Fraud: Phishing, Vishing and SMSing

Millions of fraudulent emails, text messages and phone calls are sent and received daily. At National Penn, we take the security of our customer’s financial information very seriously. We work around the clock to monitor phishing, vishing, and SMSing activity and close fraudulent websites and phone numbers. Our customers are valuable partners in reporting and helping to prevent fraud.

National Penn cautions consumers to be on the lookout for phishing, vishing, and SMSing scams in which various fraudulent emails, phone calls and text messages claiming to come from National Penn ask recipients to click on hyperlinks or call automated telephone numbers to update account information, unlock debit cards, receive a tax rebate or refund, or complete a survey to receive a fee. These are not legitimate emails, phone calls, or text messages from the bank; instead, they are fraudulently sent as part of a scam in which criminals try to trick people into divulging their confidential information.

Recipients should not click on any links in these emails or respond with any confidential information such as account numbers, debit card numbers or Social Security Numbers. Clicking on a link in this type of email could expose a computer to malicious software that could track keystrokes, potentially giving the scammers private information such as account passwords. Fraudulent emails such as these may look official, sometimes including the company logo. National Penn does not send out unsolicited emails asking its customers to click on a hyperlink and input confidential account or debit card information.


Phishing (pronounced "fishing") is an electronic scam that attempts to obtain confidential personal or financial information from its target.

Phishing takes the form of a fake message, usually an email, which appears to be from a financial institution or service provider. The message usually includes the company name, logo and a link to a Web site which instructs you to update your account information by providing your Social Security number, bank account number, PIN, password, birth date, etc. with a dire warning if action isn't taken. A phisher can then use your personal information to commit fraud.

Recent phishing emails have purportedly come from government agencies, legitimate financial sector firms, Internet auction sites, and electronic payment services. Individuals and organizations in the U.S. and other nations are receiving emails that fraudulently claim to come from NACHA regarding ACH payment transactions. Perpetrators are conducting similar phishing attacks in which they are sending fraudulent emails that claim to be from the Federal Reserve Bank, IRS, other federal agencies, as well as commercial financial institutions, other payment organizations, technology companies, and businesses.

In order to avoid becoming a victim of a phishing scam, you need to know what to look for.

  • In a typical phishing case, you will receive an email that appears to come from a reputable company such as your financial institution, government agency, or a credit card company. Fraudulent emails (phish) and Web sites can be very sophisticated, and may look identical to National Penn’s emails and Web sites. Fraudsters can even tamper with the sender information in an email to make their phish look even more legitimate.
  • Email addresses are harvested from publicly available sources or through randomly generated lists. Phishers send out millions of e-mails at a time hoping to catch the customers of a targeted company by pure chance.
  • While some emails are easily identified as fraudulent, including some containing tabloid-style headlines to get the user to open them, others may appear to come from a legitimate address and trusted online source. Do not rely on the name or e-mail address in the "from" field, as this is easily forged.
  • The message will describe an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message. Note: With the high volume of mergers within the financial services industry, phishers will often try to get your personal information by insisting they need it in order to transfer your accounts from one institution to another.
  • Once inside the fraudulent Web site, you may be asked to provide Social Security numbers, account numbers, passwords, or other information used to verify your identity such as mother's maiden name or place of birth.
  • Fraudulent email may also include links and/or attachments that contain computer viruses and/or keystroke loggers and should not be clicked on or opened.
  • Other typical phishing scams include fake job offers, surveys, bogus prize awards, gift certificate offers, or money laundering schemes.


Vishing (or "voice phishing") are attacks in which bank customers are contacted by email or sometimes automated phone call.

With vishing, bank customers are told that their checking accounts or debit cards have been compromised. Instead of being referred to a Web site (as in phishing scams), customers are urged to call a local or tollfree number. The number connects to an automated response system that answers the call and asks you to input account information, debit card information, and/or your Social Security number to clear up the "problem." The callers do not have any of your information, so they ask you to provide the information in the hope that you will give them enough information for them to access your account.


SMSing is a variant of traditional phishing scams that uses texting (instead of email) to gather confidential information.

Customers may receive a text saying their account or debit card has been compromised and giving them a phone number to call to resolve the issue. When they call, they reach an automated answering program that asks them for their account number (or debit card number) to verify their account. Customers should not give confidential information in response to suspicious requests like this.

Questions or Concerns?

Please call Customer Service at 1.800.822.3321.

Back to Top