Quick answer: Before entering business banking credentials, verify the domain, avoid ads and unexpected messages, keep MFA codes private, and use official support channels for account-specific issues.
SymptomLikely causeFirst safe fix
Unexpected login linkPossible phishing or smishingDo not click; open official site manually
Page asks for code before normal loginSuspicious flow or fake pageStop and verify through official channels
Caller asks for remote accessVishing or tech-support scam patternHang up and call official support

Before entering credentials

A safe login habit starts before the password field. Check where you are, how you arrived there, and whether the request makes sense.

  • Type the official website manually.
  • Avoid search ads for banking login.
  • Check the full domain, not just the lock icon.
  • Use a bookmark created from official navigation.

MFA and access-code rules

A one-time access code is part of the login process. It should not be shared with another person or typed into third-party websites.

  • Only enter codes into the official login flow you initiated.
  • Do not read a code to a caller.
  • Do not approve unexpected prompts.

Business policy tips

Companies should train employees to identify fake login pages and define what details can be shared with IT or support.

  • Use password managers with domain matching.
  • Create escalation rules for suspicious messages.
  • Keep administrator contact paths clear.

Use official Synovus help for account-specific issues

For login access, account-specific changes, locked users, payment services, fraud concerns, or confidential banking questions, use official Synovus channels. Start at the official Synovus website, review the official Synovus Gateway information page, or use the official Synovus contact page.

Do not share codes or passwords

No help guide, phone caller, email sender, text message, or “support agent” should ask you to share your banking password, one-time access code, full account number, card number, or remote computer access. Stop and verify through official channels.

FAQ

Is HTTPS enough to trust a banking site?

No. HTTPS encrypts traffic, but fake sites can also use HTTPS. Verify the domain and source.

Should I use Google search every time I log in?

It is safer to use the official domain or a trusted bookmark.

What should I do after entering credentials on a suspicious site?

Contact official support and your company administrator immediately, change passwords through official channels, and review account activity.

Last reviewed: May 15, 2026. This page is written as independent troubleshooting guidance and is not a substitute for official Synovus support.