Help article

How to Identify and Report Phishing Attempts

Scams and phishing attempts are some of the most common ways fraudsters try to access your account or steal sensitive information—like your login credentials, card numbers, or bank details.

Bad actors may impersonate Relay team members, create fake websites, or use emails, texts, phone calls, or ads to trick you into sharing information.

At Relay, your security is our top priority. That’s why we want to make sure you know how to spot phishing attempts and protect yourself.

Sections in this Article

How to Recognize a Scam or Phishing Attempt

Scammers use a variety of tactics to try to trick you into sharing sensitive information or accessing your account. While phishing emails and texts are common, scams can also happen through phone calls, social media, or online ads.

Here are some common warning signs to watch for:

  • Unexpected contact
    You receive a message, call, or notification you weren’t expecting—especially about account issues or urgent actions.
  • Urgency or pressure
    Messages that say things like “Act now,” “Your account will be closed,” or “Immediate action required.”
  • Requests for sensitive information
    Any request for your password, 2FA codes, or full account details is a red flag.
  • Links or websites that don’t look right
    URLs that are misspelled, slightly altered, or don’t match Relay’s official domains.
  • Unprofessional or inconsistent branding
    Poor formatting, spelling errors, or branding that looks slightly “off.”
  • Messages that just don’t feel right
    If something seems unusual, rushed, or out of place—trust your instincts.

What Is a Phishing Email?

Phishing emails often appear to be from trusted sources but are designed to steal your information. They might:

  • Ask you to verify your account by clicking a link
  • Request personal or financial information
  • Create a sense of urgency (e.g. “Your account will be closed unless you act now”)
  • Use branding, names, or email addresses that look similar to Relay’s

What is a Phishing Text Message (SMS)?

A phishing text message (also called smishing, short for SMS phishing) is a fake message sent by scammers pretending to be a trusted company, like a bank, delivery service, or tech support team. The goal is to trick you into clicking a malicious link, giving up personal information, or downloading malware.

Here are a few examples of how phishing texts try to fool you:

  • “Your Relay account has been locked. Click here to verify your info: [fake link]”
  • “We noticed suspicious activity on your card. Call this number now: [fake number]” 

Here are a few examples of how phishing phone calls try to fool you:

  • “This is Relay. We sent a 2FA login code to your phone. Please provide that code to continue.” (Relay will never request your login 2FA code. Any request like this is fraudulent.)

  • “There’s an issue with your account. Please confirm your password and account number.” (Note, we would never ask a customer for this information)

Watch out for fake ads and impersonation attempts

Fraudsters may create online ads (for example, on search engines or social media) that impersonate Relay. These ads can lead to fake websites designed to collect your login details or sensitive information.

When interacting with ads or links, make sure to:

  • Check that the branding, spelling, and overall quality match Relay’s official website
  • Look closely at the URL to confirm you’re on a legitimate Relay domain
  • Avoid clicking on ads that look unprofessional, rushed, or slightly “off”

If something doesn’t feel right, don’t proceed. Instead, contact Relay Support to verify before taking any action.

What Relay Will Never Ask You For

Relay will never contact you by SMS, phone, email, or social media to request any of the following:

  • Two-Factor Authentication (2FA) login codes

  • Your password

  • Full card numbers

  • Full bank account numbers

We will never call you to ask for a 2FA login code. Ever. If anyone contacts you asking for this information, it’s a scam.

When Relay May Ask for a Verification Code

In some situations, Relay may ask you to confirm a Relay verification code to verify your identity or authorize a specific request.

This is not the same as a 2FA login code you use to sign in to Relay.

Important: Keep any Relay verification code private. If you share it, you may be responsible for any resulting losses or unauthorized activity.

How to Safely Access Your Relay Account

Always log in to Relay through one of the following trusted sources:

Avoid Googling "Relay login"—fraudsters can create lookalike websites to steal your information.

Pro Tip: Bookmark our website or use the mobile app to log in securely every time.

How Relay Will Contact You

We only contact customers using our official channels:

Email, look for emails from these domains:

  • @relayfi.com
  • @m.relayfi.com
  • @info.relayfi.com
  • @bankwithrelay.com

Social Media:

  • Instagram: @bankwithrelay, @relay.hq
  • Twitter/X, LinkedIn, Facebook: @bankwithrelay

Phone:

  • Our only official phone number: 1-888-205-9304

If you’re ever unsure whether a message is really from us, don’t hesitate to reach out to our Support Team directly by calling the number above.

Think You’ve Been Phished?

If you suspect your Relay information has been compromised, contact our Customer Experience team right away. Please include:

  • How the fraudster contacted you (phone, email, SMS, etc.)
  • The email address, phone number, or social media account they used
  • Whether it was a live person or an automated call
  • What they were asking for

Keeping Your Account Secure

Want to learn more about how to protect your Relay account and what we do behind the scenes to keep it secure? Visit our article: Keeping Your Relay Account Secure

Stay alert, stay safe, and remember—Relay will never call or message you asking for sensitive information. If something feels off, trust your instincts and check with us.

Was this article helpful?