Ten Ways to Spot Phishing Scams

Phishing is a type of social engineering attack during which criminals attempt to trick individuals into providing sensitive information, such as usernames, passwords, financial details, or other personal information. The attackers pose as trustworthy entities often through seemingly legitimate communication channels, such as emails, texts, or phone calls. Their goal is to trick people into sharing confidential information, which can then be used for illegal activities, such as financial or identity theft.

It's essential to be vigilant and cautious when interacting with emails or messages, especially those requesting personal information or urging immediate action. Fortunately, there are indicators that can assist you in determining whether an email in your inbox is a potential scam.

These 10 questions can help you evaluate communications to identify potential scams:

Was the communication unexpected?

Do you have an account with the sender, or did you recently opt-in to communication from the company? If you did not initiate the conversation, or you were not expecting a message, be extra cautious about reviewing the communication for phishing flags.

Is the greeting generic?

Legitimate entities usually address you by your name, while phishing emails often use generic salutations like "Dear Customer" or "Dear Sir/Madam." While lack of your name doesn’t automatically mean that a communication is a scam, it’s a yellow flag that should signal further investigation.

Is there poor spelling or grammar?

Many phishing attempts exhibit spelling and grammar errors or awkward wording. These types of errors are red flags that this might be a fraudulent communication.

Are there suspicious links?

Always hover your mouse over links to reveal the full URL. Avoid clicking if the link doesn’t match the email's context or appears nonsensical. Visit the official website by searching for the company name or typing in the known URL instead.

Can you spot the fraud?

(Find the answers at the end of the article)

Are there unexpected attachments?

Exercise extreme caution when receiving unexpected attachments. Before downloading anything make sure you know the sender, what the attachments are, and that the communication has passed all the other phishing tests. While attachments can be harmless, malicious attachments can allow viruses or surveillance software to be transferred to your device.

Is there a request for personal information?

Reputable organizations do not solicit personal information via email or text message. Red flag if anyone calls or texts and asks for your username, passwords, account number, pin numbers, social security number, or other sensitive data.

Does it have an unrealistic threat or demand urgency?

Phishing emails often employ alarming language like "Payment overdue!" or "Your account has been hacked!" or “Did you spend $236 at eBay? If not, contact us.” Emails urging immediate actions, such as clicking a link, downloading an attachment, or updating your account, are likely scams and should be treated with caution. The attackers are trying to use fear to get people to respond quickly without thinking critically. It's always best to go to the company website and login directly to your account to verify any issues with your account.

Is there a request for money?

Avoid responding to any email requesting money, whether for overdue taxes or upfront expenses. Scam likely.

Does it seem too good to be true?

Be suspicious of emails claiming improbable scenarios, such as winning a lottery or receiving a large inheritance. The adage holds: if it seems too good to be true, it probably is.

Is it from a government agency?

Genuine government agencies seldom communicate critical matters via email. For instance, the IRS will not contact you about taxes or payments through email.

Staying Vigilant

After applying these ten questions, avoid replying or clicking if a communication seems suspicious. Instead, look up the company or agency the communication is meant to be from, and contact them directly using only the contact information found on their official website.

If you have any questions or concerns about any communication claiming to be from First Fed, please contact our Customer Service via phone at 800-800-1577 or email at [email protected]

Spot the Fraud Answer Key: A, B, and D are all fraudulent messages. C is the only legitimate text message.