Skip to Content

You are now leaving Cardinal Bank.

You are now leaving Cardinal Bank's web-site and are going to a web-site that is not operated by the Cardinal Bank.

Cardinal Bank is not responsible for the content or availability of linked sites.

Please be advised that Cardinal Bank does not represent either the third party or you, the member, if you enter into a transaction. Further, the privacy and security policies of the linked site may differ from those practiced by the

You will now access:

Avoiding Phishing Attacks


Understanding Phishing Attacks Means Following Best Practices to
Help Access the Internet Safely and Securely

When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing.  The scam is called phishing because the criminals throw out bait in hopes of luring a consumer into biting.  Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels. 

Here's some information to help you prevent getting phished:

Examples of Phishing Messages :

You open an email or text and see a message like this:

  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
  • "During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
  • "Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
  • "We have successfully processed ACH file 'ACH2013-02-20-9.txt' (id '123.456') submitted by user 'jsmith' on '2013-02-20 10:64:65.0'. For additional details, click here.” 

The senders are phishing for your information so they can use it to commit fraud.

How to Deal With Phishing Scams:

  • Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security Numbers, passwords, etc.).  Legitimate companies don't ask for this information via email or text.  The messages may appear to be from legitimate organizations.  They might threaten to close your account or take other action if you don't respond.
  • Don't reply, and don't click on links or call phone numbers provided in the message, either.  These messages may direct you to spoof sites - sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.
  • Question area codes as they can mislead, too.  Some scammers ask you to call a phone number to update your account or access a "refund".  But a local area code doesn't guarantee that the caller is local.
  • If you're concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

Checklist for Avoiding a Phishing Attack 

Use trusted security software and set it to update automatically. 

 Use computer security best practices for business and personal use. 

 Don’t email personal or financial information. Email is not a secure method of transmitting personal information. 

 Only provide personal or financial information through an organization’s website if you typed the web address yourself and see signals that the site is secure, like a URL that begins with https (the “s” stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons. 

 Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances. 

 Forward phishing emails to  – and to the company, bank or organization impersonated in the email.  If you receive an email that appears to be from Cardinal Bank, but you suspect it may be a phishing email, please forward it to us at  You may also report phishing to  The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing. 

 If you think you have been tricked by an email, file a report with the Federal Trade Commission at And, visit the FTC’s Identity Theft website. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.  

Think twice before opening attachments or clicking on links in unsolicited e-mails and text messages. These messages may install "malware" (malicious software) on your computer or cellphone. 

Learn More About Online Security

To learn more about protecting yourself from common financial frauds, see back issues of the FDIC Consumer News and the FDIC's multimedia presentation "Don't Be an Online Victim". Also visit the federal government's central Web site for financial information.

Questions or Concerns?

Call 703.584.3400 or 800.473.3247. 


Return to Home