1. Personal
  2. Business
  3. About Us
  4. Customer Service

Security Center

Common Fraud Tactics

Click to jump to a definition of each tactic.

spoofing phishing vishing smishing malware

Below are some common tactics used to fraudulently gain access to your personal information. Any of these tactics or a combination of them can be used. See details below of how a fraudster can:

  • Imitate a legitimate company's email or web site and send you fake email that appears real
  • Request that you provide personal information
  • Ask you to click a link in an email (to access information, resolve an issue, etc.) which will then infect your computer with a virus or other type of malware

Spoofing

You receive an email or arrive on a web site that appear to be those of a legitimate company, when in fact they are "spoofed" or fake. The intent of the email or site is to trick you into providing personal or financial information. Links in these emails can also take you to fake or spoof sites, where you are asked to provide personal information. This tactic is called phishing.

Phishing (emails)

Phishing emails are well crafted and often difficult to distinguish from those of the company being impersonated. They will often have the company logo. The name or email in the “From” field may appear to be authentic.

Phishing emails typically have a sense of urgency. They may tell you your account is about to be closed or a transaction can't be processed until a response is received. They may also instruct you to open an attachment or click on a link in order to review, update or verify your information. In some instances, they may provide a phone number for you to call.

Phishers may ask for information such as your User ID, passwords, credit card numbers, PIN number, online banking credentials and Social Security numbers. They know that individuals often use the same or similar user names and passwords for several accounts, from email to online banking.

Phishing also occurs via phone calls, called Vishing, and text messages, called SMiShing.

Vishing (Voice Phishing)

This is a phone call (either from a person or automated voice message) that appears to be coming from a legitimate company. 

Generally the caller asks you to provide personal information for some “urgent” reason. It may be to win a prize, re-activate an account, verify account information or cancel an order (when in fact none of these reasons are legitimate). 

You may be asked to visit a web site or call a provided number, where you will be asked for information such as credit card numbers, online banking credentials or Social Security numbers. You may also be asked to email the requested information.

If you receive an unexpected phone call that appears to be from Old National or another company that asks for personal information, be suspicious. Hang up and then call Old National or the company using a phone number you know to be valid, and not one provided to you by the original caller. If you can't confirm that the phone call is legitimate, do not respond by providing any personal information through the phone, an email or web site.

SMiShing (Text Message Phishing)

This is a text message on your cell phone that appears to be from a legitimate company. 

Generally, the text message will ask you to visit a web site or call a provided number for some “urgent” reason. It may be to win a prize, re-activate an account, verify account information or cancel an order (when in fact none of these reasons are legitimate). 

When you go to the fraudulent web site or call the phone number, you will be asked for personal information such as credit card numbers, online banking credentials or Social Security numbers.

If you receive a text message that asks for personal information and appears to be from Old National Bank, do not respond. Old National will never ask you for personal information via a text message.

Also, be wary of text messages from other companies that ask you for personal information. If you aren't certain the message is authentic, call the company using a phone number you know to be valid to confirm the text message is from them. Do not use a phone number or email provided within the text message sent to you. If you can’t confirm the sender of the text message, do not respond to it!

Malware

Your computer can be infected by malware in a number of ways. Clicking on a link in an email or on a web site can activate the installation of malware. So can opening an email attachment. Also, downloading programs, such as free games, from web sites can result in the installation of malware to your computer.

Malware includes viruses and spyware that get installed on your computer without your consent. The malware can make your computer crash, or criminals can use it to monitor your computer activity and steal your confidential information, such as credit card numbers, Online Banking credentials and Social Security numbers. 

Through tactics such as spoofing, phishing (vishing and SMiShing) and malware, this information can enable the fraudster to assume your identity, apply for credit in your name or access your account to steal money.

Click here to learn how to identify fraudulent emails.

How to report suspicious activity

If you receive an email, call or text that claims to be from Old National, please notify us immediately at 1-800-731-2265. Also notify other companies and organizations of any suspicious messages that claim to be from them. You can also report these incidents to the Federal Trade Commission.

If you have already responded to any of these types of requests, or feel that your Old National accounts may be in jeopardy, contact Old National Customer Service immediately by calling 1-800-731-2265.

PLEASE READ: Information security best practices continue to change and evolve. The information and guidance provided to you online in this Security Center is not intended to be an all-inclusive checklist. You should consult with a qualified information security professional to determine the appropriate security tools and controls for you and/or your business.