Bank Email SSN: What to Do

TL;DR

Your bank should never email your Social Security number (SSN). This is almost certainly a phishing scam. Immediately contact your bank using a known, official phone number or website. Report the incident to the Federal Trade Commission (FTC) and consider placing a fraud alert on your credit files.

Step-by-Step Guide

1. Do Not Click Anything: If the email contains any links or attachments, do not click them. These are likely malicious and could install malware or steal your login details.
2. Contact Your Bank Directly: This is the most important step.
   • Find your bank’s official website (type it into your browser yourself – don’t use a link from the email).
   • Locate their customer service phone number on the official website.
   • Call the number and explain that you received a suspicious email asking for your SSN. They will be able to confirm if they sent it (they won’t have) and advise you further.
3. Report the Phishing Email:
   • Federal Trade Commission (FTC): Report the scam at https://reportfraud.ftc.gov/#/. This helps them track and combat phishing attempts.
   • Anti-Phishing Working Group: Forward the email to [email protected].
4. Check Your Accounts for Suspicious Activity: Log into your online banking account (using a link you type yourself, not from the email) and review recent transactions carefully. Look for any unauthorized charges or transfers.
   • If you see anything suspicious, immediately contact your bank’s fraud department.
5. Consider a Fraud Alert: A fraud alert tells creditors to verify your identity before opening new accounts in your name.
   • Contact one of the three major credit bureaus:
     • Equifax: 1-800-525-6285
     • Experian: 1-888-397-3742
     • TransUnion: 1-800-680-7289
   • Request a free fraud alert. It lasts for one year and you can renew it annually.
6. Monitor Your Credit Report: Regularly check your credit report for any signs of identity theft.
   • You are entitled to a free credit report from each bureau every 12 months at https://www.annualcreditreport.com.

Why Banks Don’t Email SSNs

Banks take the security of your personal information very seriously. They will never request sensitive details like your Social Security number via email. Email is not a secure method of communication and can be easily intercepted by criminals.

Example Phishing Email Indicators

• Generic greetings (e.g., “Dear Customer” instead of your name).
• Poor grammar or spelling errors.
• Urgent requests for immediate action.
• Suspicious links that don’t match the bank’s official website address.
• Requests for personal information like your SSN, account numbers, passwords, or PINs.