3 ways to fight phishing scams

Phishing scams — unsolicited requests where thieves try to trick you into revealing private data — have become all too common in the workplace. With a little vigilance and a keen eye, you can help keep your organization’s private information safe. Here are three tips to help you fight the phish!

What is phishing?
You’ve probably gotten an email (phishing), a phone call (vishing) or text message (smishing) which appears to be from someone or some business you may know. The message says if you don’t act now, a negative outcome will occur. Or there’s a request for you to take an action you may not routinely perform. These are common phishing lures used by thieves to steal your business information or empty business financial accounts.

Common phishing examples
Unknown sender. The sender’s email address looks like a legitimate business. You could easily overlook a fake: (e.g., contactme@creditunion.org or contactme@creditonion.org).

Emotional appeal. Phrases like “Act now. Trouble with your account” urge you take immediate action.

Grammar errors or misspellings. For example, “This is a automotic notification.”

Fake URLs. A web address may look legitimate (e.g., www.invoice1234.com or www.invoc1234.com), even if it’s not.

Request to log in to an account. For example, “Enter your username and password to verify the account.”

Phone calls or voicemails. Caller pretends to be acting on behalf of the manager/administrator. They then ask you to wire money or to email personnel files.

How to fight the phish
Here’s how you can better support your office security protocols and fight phishing scams.

  • Check the source. If you’re unsure of an email, text or phone request, don’t click! Contact the source directly.
  • Don’t take the bait! Avoid clicking links or downloading attachments. Instead, open your web browser and visit the site in question by typing it into the URL bar. Hang up on odd phone calls.
  • Read the body of the email. Don’t fall for unsolicited requests to log in and view accounts. Check with your institution directly by typing in the web address.

Effective workplace security depends on every employee doing their part. Report all instances of phishing to your information security department. Then check out more ways to stay protected while connected with your co-workers.

Article provided by Local Government Federal Credit Union.
The advice provided is for informational purposes only.