Handling Suspicious Messages
Learn more about the types of messages you should be concerned about and how to deal with them.
Don't respond to "phishing" emails
Criminals send out fake emails that appear to be from real businesses, hoping to reach customers. These emails are called phishing emails. It's one of the ways criminals try to trick customers into giving personal information like account numbers and passwords. Phishing emails don't just target bank account holders. Be on the lookout for fake emails from fraudsters pretending to be online retailers, utility companies and other businesses that use secure login systems.
If an email appears to be from Ally but looks suspicious, forward it to us at email@example.com then delete it immediately from your inbox. Do not open email attachments or click links in emails if you do not personally know the sender. Instead of clicking a link in an email, type the URL directly in your browser or use favorites/bookmarks to access the website.
Protect your security code
Fraudsters may call you pretending to be from Ally, and ask for the 6-digit security code that was just sent to your phone. Don’t be fooled. If you’re suspicious that the call isn’t coming from us, let the person know you’re going to call Ally yourself to confirm, and then call the Ally Fraud Hotline at 1-800-971-6037.
Keep in mind
We may need to verify your identity when you call us directly at 1-877-247-2559. To verify it’s you, we might ask questions or send a code to read back to us over the phone. This is the only time we’ll ask for a code over the phone.
Watch out for "smishing" texts
Just like phishing emails, criminals send out fake SMS text messages with a link to a fraudulent website or a phone number to try and collect personal information. Ally will never ask you to confirm or provide personal information in an unsolicited text. Text messages from Ally Bank will always include one of these short codes – 25597or 247247.
Do not reply to any suspected smishing texts or click on any links in the text message. If a text appears to be from Ally but looks suspicious, forward it to us at firstname.lastname@example.org. You can also send scam text messages to 7726 (SPAM) to notify cellphone carriers to have the number blocked.
Beware of suspicious "spoofing" websites
Criminals create fake websites that look like real company websites in order to steal your personal information. Be cautious of links sent to you in emails. Phishing emails and smishing texts include links to these fake sites.
The best way to know that you are going to the real website is to type the URL directly in your browser or use favorites/bookmarks to access the website. As a rule of thumb, look at the website address to be sure it starts with "https" before entering personal information on a site. A green security status bar and padlock icon next to the web address are additional visual indicators that confirm you are on a secure site.
Listen up for "vishing" phone calls
Fraudsters aren't just using new technology for scams. They still resort to tried-and-true tactics like vishing – an email or voicemail request asking you to call and provide personal information that can be used to access accounts or open new fraudulent accounts. If you suspect vishing, you should look up the organization and contact them directly to ask if the request is legitimate.
Verify online requests for money by friends or contacts
Be extremely wary when people you're connected to on social networks ask for money through instant message (IM) or email. Fraudsters have been known to hack social networks and assume the identity of real users, then send messages to their contacts stating the person has been robbed or is stranded somewhere and needs you to wire money in order to get home. If you receive one of these requests, contact the person by phone and verify the request is real.