Protect Your Account Information

Secure. Reliable. You have our word on it with our Huntington Online Guarantee.

Phishing and SMishing

Phishing (fraudulent email or pop-ups) and SMishing (fraudulent text messages/SMS phishing) are used to trick people into providing personal information that can be used for identity theft or even unwittingly downloading a trojan horse or virus. Some email messages direct you to fraudulent websites, designed to trick you into believing they belong to a company you know by using its brands' domain names and graphics. The ultimate goal of this fraud is to use your information to gain unauthorized access to your bank or financial accounts or to engage in other illegal acts.

Criminals can make an email look as if it comes from someone else. Fake emails often can be spotted because:

  • The sender's email address doesn't match the organization's website address.
  • The email uses a generic greeting, such as “dear customer.”
  • They display a sense of urgency (i.e. Unless you act immediately, your account could be closed.).
  • They request personal information such as user name, password or account numbers.

Example of a Fraudulent Email or Pop-up Messages:
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."

"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."

Example of SMishing Text Message: / Congratulations! Your Huntington Bank cash back reward is ready to be redeemed! Simply call 877-555-5555 to redeem.

If you ever receive an email of this nature, do not open the attached files, and do not provide any personal information. Huntington will never solicit your personal or account information through email.

If you receive any email from Huntington or from anyone else requesting personal or account information, please treat it as fraudulent and forward it to us at or call 1-877-932-BANK (2265) 24 hours a day, 7 days a week.

If you do open an attachment containing a virus or other malicious program, clean your system using anti-virus software and change your Internet and system passwords, change your password immediately, monitor your account activity frequently and report any suspicious activity to the legitimate company from which you THOUGHT the email initiated.

The Department of Justice recommends following three simple rules when you see emails or websites that may be part of a phishing scheme:

Stop. Phishers typically include upsetting or exciting (but false) statements in their emails with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before they take time to think through what they are doing. Resist that impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.

Look. Look more closely at the claims made in the email, think about whether those claims make sense, and be highly suspicious if the email asks for numerous items of your personal information such as account numbers, usernames, or passwords. For example: If the email indicates that it comes from a bank or other financial institution where you have a bank or credit card account, but tells you that you have to enter your account information again, that makes no sense. Legitimate banks and financial institutions already have their customers' account numbers in their records. Even if the email says a customer's account is being terminated, the real bank or financial institution will still have that customer's account number and identifying information. If the email says that you have won a prize or are entitled to receive some special "deal," but asks for financial or personal data, there is good reason to be highly suspicious. Legitimate companies that want to give you a real prize don't ask you for extensive amounts of personal and financial information before you're entitled to receive it.

Call. If the email or website purports to be from a legitimate company or financial institution, call or email that company directly and ask whether the email or Web site is really from that company. To be sure that you are contacting the real company or institution where you have accounts, credit card accountholders can call the toll-free customer numbers on the backs of your cards, and bank customers can call the telephone numbers on your bank statements.