Every Internet user should know about spoof (a.k.a. phishing or hoax) e-mails that appear to be from a well-known company but can put you at risk.

Although they can be difficult to spot, they generally ask you to click a link back to a spoof web site and provide, update or confirm sensitive personal information. To trick you, they may allude to an urgent or threatening condition concerning your account.

Spoof e-mails are after

  • Password or PIN
  • Credit card validation (CCV) code
  • ATM/Debit or credit card number
  • Social Security Number (SSN)
  • Bank account number

Even if you don't provide what they ask for, simply clicking the link could subject you to background installations of key logging software or viruses.

Security Tip
Never click on a link in a suspicious e-mail.

Please note that if you do not sign up, your account access will be suspended. Follow this link

Spoof Web sites:
A spoof website is one that mimics a popular company's website to lure you into disclosing confidential information. To make spoof sites seem legitimate, thieves may use the names, logos, graphics and even code of the real company's site.

They can even fake the URL that appears in the address field at the top of your browser window and the padlock that appears in the lower right corner. The links in the spoof e-mails almost always take you to a spoof web site.



Although there's no foolproof formula for spotting a spoof e-mail or web site, these signs should arouse your suspicion:

Signs of a spoof E-mail

  • There may be a sense of urgency. Example: Your account will be closed or temporarily suspended. You'll be charged a fee if you don't respond.
  • There are embedded links that looks legitimate because they contain all or part of real company's name. These links may take you to spoof sites (or pop-up windows) that ask you to enter, confirm or update sensitive personal information.
  • There may be obvious spelling errors. These help spoof e-mails avoid the Spam filters that ISPs use.
  • Spoof web sites can be more difficult to detect, because even the address bar and padlock that appear in your browser window can be faked. To make sure you're on our site, type www.banamexusa.com and see if you get the same site.

Learn more about Banamex USA's web and e-mail practices so you know what to look out for:

What we do:

  • Ask you to enter your mother's maiden name, your date of birth, your Social Security Number if you're a US resident, your email address and your account number(s) the first time you come to www.banamexusa.com to set up your online User ID and Password.
  • Ask you to choose a username and provide you with a password within 48 hours of your request.
  • When providing you with your initial password, we will ask you to verify your name; account number; online account User ID; email address; and account password or last four digits of your Social Security Number for accountholders residing in the United States; or Telephone Access Code (TAC) or mailing address, telephone numbers and date of birth for accountholders residing in Mexico.
  • Ask you to sign on by entering only your User ID and Password.

What we don't do:

  • Send urgent or time-sensitive e-mails that ask you to provide, update or confirm sensitive data like your Online User ID or Password, PIN, SSN, ATM/Debit Card or account number, credit card number or expiration date, or mother's maiden name.
  • Require you to enter anything other than your Online User ID and Password to sign on to Bank@net.
  • Send you an e-mail that tells you to provide personal information because it's for your own security.
  • Send you an e-mail with input fields that ask you for sensitive information.


Security Tip
If you don't recognize a transaction or suspect fraudulent activity on your account call immediately at 1-800-222-1234 from the United States or 01-800-111-1234 from Mexico.

Educating yourself is the first step—just reading this means you're on the right track!

What you can do:

  • Don't click on links in unsolicited e-mails, especially those asking for personal information. Even if you don't supply it, just clicking can enable thieves to access your computer, record your keystrokes, and capture passwords you use to log on to various websites.
  • Go directly there. The best way to get to any site is to type its address (URL) into your browser and then bookmark it.
  • Change your Password frequently. Every 30 - 60 days is recommended. To change it online, sign on and then go to User Options.
  • Keep your operating system and browser up-to-date. Software updates often include security enhancements that you can usually download for free. For example, Microsoft's site can scan your computer to make sure that your software is up-to-date.

Here are other security tips that can help you protect yourself:

  • Create hard-to-guess passwords.
    Use at least six characters and a mix of letters and numbers. Don't use all or part of your Online User ID or e-mail address, or the names of your children, spouse or pet. Use a different password for each of your online accounts.
  • Protect your identity.
    Don't carry your Social Security card, passport or birth certificate - or those of your children - unless you need them that day.
  • Destroy all pre-approved credit offers that you don't respond to.
  • Make sure your home computer has the most current anti-virus software.
    Anti-virus software needs frequent updates to guard against new viruses. Make sure you download updates as soon as you're notified that they're available.
  • Install a personal firewall to help prevent unauthorized access to your home computer.
    This is especially important if you connect to the Internet via a cable modem or a digital subscriber line (DSL) modem.
  • Change your PIN (the code you enter at ATMs) frequently.
    Every 30-60 days is recommended.


Security Tip
If you don't recognize a transaction or suspect fraudulent activity on your account call immediately at 1-800-222-1234 from the United States or 01-800-111-1234 from Mexico.
Forward any suspicious e-mail to: emailspoof@banamexusa.com

When you report fraudulent e-mails that appear to be from Banamex USA but which are, in fact, sent by imposters, we work aggressively with law enforcement agencies to investigate them.

If you suspect that you've received a fraudulent e-mail, please forward it to us immediately at: emailspoof@banamexusa.com

Note: Don't change or retype the subject line-this inhibits our ability to properly investigate it. After forwarding the e-mail, you should delete if from your inbox.

You may also want to forward it to the Federal Trade Commission at:


or contact them at:

© 2005 Banamex USA

Home Page