Password Disabled Scam


by Nick Taylor

A new email phishing scam turned up in our in-box in the past couple of weeks. It looks like it’s from a bank, and it says your password has been disabled because it’s been entered incorrectly three times.

You’re given a SIGN ON box and a message: “To enable your password, please sign on and follow instructions.”

The laugher is the next paragraph: “We are dedicated to protecting your information. Learn about our security measures and what we do to protect you online.”

The first one of these allegedly came from Chase, a bank I actually use. I knew my password was good, but I always click on the name of the sender in the upper left hand corner. That gives the email address and it usually isn’t from any legitimate source.  Sure enough this address  had nothing to do with Chase.

A second scam email, precisely the same type, arrived a few days later.  This one looked like it came from SunTrust, complete with what appears to be the SunTrust logo.


I’ve never had a SunTrust account, so this was clearly a phishing expedition. If you’re a scammer and put enough lines in the water, some of them will reach customers of the bank you’re pretending to be. 

This one, though, was more clever at disguising its return address, which showed up as  The real SunTrust return address would be

So if you get an email or emails saying your password is disabled, take a couple of precautionary steps.  

Click on the sender’s address to see who’s really at the other end.

 If you’re not sure it’s somebody phishing to get at your financial information, go online and log on to your bank. That will tell you right away if there’s a problem with your password.

And if that’s the case, you should deal with it on what you’re sure is the bank’s website.  Don’t sign on using a window that arrives in even a slightly suspicious email.

Chase spokesperson Rebecca Acevedo suggests that you call the bank immediately if you detect fraud on your account.  

SunTrust, like Chase, told us that phishing is an industry-wide problem. Spokesperson Angela Amberg said, “SunTrust, like most other financial institutions, will never send emails asking for personal information …”  She also cautioned that, “Clients receiving these types of emails should not reply to the emails or click on the links.”

Chase provided good suggestions for protecting your account from hackers.

1. Sign up for account alerts. Your bank has tools to notify you of certain types of suspicious activity.

2. Make sure your contact information is up to date. This will ensure your card company or bank is able to reach you in the case of suspected fraud.

3. Sign up to access your credit and debit card statements online instead of in the mail, and monitor them every few days – or more frequently during busy shopping seasons. If you spot anything inaccurate or unauthorized, contact your bank’s customer service center immediately.

4. Shop at trusted retailers online and off. Only shop sites that are secure and begin with https as opposed to http.

5. Don’t give your credit or debit card information away via email or phone, and don’t respond to unsolicited emails. If you’re not sure, call the company in question (using a known and verified phone number).

6. Don’t swipe if you don’t have to. Use your chip-enabled EMV card or a mobile payment service wherever available.

7. Strengthen your password using numbers, letters and symbols. If you choose something simple or personal – like birth dates or your kids’ names – savvy hackers may be able to break the code by reading your profile on social media.

8. Another smart move is to download your bank’s mobile app to make payments securely online, eliminating the vulnerability from mailing a check. Also, the mobile app gives you the opportunity to check your account on the go.

9. Be careful when using public Wi-Fi to make a purchase via a smartphone or other device, as many public networking technologies are not protected with encryption. It’s best not to enter credit or debit card numbers or other private information when using public Wi-Fi. But if you must, only do so on secure websites which begin with “https.”

10. Make use of the lock feature on your smartphone. Using a password or pin to access the device keeps it safe should you misplace it or it gets stolen.