When it comes to cyber security, we all want to believe that we are safe, and able to spot a scam from a mile away. We avoid those emails from the Nigerian prince, we know no random stranger is trying to give us a million dollars, and if it’s in our junk mail then we leave it there. The reality is, however, that anyone can fall prey to a phishing attempt. Unfortunately, phishing attempts often look like they’re from a company you know and trust. In fact, the FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in 2019. So how do you spot a phishing attempt and keep yourself safe?
Does it ask you to follow a link, open a file, or provide personal information?
Phishing attempts often tell a story to trick you into clicking a link or opening an attachment. This may look like a service you use emailing you to tell you that your payment information is outdated with a link to update it. Or it may look like an email from your bank letting you know that your online account is locked with a link to provide your login credentials, security questions, or other personal information. It could even look like a Facebook profile you know and trust messaging you that you have won a giveaway, with a link to provide payment information before you can claim your prize.
Does it feel urgent?
Many scams capitalize on simply creating a sense of urgency. Slow down and really evaluate what is being presented to you. The urgency may seem alarming, and your instinct may be to take whatever action it is prompting you to. When you slow down and take a step back, however, you are able to think clearly about the situation. Is your payment information really outdated? Can you go directly to their website or contact them to check on this, rather than clicking on the link in the email? Take your time to verify anything that may seem off, trust your instincts, and don’t commit to or take action on something that makes you feel uncomfortable.
Is it poorly written?
When reading through any email or message, take note of the grammar and wording used in the body of the message. If you notice spelling and grammatical mistakes, or even strange phrases, this should be a red flag that something isn’t right. Emails from legitimate sources are very carefully crafted to assure that they are professional and well-written. On another note, most email spam filters will look for key phrases or words to filter out phishing attempts, and spelling or grammatical mistakes can help scam emails bypass those filters and find their way directly in your inbox, instead of your junk folder. Since these look like they are coming from legitimate sources, take extra time to read them carefully and assure that they are authentic.
What do the links look like?
Since it may look like you’re being contacted from a company you know and trust, it can be hard to tell whether it is real or not. Scammers may use the company’s logo, header, and the link may even look like it’s taking you to their website. Just because a link says it’s going to send you to one place, doesn’t mean it actually will. One simple thing you can do to double-check links before you click on them is to hover your mouse over any links, and take note of whether the link in the text matches the URL displayed as the cursor hovers over the link. If these don’t match, this means the link is not taking you where it looks like it will at first sight.
Is it on social media?
Have you ever received a friend request on Facebook from someone you thought you were already friends with? Profile cloning is something that many people are familiar with. Perhaps your coworker, mom, or best friends sent you a friend request out of the blue that has no posts, and you’re already friends with them. Since you know that person did not create a brand new Facebook profile, it’s easy to spot these, delete the request, and report the profile as fake. However, a new trend that has surfaced is business page cloning, which may be harder to spot.
This may look like one of your favorite Facebook pages holding a legitimate contest that you have entered to win, and then shortly after you receive a friend request from that business, along with a message that you have won the contest. Don’t let the excitement of winning throw you off your guard, and analyze the situation the same way you would with a strange email. If you entered the contest on their business page, why are they sending you a new friend request from a separate profile? Are they asking you to click a link to claim your prize? Do they need you to provide your personal or banking information in order to win? Do they only have a few, very recent posts? Does the name of the page or profile include dashes, apostrophe’s, or other punctuation that isn’t normally there? Is the spelling and grammar off? If any of this raises a red flag, take a step back and find the original page you entered the contest on, and send them a quick message. They can verify whether this request was legitimate or not, and save you from providing your personal information to a fake account. Keep your guard up, phishing attempts can happen anywhere, at any time.
Does it look like it’s from Idaho Central?
As always, please remember that Idaho Central would never send you an email or social media message with a link asking you to provide login credentials, security questions, or any other personal information. Always go directly to www.iccu.com or use our app to log in and access your online banking. If you have received what appears to be a phishing email pretending to be from Idaho Central Credit Union, do not respond to the request. Instead, forward the email to firstname.lastname@example.org. Social media giveaways are also being targeted by scammers who impersonate the promoter’s social media accounts. Do not click any links in messages, and report any fake profiles. We will always message the winner(s) from our official Facebook and Instagram accounts, and announce the names of the winners publically.
Do not hesitate to contact us if you ever have questions or concerns; Idaho Central can help you identify scams or fraud, and help you with the next steps needed to protect yourself. Learn more about how to protect yourself at our security center.