- October 19, 2022
- Posted by General Electric Credit Union
- 5 read
Phishing and How to Recognize It
Phishing is a cyberattack used to obtain personal or financial information, including login credentials and credit card numbers. It occurs when an attacker, disguised as a trusted entity, tricks their victim into opening an email, text message, or social media direct message. Often, these messages include a malicious link that, when clicked, installs a virus or malware onto a computer or device.
Unfortunately, these scams aren’t uncommon – and the results can be detrimental. In fact, cyberattacks are projected to cost the world 10.5 trillion dollars by 2025.1 Thankfully, there are many steps you can take to protect yourself. The first of which is to familiarize yourself with phishing scams and how to spot them.
Identifying a phishing scam
You likely get quite a few messages a week between your email, social media, and text messages. Scammers depend on habits and mindless scrolling to capture victims in their web, so it’s important to stay alert. Keep an eye out for any of the following, which may be a red flag:
- You receive an email, text, or phone call claiming to be your financial institution or other business you regularly deal with, asking you to update or verify your contact information.
- An email or text you receive does not address you by your proper name or includes spelling errors and grammatical mistakes.
- The website address, or URL, appears to be different from what you’re used to.
- There are strange icons on your computer screen, or you notice your system is significantly slower than usual.
- An email, text message, or phone call is received from an unusual sender.
- You receive an email or offer asking you to act fast to take advantage of a prize or giveaway.
Familiarizing yourself with what phishing scams look like isn’t your only line of defense. Enlist the following tips to further safeguard your information.
- Do not click on links or open attachments from emails that are A) claiming to be from your financial institution or another trusted organization and B) asking for your personal information.
- Limit the information you share on your social media profiles (birthdate, phone number, address, etc.); the more information you share, the more information is available to scammers.
- If a message seems suspicious, enter the exact verbiage you received in a search engine to see if someone else has reported a similar scam. Often, the Federal Trade Commission (FTC) will issue scam alerts with the exact message individuals are seeing.
- Verify websites are secure. Secure websites can be identified by ‘https’ rather than ‘http’ and you’ll notice a closed padlock in the address bar. Legitimate, secure websites that ask you to enter your information are generally encrypted to secure your personal information.
- Never provide your personal, credit card, or online account details if you receive a phone call, email, or text message claiming to be your financial institution or another organization. Instead, ask for their name and phone number and hang up. Then, call the organization in question directly to confirm if the initial message was a scam.
Rebounding from phishing
Despite your best efforts, you may fall victim to a phishing scam. If this happens, it’s helpful to know how to handle the situation. In doing so, you can take steps to minimize its impact.
- If you downloaded an attachment, turn off Wi-Fi and disconnect your computer from the internet. This will remove the attacker's access to your computer.
- Take the time to change your passwords and security questions for your online accounts. You can also review accounts for any unauthorized account activity.
- Report the scam to the company the attacker impersonated.
- Scan your computer for viruses or malicious malware; these programs will check and alert you about files that may have been infected.
- Watch for signs of identity theft. For instance, if you provided your financial information or other personal data (social security number or credit card number), keep a close eye on your bank and credit card accounts online or by reviewing your statements. You’ll want to watch for unusual withdrawals or purchases. Notify each of the three major credit bureaus if you identify an issue.
- Immediately contact your financial institution or credit card company of any associated accounts you believe may have been affected by a phishing scam or fraud.
- Report any phishing attempts to the Anti-Phishing Working Group at: re[email protected] or the Federal Trade Commission (FTC) at: ftc.gov.
Falling for a phishing scam can happen to anyone, especially as attackers become more sophisticated in their tactics. The key is to be vigilant and practice good computer, device, and internet use.
As a reminder, General Electric Credit Union (GECU) will never initiate a phone call, email, or a text asking you to update, validate, or provide us with your personal information. Don't give out personal information over the phone or online, unless you know it is secure and you initiated the contact. As with everything, always think safety first!