Gone phishin’: Protect your identity when using email
Phishing occurs when a cyber criminal poses as a legitimate organization to try to lure a target into providing sensitive personal information such as bank account numbers, usernames, passwords, credit card numbers and more.
Security Magazine states that 3 billion fake emails are sent worldwide every day. About 1.2 percent of all email is suspicious and most likely fake. You’re not too tech-savvy to fall for these scams. About 97 percent of people cannot identify a phishing scam.
Staying vigilant with your inbox helps keep your own email secure. It will also help keep the information of your clients, business associates, friends and family more secure in the process.
The do’s and don’ts of avoiding phishing scams
Do not open attachments or click on links unless you are absolutely sure of the sender.
If you do not know the sender, there could be a chance that the attachment you are downloading contains malware, ransomware or other viruses.
Do read your email closely and be on the lookout for grammatical errors and misspellings.
Many of the more modern, sophisticated phishing emails will not contain these easy-to-spot errors, but if you see an email full of them, it is a big red flag.
Do not supply or share your login credentials if requested to do so.
Arsenal Credit Union will never ask you for your online banking information unsolicited. Other companies, organizations and government agencies will never ask for this information either.
Do check the sender line of your email as a way to determine if it is coming from someone legitimate or not.
Another big red flag to determine if an email is a phishing attempt is if the sender’s email handle has a different spelling or style than the organization they claim they’re from. However, more sophisticated phishing attempts can takeover or spoof email accounts to make it appear as if the message is legit.
Do not send confidential or sensitive information via unencrypted email.
It may seem safe to send email straight through a client like Gmail or Yahoo!, but if the person you’re sending it to is not using an encrypted server, hackers can intercept that message.
Do hover over hyperlinks before clicking on them.
If you’re using a computer to browse emails, don’t click on links right away. First, hover over them with your mouse cursor and see if the URL is legit by looking in the bottom-left corner of your screen.
For example, someone spoofing Arsenal Credit Union might use a URL that says “arsenal-cu.com.” Our official website URL is styled “arsenalcu.com.”
Do not respond if the email sounds too good to be true or has a sense of urgency to it.
Outlandish offers and extreme deadlines are a good way to catch people off guard, and phishing emails take advantage of human nature.
More information from the Federal Trade Commission
The FTC has compiled a list of common tactics that email (and text and telephone) phishers might use to try to trick you into giving up personal information.
- They may say they’ve noticed suspicious activity on your account or login attempts.
- They may claim there’s a problem with your account or payment information.
- They could say that you must confirm a piece of personal information.
- You could receive a fake invoice.
- They may ask you to click on a link in an email to make a payment.
- They could pretend that you’re eligible for some type of government refund.
- They could offer you a coupon for free stuff.
Here are a few ways to report phishing scams
- The Internal Revenue Service (IRS) provides a drop-down menu of what to do with phishy IRS-related emails.
- The Cybersecurity and Infrastructure Security Agency collects phishing emails to help prevent people becoming victims of scams.
- The FTC provides a portal to report phishing scams and other types of fraud.
- If you’re a Gmail user, on a computer, go to Gmail, open the message, and next to Reply, click More. From there you can click Report Phishing.
- Finally, if you receive an attempted phishing email claiming to be someone from Arsenal Credit Union, please report it by calling 314.962.6363, starting a live chat or emailing us at firstname.lastname@example.org.