Fake Emails and Websites

Security Center

About Phishing and Spoofing

Recognizing fake emails (phishing) & fake websites (spoofing)

Online fraud can occur when a criminal poses as a legitimate company or business in order to obtain sensitive personal data and then illegally conducts transactions on your existing accounts. These scams are often called “phishing” or “spoofing.”

Phishing

Fake emails (phishing) will often…

Ask for personal information. They may claim that your information has been compromised, that your account has been frozen or ask you to confirm the authenticity of your transactions.
Appear to be from a legitimate source. While some emails are easy to identity as fraudulent, others may appear to be from a legitimate address and trusted source. You should not rely on the name or address in the “From” field, as this is easily altered.
Contain fraudulent job offers. These are often work-at-home accounting positions.
Contain prizes or gift certificate offers. In exchange for completing a survey or answering questions, some fake emails promise a prize or gift certificate. They require you to give personal information in order to obtain the prize.
Link to counterfeit websites. Fake emails may direct you to counterfeit websites that closely resemble a legitimate site while they collect personal information for illegal use.
Link to real websites. Some fake emails link to legitimate websites. This is done in an attempt to make a fake email appear real.
Contain fraudulent phone numbers. Never call a number featured on an email you suspect is fraudulent; it can be tied to the fraudsters.
Contain real phone numbers. Similar to linking to real websites, real phone numbers may be featured in a fake email in an effort to make the email appear legitimate.

What to do...

If you receive an e-mail that looks like it is from Old National Bank or another well-known company requesting financial information or any other personal or sensitive data, please take the following actions:

Treat the e-mail with suspicion.
Do not reply to the e-mail or respond by clicking on a link within the e-mail message.
Do not download anything or open attachments.
Report the suspicious e-mail to the FTC and forward the e-mail to uce@ftc.gov.

If you have already provided personal financial information via e-mail and feel that your Old National accounts are in jeopardy, contact Old National Customer Service as soon as possible to report the suspicious activity. You can reach Customer Care by calling 1-800-731-BANK or via email.

Stop, look and call!

The Department of Justice recommends following three simple rules when you see emails or websites that may be part of a phishing scheme: Stop, Look and Call.

Stop
Phishers typically include exciting or frightening (but false) statements in emails with one purpose in mind: they want you to react immediately and impulsively. Resist! No matter how exciting, attractive or worrisome the statements or claims in the email seem, take time to check out the information closely before acting.

Look
Always look closely at any claims made in an email. Think about whether the claims make sense and be highly suspicious if asked to share personal information such as account numbers, user names or passwords. Old National Bank and other legitimate financial institutions already have our clients’ account numbers and will never ask for sensitive personal information via email.

If you receive any email claiming you’ve won a prize or are entitled to receive some special “deal,” there is reason to be highly suspicious, especially if you’re asked to share confidential personal information. You’re much better off erring on the side of caution, which leads to point #3.

Call
When you receive a suspicious email that claims to have originated from a legitimate company or financial institution, call or email that company or institution – using a phone number or email address you to know to be valid (not a phone number in the email!) -- and investigate. Credit card accountholders can call the toll-free customer assistance number on the back of their card and bank customers should use a phone number listed on one of their bank statements.

Counterfeit websites (spoofing)

Online thieves often direct you to fraudulent websites via email and pop-up windows and try to collect your personal information. In many cases there is no easy way to determine that you are on a phony website because the URL will contain the name of the institution—this is spoofing. If you type or copy/paste the URL into a new browser window and it does not take you to a legitimate website, or you get an error message, it was probably just a cover for the fake site.

What to do…

When logging into your account, look closely at your browser. The address in the location bar should start with “https”—for example, https://www.oldnational.com. You should also see a lock icon at the bottom of the browser. If you double-click the icon, it should display security information about Old National.