Citizens Bank Phishing Scam: How Scammers Are Using Texts to Steal Data

If you're a Citizens Bank customer, beware of a new phishing scam that's going around. Scammers are sending out fake text messages purporting to be from the bank and trying to get customers to click on a link to update their account information.

Citizens Bank Phishing Scam: How Scammers Are Using Texts to Steal Data

If you’re a Citizens Bank customer, beware of a new phishing scam that’s going around. Scammers are sending out fake text messages purporting to be from the bank and trying to get customers to click on a link to update their account information.

Customers’ text messages may be similar to the following: “Citizens Bank Alert: We’ve detected suspicious activity on your account. Update your information here.” The message will then include a link. Do not click on the link if you receive one of these messages! It’s a scam, and clicking on it will take you to a fake website where the scammers will try to steal your personal and financial information.

If you have any doubts about the authenticity of a text message or email purporting to be from Citizens Bank or any other company, don’t hesitate to call the company’s customer service line to confirm, and never click on a link in an unsolicited message.

Why Are Text Messages Being Used for Phishing Scams?

Text messages are an increasingly popular way for scammers to trick people into giving them their personal and financial information. That’s because it’s easy to spoof the sender’s name and phone number on a text message, making it look like the message is coming from a legitimate source. Since text messages are typically read quickly and without much thought, scammers can catch people off guard and get them to click on a link before thinking about it.

Scam text messages are particularly powerful because it’s not easy to block or filter them the way you can with email spam. While users may be able to block one number that’s being used to send scam texts, the scammers will often just switch to a different number. Since most people now have smartphones that are constantly connected to the internet, scammers have a much better chance of getting their messages in front of potential victims.

Unfortunately, most people have little to no choice but to delete these messages and hope they don’t contain anything malicious. While Apple and Android allow users to block unknown senders, the downside is that users may end up blocking legitimate messages from people they don’t have in their contacts list.

Phishing through text messages has become so common that cellphone users are now expecting to receive them. Data breaches of personal information are becoming increasingly common, so scammers may have your name, phone number, and other personal information even if you’ve never heard of them. Users constantly receive phishing texts about UPS or FedEx deliveries that they need to sign for or warnings from the IRS about a problem with their taxes.

How to Spot a Phishing Scam in the Form of a Text Message

Regarding phishing scams, there are usually a few red flags that can tip you off that something is not quite right. Here are some things to look out for:

  1. The sender’s address may look strange or misspelled.
  2. The message may contain grammatical errors or odd phrasing.
  3. You may be asked to click on a link or download an attachment to “verify” your account information.
  4. The message may create a sense of urgency, telling you that you need to take action immediately to avoid some negative consequences.

If you receive a text message that contains any of these red flags, it is likely a phishing scam. Do not click on any links or download any attachments. If you are concerned that the message may be legitimate, you can contact the company directly to inquire about it.

How to Protect Yourself From Phishing Scams

Phishing scams are becoming increasingly common and more sophisticated. They can be very difficult to spot, so it’s important to be aware of the different ways they manifest.

Here are some tips on how to protect yourself from phishing scams:

  • Be suspicious of unsolicited messages, even if they appear from a company or organization you know. If you receive a message out of the blue, be wary.
  • Do not click on any links in unsolicited messages. If you’re unsure if a message is legitimate, confirm with the sender by another means (e.g., call customer service).
  • Be careful of misspellings or other typos in URLs. These are often a sign that you are on a fake website.
  • Hover over links to see where they will take you before clicking. This won’t work in all cases, but it’s a good habit.
  • Look for the https:// in URLs. This indicates that the website is using a secure connection.
  • Install security software on your computer and keep it up to date. This will help protect you from malicious websites and links.
  • Be cautious of attachments in unsolicited messages. These can contain malware that will infect your computer.
  • Keep your operating system and software up to date. Hackers often exploit security vulnerabilities that have been patched in newer versions.

Hiding Behind Cloudflare

The scammers behind the Citizens Bank phishing campaign and others hide their tracks using the Cloudflare CDN service. When we visited the website that the phishing link in the text message led to, it was hosted on the Cloudflare network.

Cloudflare is a legitimate service used by millions of websites to improve their performance and security. However, it can also be abused by scammers and hackers who use it to hide their identity and location. While the scammers may be hiding behind Cloudfare, the link you will be redirected to will not be the company’s actual website they are impersonating.

It is important to thoroughly check the URL of your website to ensure it is legitimate. Look for extra characters or misspellings, as these are often a dead giveaway that you are on a fake website. Scammers know how easy it is to mistype a URL, so they will often register domains very similar to the real thing in the hopes that people will make this mistake.

Scammers also understand how many people overlook the URL entirely, so the fake website will often include the company’s logo or branding to make it look more legitimate. The best way to protect yourself from this and other phishing scams are to be very careful about the links you click on, even if they appear to come from a trusted source.

The Best Knoxville IT Services and IT Support

Access Systems is a full-service IT company that provides top-notch IT solutions. We can help you with your IT needs, from setting up a new system to troubleshooting an existing one. We understand how easy it can be to fall victim to a phishing scam, which is why we offer comprehensive security solutions to help protect your business from these threats.

Cybersecurity and protection from phishing scams and other cyber threats should be a top priority for any business, and we can help you ensure that your business is safe. From comprehensive backups to antivirus protection, we have the tools and experience to protect your business from potential threats.

Access Systems is committed to providing our clients with the best possible experience. We take the security of our client’s information very seriously and work diligently to protect it. Contact us today to learn more about our IT services and how we can help you keep your business safe from phishing scams. Email us at or call us at (865) 524-5522.