In our digital world, phishing is one of the most common tactics cybercriminals use to gain access to personal identification and financial information. Using phone calls, emails and even copycat websites, scammers create content that appears official—tricking you into revealing personal information like bank account numbers, credit accounts, Social Security Numbers, login IDs, passwords and more.
At the same time, by clicking a link, you may also unknowingly download malware that infects your computer and captures your data.
Phishing is so common because it’s often effective. It can be difficult to spot and often, we don’t think twice when clicking links we think are safe. It’s important to stay vigilant, and to keep your eyes out for phishing attempts in all their various forms.
How to Spot Phishing Attempts
Wondering what to look out for? Here are a few tricks scammers use in phishing attempts:
Names of Real Companies
Phishers often use legitimate company names and copy the look of official websites and emails to fool you. This can include correspondence that looks like it’s from online retailers, business organizations, local governments or other trustworthy sources. If the attack is email-based, they may even make it appear the email is from an actual employee of the agency or company. Be wary of unexpected emails from a “company employee” looking for information.
Threats and Urgent Messages
Many fraudsters try to use scare tactics to obtain information by threatening something like the deletion of your account if you don’t respond. Other phishing attempts will claim that if you don’t act within a certain time, you’ll suffer consequences—such as losing membership status or missing out on a monetary reward. Don’t be fooled!
Sometimes the URL (web address) will look right, but instead of taking you to your intended website, it will lead you to a copycat website. Check to see if the URL begins with https://, which indicates a site is secure. Most phishing scams won’t have a secure website. Never click on a URL within an email; instead, type the official URL into your browser.
Set Your Accounts Up for Success
Taking simple steps like using strong passwords (never the same for different sites), setting up transaction notifications and ensuring your contact information stays up to date with your financial institution are all easy ways to enhance your online security.
If you’re suspicious and want to protect yourself from a potential phishing attempt, there are a few additional steps you can take. Here’s how to safeguard yourself and your accounts:
- Call and verify. If you have reason to believe something is amiss, call the company to verify. Be sure not to use a number provided in a suspicious email or even in the Caller ID. Use numbers on your statements or policies, or from the official website.
- Look for bad spelling. Large companies and organizations use professional writers and editors. Phishing emails often have unnatural or incorrect grammar and misspellings. Keep an eye out for grammar and spelling mistakes that indicate hasty fraud.
- Beware of links. Did you get an unexpected email telling you to sign in to take care of a problem or get a bonus? It pays to be wary of emails you’re not expecting. If you’re suspicious of an email, don’t click on any links or buttons. Hover your mouse over the link and see if the address that appears matches the link typed in the message. If it doesn’t match, don’t click!
- Read your statements. Look closely at your monthly financial statements. This can help you detect fraudulent transactions faster if your identity is stolen. Keep in mind that merchant names may differ on a statement, so investigate purchases before you panic.
- Increase your security. If you engage in online financial transactions, frequently updating personal firewalls and security software installed on your computer is essential to keeping your information safe.
- Use a different computer. If you find fraudulent transactions on your account or suspect your info has been compromised, use a different computer to change your passwords. And, make sure you notify your financial institution right away.
- Keep up on the news. Stay up to date on news of phishing attacks to protect yourself. Anti-phishing organizations, such as the Anti-Phishing Working Group, provide lists of new and current phishing scams.
Above all, be skeptical. Remember that you can’t “un-click” a link. Take a moment to investigate before you click and use an abundance of caution when it comes to interacting with messages.
Act Quickly if You’ve Been Phished
If you believe you’ve received a phishing message from “Navy Federal,” email us at firstname.lastname@example.org and include the original message when possible. If you believe you may have responded to a phishing request, please contact Navy Federal immediately at 1-888-842-6328. Call us collect internationally at 703-255-8837.
Visit our Security Center to learn about other ways to protect your information and accounts.
This content is intended to provide general information and shouldn't be considered legal, tax or financial advice. It's always a good idea to consult a tax or financial advisor for specific information on how certain laws apply to your situation and about your individual financial situation.