Look for these Red Flags

It’s easy to identify phishing scams at-a-glance. Watch out for:

  • Emails or texts with urgent requests to “verify your account”
  • Links that don’t match the company’s real website
  • Attachments you weren’t expecting
  • Caller ID or email addresses that look close but aren’t exact
  • Requests for your password or a one-time code

An Example That Hits Close to Home

Mark checked his inbox on his lunch break and saw a message with the 1st Source Bank logo. The subject line read: “Your account access is restricted—update now.” The link took him to a page that looked identical to the login screen. Without pausing, he entered his credentials. Within hours, his phone buzzed with security notifications, and money began leaving his account in a series of transfers. Luckily, our fraud monitoring system flagged the activity, but Mark still had to lock his cards, reset his credentials, and file reports.

What made the scam effective was its realism. The logo, the tone of the email, and even the timing felt right. The criminals relied on speed, hoping he’d act before thinking.

How to protect yourself

Variations on the scam

Phishing has many offshoots. The core idea is the same — criminals pretend to be someone you trust — but the delivery changes. Knowing the variations helps you recognize scams no matter where they appear.

  • Vishing (voice phishing): Calls that sound urgent, often with spoofed caller ID, claiming to be your bank, a government agency, or a utility company. Scammers may ask you to share a one-time passcode or move money to “protect your account.”
  • Smishing (SMS phishing): Text messages with links or phone numbers that lead to fraud. They may say a package is waiting, your account is locked, or you need to “verify” personal details. Messages often come from regular 10-digit numbers instead of official short codes.
  • Social media phishing: Fraudsters create fake profiles or send direct messages that mimic legitimate businesses. They may push you to click a link, fill out a survey, or share login credentials.
  • Clone phishing: An authentic-looking copy of an email you’ve seen before, with a dangerous attachment or link swapped in. Because the format feels familiar, it’s easier to be tricked.

Related advice articles

Recognize phishing before it hooks you.  These resources show you how.

More advice articles Default State Blue Right Pointing Arrow Hover State Orange Right Pointing Arrow

What to do if something happens

Scams are designed to look convincing, and even the most careful people can get caught off guard. If something happens, don’t panic — there are steps you can take right away to protect your accounts and limit any damage:

  1. Change your password immediately and update your security questions if you can.
  2. Contact 1st Source right away through our Report Fraud page. We can help secure your accounts.
  3. Lock or freeze cards using card control in the mobile app until you’re confident everything is safe.
  4. Set up transaction and login alerts to keep a close eye on new activit
  5. File a report with the FTC at IdentityTheft.gov.

    6. It’s a free resource that helps you create a recovery plan.

In a nutshell

Phishing works because it looks convincing, but once you know the red flags it’s much easier to spot. By slowing down and verifying before you act, you can block criminals from getting the information they want. And if you ever slip up, quick action can keep a bad situation from getting worse.

Want to learn about other banking scams?

See our full list here:

Common scams and how to avoid them