Can You Spot a Phishing Email? We'll Show You How
We depend on email every day. We use email to contact our coworkers, connect with friends and family, and communicate with businesses we trust. Unfortunately, online scammers know this, and they’ve developed increasingly sophisticated schemes to trick us via email into providing sensitive information – then using this information to steal money or commit identity theft. One of their most common ploys is known as a phishing email.
October is National Cybersecurity Awareness Month, and it’s a good time to learn how this common scam works.
When you know what phishing emails look like, you’ll be more likely to avoid failing for one – and can prevent the stress and financial harm that these scams cause.
How Phishing Emails Work
Phishing scammers send a fake email to unsuspecting recipients to trick them into providing sensitive information such as Social Security numbers, online account passwords, or banking or credit card information. Stolen information like this can be used to drain your account, open lines of credit in your name, take control of your online accounts, or commit other financial crimes.
Phishing attacks may seem to come from a friend or family member in trouble, claim to be from a government agency like the IRS or CDC, or promise you a great reward like a free product or cash prize. Some phishing emails make threats; others appear completely routine. In many cases, they ask you to click a link in an email that directs you to a fraudulent website with a form to enter personal information.
Phishing emails often rely on a sneaky practice called spoofing, which is an attempt to disguise an email, website, or other form of communication to look like it belongs to a business or organization you trust, such as your financial institution, a utility company, a social networking site, or an online store. Here are some common phishing examples:
- An email claiming there’s an issue with your account or payment information
- An email asking you to update your account password
- An email that says you’re eligible to receive a special offer or that you won a prize
Some phishing emails look convincing, with logos and design that are a dead ringer for genuine emails from the organization they’re impersonating. But there may be some telltale signs that it’s a phishing email, including:
- Generic greetings like “Dear Customer” or “Friend” or your name in all caps
- References to a transaction you didn’t complete or an account you don’t have
- A sender email address that’s slightly off (such as Service@Netfl1x.com instead of Service@Netflix.com)
- Poor spelling or grammar
- Language like “Send Money Please” or “Urgent Action Required”
- Requests for wire transfers or PayPal payments
Always be wary of unexpected requests for information. If in doubt, don’t reply or click any links, and delete the message. If you’re not sure if an email is legit, you can always contact the company or agency directly (via the phone number published on their website) to verify the message. Better safe than sorry.
What to Do if You’re Targeted
If you suspect you’ve accidentally provided information to a scammer, don’t panic. There are steps you can take to protect your finances and your credit.
Contact Your Financial Institution
If you believe your banking or credit card information has been stolen, reach out to your credit union, bank, or credit card company right away. It may be a good idea to put a freeze on your credit or debit cards.
Update your online passwords immediately. Also, consider setting up two-factor authentication for your accounts, which provides an extra layer of protection.
Contact the Organization
Report the phishing scheme to the company that was impersonated. This can help them take steps to protect others from the same scam. You can also file a report with the FBI’s Internet Crime Complaint Center.
Scan and Update
Some phishing emails attempt to install malware to steal your information directly from your computer. Use anti-virus software to scan your computer for malicious files, and always make sure your security software (and your device’s operating system) are up to date.
Keep an eye on your accounts and your credit. Review your credit card and banking statements and consider setting up account alerts to help you spot suspicious activity. You may also want to notify the three major credit reporting agencies or review a copy of your credit report for possible fraudulent activity in your credit file.
Helping You Stay Protected
Here at American Heritage Credit Union, helping to protect our members and their money is our highest priority. For more tips about how you can safeguard your financial information and avoid potential scams, visit our Privacy & Security page.
And remember: As your financial institution, American Heritage will never contact you out of the blue to ask for sensitive information such as your account details or online password. If you believe you’ve been targeted by a phishing email or other scam related to your American Heritage account, please contact us right away.