Protect Yourself Against Fraud: Phishing
Phishing is a form of fraud that has increased exponentially over the last several years due, largely, to the reliance on email and social media to communicate and conduct business. Criminals have found that they can hack these platforms easily or, better yet, they can just send an email or social post asking for help and watch as good and trusting people hand over their cash.
It happens all the time!
So, how can you protect yourself? Mountain America Credit Union has compiled a list of red flags to look for (hello Spidey-sense!) as well as suggestions for what to do if you spot a scam. Take a look!
What is phishing?
Phishing is an attempt to obtain sensitive account information by posing as a reputable company or its representative.
How can I spot a phishing email?
Phishing criminals are not overly sophisticated. There are often several, easy-to-spot red flags in the email. Here’s a list of things to look for:
-
Subject line—Includes “Urgent” or “Immediate action required” or something similar.
-
Sender name—Looks odd, unfamiliar or the sender’s email does not match company name.
-
Greeting—General, not personalized, like Dear Customer, MACU Member, etc.
-
Spelling errors—Misspellings, grammatical errors or British word spellings.
-
Confirm your identity—Legitimate companies won’t ever ask you to do this through unsecure digital channels (Bonus tip: Look at the URL, if it begins with https, instead of http, it is a secure site).
-
Attachments—Unless you’ve specifically requested documents from this company, and asked for them to be delivered via email, don’t open sent attachments.
-
Links—If they look altered (i.e. they don’t include the company name or if random characters have been inserted into the company name in the link—ma1cu.com), don’t click on them.
-
Threats—Frightening information is used to get you to act quickly, without thinking or questioning why you have to do it.
-
Phone contact—Never disclose personal information unless you initiated the phone call directly with the company.
-
Pop-ups—Never enter personal information into a pop-up or copy and paste URLs into your web browser from a pop-up.
Additionally, authentic companies should never ask for your SSN, PIN, card number, account number or any other personal information via email, text or social media. However, if you call a company directly (a specific location or the company’s call center) you may be asked to provide personal information to confirm your identity. Mountain America usually asks for recent transaction information as identity verification.
As a Mountain America member, we will never ask you to provide sensitive personal information via email, text or social media.
How can I protect myself?
-
Log in to your account often and monitor transactions
-
Change your password frequently (every 90 days)
-
Use secure websites (URLs beginning with https)
-
Enable email notifications on your account
What types of accounts are vulnerable?
When we’re talking about phishing, most people think of their bank accounts. This is arguably the most important account to diligently monitor, but it is certainly not the only account that can be targeted. Criminals can attempt to access your money through any online account where you may have entered credit card information.
One item of note: Email is the most common channel for this type of crime, but scammers might also use social media, text, advertisements, paper mail, the phone or even in-person connection. You could get an email asking you to confirm your Social Security Number from your auto or health insurance company. Or it could be a direct message on Facebook from that cool clothing line you follow, claiming you’ve been randomly chosen to win a prize if you confirm the credit card number from your last purchase. Be diligent in verifying all requests for personal information.
How should I report a phishing scam?
If you believe you’ve been the victim of a phishing scam, or any other type of fraud, or if you have received a communication from a company that seems suspicious, contact the company directly and immediately. They will provide you with the proper steps to address it.
We are committed to educating our members, and the general public, on how to keep your personal data safe. If you ever have any questions about charges to your account, an email or other communication from us, don’t hesitate to reach out. For additional information, check our website pages on fraud and online security.