When it comes to cyber security, we all want to believe that we are able to spot a scam when we are targeted. The reality is that anyone can fall prey to a phishing attempt. Fraudsters are always evolving and constantly developing new ways to deceive us. We know to avoid those emails from the Nigerian prince, but when you get an email from what appears to be a trusted source, how do you know it’s legitimate?
Unfortunately, phishing attempts often look like they’re from a company you know and trust. All financial institutions are targets for scammers as a means to gain access to their victim’s accounts. In fact, the FBI’s Internet Crime Complaint Center reported that people lost $54 million to phishing schemes in 2020. It is estimated that in the coming year, 1 in 4 Americans will fall prey to a phishing scam.
So, how do we stay cyber safe? The most important action we can take is to stay educated on current phishing trends. The more you know, the more easily you’ll be able to spot a phishing attempt and keep yourself, and your data, safe. Also, it’s important to share this information with your loved ones, especially those that are more vulnerable to fall prey to cyber scams.
Here are some common strategies scammers use and how to identify them.
Does it look like it’s from ICCU?
ICCU would never send you a text, email, or social media message with a link asking you to provide login credentials, security questions, or any other personal information. Always go directly to www.iccu.com or use our app to log in and access your online banking. If you have received what appears to be a phishing email pretending to be from ICCU, do not respond to the request. Instead, forward the email to scam@iccu.com.
Does it ask you to follow a link, open a file, or provide personal information?
Phishing attempts often tell a story to trick you into clicking a link or opening an attachment. This may look like a subscription service you use emailing to tell you that your payment information is outdated with a link to update it. Or it may look like an email from your bank letting you know that your online account is locked with a link to provide your login credentials, security questions, or other personal information. If you are concerned that your information may actually be out of date, go directly to the source instead of clicking on the link.
Does it feel urgent?
Many scams capitalize on simply creating a sense of urgency. Slow down and really evaluate what is being presented to you. The urgency may seem alarming, and your instinct may be to take whatever action it is prompting you to. When you slow down and take a step back, however, you are able to think clearly about the situation. Is your payment information really outdated? Can you go directly to their website or contact them to check on this, rather than clicking on the link in the email? Take your time to verify anything that may seem off, trust your instincts, and don’t commit to or take action on something that makes you feel uncomfortable.
Is it poorly written?
When reading through any email or message, take note of the grammar and wording used in the message. If you notice spelling and grammatical mistakes, or even strange phrases, this should be a red flag that something isn’t right. Emails from legitimate sources are very carefully crafted to assure that they are professional and well-written. On another note, most email spam filters will look for key phrases or words to filter out phishing attempts, and spelling or grammatical mistakes can help scam emails bypass those filters and find their way directly in your inbox, instead of your junk folder. Since these messages appear to come from legitimate sources, take extra time to read them carefully and assure that they are authentic.
Where will the link send you?
Since it may look like you’re being contacted from a company you know and trust, it can be hard to tell whether it is real or not. Scammers may use the company’s logo and the link may even look like it’s taking you to their website. Just because a link says it’s going to send you to one place, doesn’t mean it actually will. Did you know that you can check where a link will send you once you click on it before doing so? Hover over the link without clicking on it, and the URL that is displayed is the page that you will be visiting. If these don’t match, this means the link is not taking you where it looks like it will at first sight.
Is it a text message from an unfamiliar number asking you to update your personal information?
Text messages are an intrusive way for scammers to get your attention quickly. By texting you directly, it creates a false sense of security because you assume the sender has your permission to contact you in this way. It can be difficult to decipher which text messages are legitimate and which are fraudulent. If you receive a text message asking you for personal information, it is best to assume that the message is fraudulent and contact the source directly.
Is it on social media?
Have you ever received a friend request on Facebook from someone you thought you were already friends with? Perhaps your coworker, mom, or best friend sent you a friend request out of the blue that has no posts, and you’re already friends with them. Since you know that person did not create a new Facebook profile, it’s easy to spot these, delete the request, and report the profile as fake. However, a new trend that has surfaced is business page cloning, which may be harder to spot.
Business Profile Cloning may look like one of your favorite Facebook pages holding a legitimate contest that you have entered to win, and then shortly after you receive a friend request from that business, along with a message that you have won the contest. Don’t let the excitement of winning throw you off your guard! Analyze the situation the same way you would with a strange email. If you entered the contest on their business page, why are they sending you a new friend request from a separate profile? Are they asking you to click a link to claim your prize? Do they need you to provide your personal or banking information in order to win? Do they only have a few, very recent posts? Does the name of the page or profile include dashes, apostrophe’s, or other punctuation that isn’t normally there? Is the spelling and grammar off?
If any of this raises a red flag, take a step back and find the original page you entered the contest on, and send them a quick message. They can verify whether this request was legitimate and save you from providing your personal information to a fake account. Keep your guard up, phishing attempts can happen anywhere, at any time.
Contact us if there’s any question
Do not hesitate to contact us if you ever have questions or concerns; ICCU can help you identify scams or fraud, and help you with the next steps needed to protect yourself. Learn more about how to protect yourself at our security center.
