Phishing and Vishing Scam
Phishing is a scam in which criminals create forgeries of emails and websites. These criminals will request an individual's personal information by asking a customer to update or validate their account information through the forged e-mail. These e-mails may look authentic and contain the company's logos and branding. These emails and websites are designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social insurance numbers, etc. by hijacking the trusted brands of well-known financial institutions, online retailers and credit card companies.
Phishers are able to convince up to 5% of recipients to respond to them.
- Do not reply or click on a link in an e-mail that asks you to verify financial or personal information.
- Contact the company in the e-mail using a telephone number or other form of communication to verify legitimacy of the e-mail request.
- Review credit card and your financial account statements regularly and check for unauthorized charges.
- Don't follow links to your financial institution's website if they are sent through e-mail messages. Type the address yourself.
Vishing is a combination of "voice" and "phishing". Vishing is when a consumer receives a recorded messages indicating their card or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number links the consumer to a fraudulent call center established by criminals looking to steal consumers' personal information.
- Be suspicious when receiving messages directing you to call and provide personal, confidential and account related information.
- Do not provide any information - contact your financial institution or card company directly to verify the message.
- Do not use contact information provided in the suspicious message.
Protect Yourself - Use Safe Internet Practices
If you feel uneasy about an email you've received or a website you've been accessing, follow 3 simple rules:
- Stop - Phishers typically include upsetting or exciting (but false) statements in their email messages with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before taking the time to think through what they are doing. Resist the impluse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.
- Look - Look more closely at the claims made in the email, think about whether those claims make sense, and be highly suspicious if the email asks for numerous items of personal information such as account numbers, usernames or passwords, etc.
- Call - If the email or website claims to be from a legitimate company or financial institution, users should call or email that company directly and ask whether the email is really from that company. To be sure that they are contacting the real company, credit card holders can call the toll-free number on the back of their cards. Never call the number given in the email to confirm the validity of the content as it will lead to the criminals who sent the email and they will verify whatever was said. Obtain valid company phone numbers from trusted sources such as the phone book.
Always question any attachments or links that arrive in email messages, but especially from sources that are suspicious. But remember that with phishing, it's likely one of these will arrive appearing it comes from someone or an organization that is trusted. If it's not expected, exercise caution and really think about whether it's a good idea to open that link or attachment.
Take a moment to ensure there are none of the following indicators of phishing email:
- Misspelled words
- Improper use of the language
- Poor grammar and punctuation
- Slight differences in any URLs listed in the message from the legitimate URL
- A return email address that is suspicious
- A link that, when the mouse hovers over it, doesn't match where you expect it should
- Formatting and layout mistakes
While it isn't unheard of to receive an email with a typo now and then, it should still be questioned if there is a link and you are asked to click to update credentials or change any account details. Financial institutions will not do this, but will ask you to make necessary modifications to your information when you log in directly to your accounts. It is recommended that any time a link is received in email, you hand type the address into the browser so that it goes where you intend and doesn't get redirected to a malicious site.
Debden Credit Union does not call or email you for your personal information. Although to protect your privacy, you may be asked to update or verify personal information when you call us.