Phishing is a common cyber-attack that uses email or malicious websites to infect your device with malware and viruses to collect personal and financial information. The cybercriminal will often spoof an email to look like it’s coming from a reliable source—such as a government agency or your financial institution. The intent is to lure you into clicking on a link or opening an attachment that infects your phone, computer, or other devices. In this blog, we’ll cover 5 tips to help you identify and handle phishing emails.

How Criminals Lure You In

In many cases, the cybercriminal will invoke a gut reaction, sometimes using fear or another emotional response. For example, they may claim there is a “fraudulent transaction” on your account or that it has been suspended. To capture your information, they could use several tactics, including directing you to click on the link provided and confirm your identity or indicating you need to sign in to your account from the link provided. However they attempt to capture you, keep yourself protected, and use these 5 tips to help you identify and handle phishing emails.

1. Play hard to get. If you do not recognize who an email is from—even if the details appear accurate—do not respond or click on any links/attachments. The criminal will often use an email close to what you would expect (changing .org to .com or swapping a letter out). Be cautious of generic greetings or anything that has a sense of urgency. These are often red-flag indicators that something’s “phishy.” If you are concerned about the email’s legitimacy, call the company directly—just not using the suspicious email’s information.
2. Protect your personal information. Published personal information—such as your job title, email address, full name, and more—can be used in a targeted attack. Cybercriminals can use social engineering with these details to manipulate you into skipping standard security protocols. Be wary of what information (personal or professional) you publish. For tips on how to protect yourself online, check out this blog post.
3. Shake up your password protocol. Longer, complex passwords and passphrases are generally more secure. Get creative and customize your standard password for different sites. This can prevent criminals from gaining access to multiple accounts should your password be compromised. To learn more about how to create complex passwords, click here.
4. Be wary of hyperlinks. Did you know you can hover over hyperlinks to verify authenticity? By doing this, you can confirm if the web address is legitimate without risking being compromised by clicking. Also, ensure that the URL begins with “https.” The “s” indicates encryption is enabled to protect your information.
5. Install and update anti-virus software. Anti-virus software helps protect you from malicious attacks. Be sure that all your devices are equipped and updated regularly with protective software.

For your protection, Yolo FCU will never contact you about suspicious transactions via email, nor will we ask you to verify your account by clicking on a link. In partnership with our fraud monitoring company, we will communicate suspicious activity with our members through phone calls or text alerts. To learn more about Text Alerts, check out this blog post.

Don’t be the catch of the day! Protect yourself by using these 5 tips to identify and handle phishing attacks. To learn more, visit the Cybersecurity and Infrastructure Security Agency website.