (phishing), phone calls and voice messages (vishing), text and SMS messages (smishing), and QR codes (quishing) in an attempt to retrieve valuable information, gain access to your accounts, and steal funds.

They typically try to obtain personal identification details (Social Security number, date of birth), financial information (credit card numbers, bank account numbers), login credentials, and one-time passcodes.

What is spoofing?

Spoofing is when a fraudster creates and sends a communication that looks and sounds like it came from a legitimate source. Spoofing tactics for email and web include copying a company’s logo and creating an imposter email address, sender name, URL address, and/or website to trick victims into believing they’re interacting with the legitimate organization. Another spoofing tactic uses Caller ID to make incoming calls or texts appear as though they are coming from a legitimate business.

Why do people fall for these scams?

  • The tactics can be highly sophisticated and difficult to detect.
  • The communications often go to great lengths to mimic trusted sources.
  • Fraudsters often create urgent situations to get the victim to act quickly, without having time to think or verify that the message is authentic.

How can I protect myself from these types of scams?

Here are a few best practices to help you avoid falling for a scam:

  • Do not respond to unexpected emails, phone calls, or text messages asking for personal or financial information, especially if they contact you first.
  • Beware of QR codes that you encounter in public or via text or email. When scanning the code with your camera, verify the URL that appears before clicking to open.
  • Review suspicious communications carefully. Spoofed communications often contain errors in spelling, grammar, or punctuation.
  • Verify suspicious requests by contacting the organization directly using a known and trusted phone number, email address, or other contact method.
  • Create strong passwords with 15 or more characters and use a mix of upper- and lowercase letters, numbers, and symbols.
  • Enable multifactor authentication (MFA) on your accounts whenever possible.
  • Monitor your accounts for unauthorized transactions by regularly checking your bank statements and setting up alerts.

What if I find unauthorized transactions on my KeyBank account?

Call the KeyBank Fraud Client Service Center immediately at 1-800-433-0124. Dial 711 for TTY/TRS.

How do I know if a message I receive from KeyBank is legitimate?

KeyBank may contact you to verify recent account transactions if suspicious activity is detected or for other matters concerning your accounts.

Please know that KeyBank will never ask for:

  • Your full Social Security number or bank account number
  • Your usernames or passwords
  • One-time passcodes or answers to security questions over the phone


If you receive a call, email, or text message asking for any of this information:

  • Do not respond or provide the information.
  • Verify the request immediately by contacting a known KeyBank resource:
    • Call 1-800-KEY2YOU (dial 711 for TTY/TRS).
    • Call the number on the back of your KeyBank debit or credit card.
    • Visit your local branch.

What do legitimate text messages from KeyBank look like?

If you receive a text claiming to be from KeyBank, you can verify its authenticity by reviewing our list of 5- and 6-digit text codes at key.com/shortcodes

For more information on how to protect yourself from becoming a victim of these scams and other types of fraud, visit key.com/fraud.

The information and recommendations contained here have been compiled from sources believed to be reliable and represent the best current opinion on the subject. No warranty, express or implied by KeyBank, is made as to the absolute correctness or sufficiency of the information contained. This is meant as general information only; particular situations may require additional actions.

This document is designed to provide general information only and is not comprehensive nor is it legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. KeyBank does not make any warranties regarding the results obtained from the use of this information.