Phishing Attacks

These emails and robocalls appear to come from companies and agencies – even government agencies and charities – with whom consumers may regularly conduct business. They frequently contain links to sites that look identical to a legitimate organization’s website.

A tactic more in play these days is that the communication may threaten a consequence. You could read something that says they are closing your account, terminating your service, or reporting you to government officials. Threats with legal consequences if you don't respond to their inquiry or update your billing information.

Indicators of a Phishing Attempt

More often than not, a phishing email will come with a generic greeting, one that does not use your name or any other personal identifier. They will come with requests for personal information. Your financial institution will NEVER ask you for login credentials or your social security number. EVER!

Many times the communication is marked for an urgent response. Creating urgency is almost always a given with phishing, especially in threatening scenarios — fast action or else. The creation of fear in the recipient like their account is in jeopardy is a common tactic.

Specific to email, hyperlinks that don't match the sender’s website will be a giveaway. Likewise, a masked phone number localized to your area code or looking similar to your phone number may be a giveaway. If it is an email, hover over a hyperlink with your mouse and the website will pop up without you having to click on it. Match the site to a legitimate source. Often with phishing emails, the link will go somewhere else entirely.

What you Should Do in Response

First, do not reply to an email or pop-up message that asks for personal information. Never click on the link in a message that looks suspect. If the phishing effort is over the phone, contact the company through a number that you know is safe and make sure that your account is intact. Always ask for security protocols on these types of calls. Legitimate businesses don't ask for account or personal information via email.

If they call you, they will not tell you what the call is regarding before the institution verifies they have the right person. So, someone who calls and tells you directly about an issue in an account and then asks for information about you is a dead giveaway. Again, always contact the company directly using a telephone number or a website address you know to be legitimate.

You should always avoid sending personal and financial information via email whenever possible, whether directly in a message or in an image. If you have to give personal, financial, or account oriented information over the phone, make sure that you are aware of your surroundings. If you are in your car, using a hands-free device, know whether or not the speaker can be heard from outside your vehicle.

At RMCU, we want to help you with your financial health. You can also contact us at the credit union, and we will be happy to help you in any way we can. If you think you might have disclosed personal information through a phishing email, take steps to protect yourself. You can contact the credit card company, validate or cancel the account if need be. If you find out you have been a victim, call the three credit bureaus and put fraud alerts on your accounts. The percentage of people become victims of phishing and fraud is so high that it's good to have a plan of what to do if it happens to you.