Phishing is a type of scam where fraudsters send an email that appears to be from a legitimate company and encourages consumers to provide personal or account information. This is usually done by including a link that opens a fraudulent website. If information is entered into the site, the fraudsters have what they need to sell or otherwise exploit the information provided. In addition, these emails may also download malicious code onto a device which can be used create system vulnerabilities leading to security breaches, information and data theft, and other potential damage to files and computing systems.
Here are a few tips to protect yourself:
- Verify the sender’s email address
Sometimes an email will look like it is coming from a legitimate source. However, if you look closely at the sender’s email address, it often reveals an email address that is not related or has misspellings. As an example, a legitimate email is: [email protected]. A fraudulent version of that email is: [email protected]. There is a missing "I" and an additional "s" in Pacific Service. - Urgent action required by sender
Phishers and hackers use scare tactics to bait consumers into clicking links or providing sensitive information like username and passwords or personal and account information. Emails with urgent statements like ‘your account will be deleted if you don't respond’ or ‘click here now to upgrade your account’ are usually signs of phishing attempts. If the tone of the email seems threatening, that is another clue that the email is not legitimate. - Look for typos and improper grammar
Check for misspelled words and grammatical mistakes. This is a quick and easy way to identify email scams. - Request for personal information
Impersonal or generic greetings are also clues that the sender does not know you and should be considered suspicious. Any email that requests account or personal information is likely a scam. Legitimate organizations do not ask you to provide personal information via email. - Suspicious URLs
Verify links within emails before clicking. Simply hover over the link and the url will appear. Be aware of the name and spelling of the url. Phishers often setup fake websites with similar names, but if you take a moment to hover before you click it will help you identify potential scams.
Other precautions to protect against phishing emails:
Don't open attachments from unknown senders. Hackers often embed malicious code or viruses which can infect your device. Never open an attachment from an untrusted sender.
- Watch out for ‘free’ offers. If it seems too good to be true, it probably is.
- If you question the validity of an email, contact the source directly to verify its authenticity.
- Use your business email address for business purposes only. Set up a personal email for online shopping or other personal use. This helps protect you and your company from spam, fraudulent emails, malicious ads and malware.
Pacific Service Credit Union will never request your personal or account information by email, text or phone. If you suspect you’ve been a victim of fraud, please call a member service representative at (888) 858-6878.
FAQs
A generic subject line can be a key indicator of a phishing scam. Look for unprofessional spelling and grammar errors. Unnecessary urgency is suspect. Use your intuition and, if something "feels" wrong, call the sender's organization to validate the email.
How many ways can you spot a phishing email? ›
Here are some ways to recognize a phishing email: Urgent call to action or threats - Be suspicious of emails and Teams messages that claim you must click, call, or open an attachment immediately. Often, they'll claim you have to act now to claim a reward or avoid a penalty.
What indicates a phishing email? ›
Double check web addresses (URLs) in emails. A closer look at phishing emails often shows URLs that are slightly altered. For example, at a quick glance www.crimestoppers.org looks to be a genuine web address, but a closer look shows it's not the correct address.
What is a common indicator of a phishing email? ›
Unusual, unknown, or public domain
These domain-related indicators usually point to a phishing email: The message is from a public email domain like gmail.com. The email address contains unusual special characters. The domain name is misspelled, e.g., bill@nicrosoft. com instead of [email protected].
How are phishing emails detected? ›
AI Phishing Detection. Artificial intelligence (AI) and machine learning (ML) models can be trained to analyze the text of an email or the websites that it points to. These models will identify common red flags of phishing attacks, such as misspellings, attempts to coerce the recipient, and URL structure and targets.
How to identify a spam email? ›
To identify spam emails, look for signs such as unfamiliar senders, generic greetings, urgent requests for personal information or payment, suspicious links or attachments, and poorly written content.
What are the cues of phishing emails? ›
Inconsistencies; spelling mistakes; and bad grammar. Types of attachment; sender display name and email address; URL hyperlinking; and domain spoofing. No/minimal branding; logo imitation or out-of-date branding; unprofessional design or formatting; security indicators and icons.
What are the clue to recognizing a phishing email? ›
Requests for personal information, generic greetings or lack of greetings, misspellings, unofficial "from" email addresses, unfamiliar webpages, and misleading hyperlinks are the most common indicators of a phishing attack.
What characterizes a phishing mail? ›
In a phishing scam, a target is contacted by email, telephone or text message by someone posing as a close personal contact or on behalf of a legitimate institution. The objective is to get people to reveal sensitive data such as their account numbers, home address, banking/credit card details and usernames/passwords.
What are the 4 P's of phishing? ›
One way is to remember “the four Ps”: Pretend, problem, pressure, pay. Many scam tactics boil down to these four words.
Spear Phishing
Then the scammer uses this information to craft a phishing message with an offer or request information relevant to who the target is and/or what they do. As such, this type of phishing is more difficult to detect.
Which of the following is a good practice to identify a phishing email? ›
Common indicators of a phishing email include suspicious addresses, links, or domain names, threatening language or a sense of urgency, errors in the email, the inclusion of suspicious attachments, and emails requesting sensitive information.
