×
Routing Number: 307070050
Search
Search Our Site
Type a word or phrase in the search field below. If you are unable to find the information you are looking for, please contact us.
Kirtland Federal Credit Union logo

Welcome To The Insighter!

Explore the latest happenings at Kirtland FCU and learn about important topics from around the financial world. Here’s your insight!

7 Ways To Catch A Phish

07/26/2019
The Security Team

Have you received a phishing e-mail? Odds are, you have!
 
Phishing e-mails are e-mails built to look like an official e-mail from an official company. Are you sure that e-mail from UPS is actually from UPS? (Or Costco, BestBuy, or another of the myriad unsolicited emails you receive every day?) Companies and individuals are often targeted by cyber criminals via e-mails designed to look like they came from a legitimate bank, government agency, social networking site, or organization.

Like this one, designed to look like an alert from Netflix:



These fake e-mails often tell a story to trick you into clicking on a link or opening an attachment. These stories are designed to create a sense of urgency or may dangle some other type of bait.



These fake e-mails often tell a story to trick you into clicking on a link or opening an attachment. These stories are designed to create a sense of urgency or may dangle some other type of bait.

Once you’ve clicked—taken the “bait”—the scammer may continue the attack by asking you to enter personal or account information, providing a login screen that captures your login information, or by launching/downloading a virus or malware to your device or computer.

HOW TO SPOT A PHISH
So, how can you tell if an e-mail is legitimate? It can be difficult to tell; a good phishing e-mail will use a name and logo you already trust. But phishing e-mails also:
  • Use generic greetings. Examples include “Dear Netflix Customer” or “Hi” with no personalization. In the Netflix example, the generic greeting is simply “Dear”. If you do business with Netflix, odds are that any e-mail regarding your account will have your name on it.
  • Impart a sense of urgency. They may tell you that your account is on hold or suspended until you update account information.
  • Offers links or asks you to click in the e-mail to proceed.
  • Have improper grammar, punctuation, and spelling. Not all phishing e-mails have formatting and grammar issues, but many do. If you spot an issue, you should be very suspicious.
  • May be from a company with whom you have no business. This may be the biggest red flag of all. If you don’t have an account with Netflix, you should never receive e-mail from them.
  • May have a domain that doesn’t match the official company address. Instead of @Netflix.com, the domain may look like @NetflixCustomers.net or some similar play on the company name.
HOW TO PROTECT YOURSELF
Already clicked on an e-mail like this? It happens! The goal now is to mitigate your risk. If you have clicked on a suspected phishing e-mail and think the scammer has your personal information, visit IdentityTheft.gov to see the specific steps to take based on the information you lost. If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software and then run a security scan.


Remember, a legitimate business will never request sensitive information via e-mail. If you’re suspicious, follow up with the company yourself, outside of the suspicious e-mail. 

 
back to list