alert befraudsmart uhb youth-account Pixel for iHeart Radio

2024 Phishing Awareness Tips

Fish hook grabbing credit card

Whether this is your first time hearing the word “phishing,” or you’ve worked at a bank for 20 years and know exactly what it is – this article, 2024 Phishing Awareness Tips can give you the tips and tools you need to avoid getting scammed. 

Why It’s So Important to be Aware

Recently, a large credit union that serves 500,000 members had their entire network and system compromised because of phishing; an employee clicked on a link that turned out to be malicious, allowing the scammers to get information and disrupt their financial system. This had a negative impact on both employees and members, and it was just because of one email.

An email or text that seems normal or that you usually get can be a phishing attempt and can wreak financial havoc on your life. 

You may be wondering, if it looks normal, how are you supposed to recognize it? Well, read on to learn how to determine when a communication is deceptive or malicious. 

What Makes Something Suspicious?

Phishing happens when cybercriminals try to deceive a person or organization into revealing sensitive information or infecting devices through malicious links, emails, or attachments. Some of these attempts are obvious, but many are subtle or look very normal. 

Here are some of the signs that likely means something is suspicious:

  • Urgent or emotional language used
    • E.g. “You need to update your password now so you don’t lose access…Click here to do that” OR “Don’t miss out on this one-time offer…”
  • Requests for personal or financial information (financial institutions will usually never ask such personal questions when not in-person).
    • E.g. “Can you confirm your social security number?”
  • Untrusted shortened URLs used in the email
    • E.g. bit.ly or goo.gl
  • Incorrect email addresses or links
    • E.g. amaz.on.com

Different Types of Phishing

Here are some types of phishing you might encounter either in the workplace or in your personal life:

  1. Email Phishing: The most common type, where scammers send deceptive emails pretending to be someone else, like UPS or Amazon, and hoping you’ll reply with trusted information. 
  2. Spear Phishing: Cybercriminals pretend they are a trusted source, such as a boss, and ask you to do a task, such as using the company card to purchase something. The goal is to steam information from a specific individual. 
  3. HTTPS Phishing: Scammers hide a malicious link within an email to trick you into giving your personal information. This link often looks like a legitimate site.
  4. Angler Phishing: Scammers exploit social media platforms, creating fake customer support accounts to deceive users.
  5. Deceptive Phishing: This is where phishers use threatening language to convince you to provide information.
  6. Whaling: Similar to spear phishing, but this type specifically targets high-profile individuals or executives.
  7. Vishing: Phishing over voice calls.
  8. Smishing: Phishing via SMS messages.

Taking Action

Here are some things you can do to have more caution to combat this threat:

  • Exercise extreme caution with all emails, especially those containing attachments or links.
  • Never click on links or open attachments in suspicious emails, even if they appear legitimate.
  • Verify any requests directly with the sender using a trusted communication channel (e.g., phone call) if you have any doubts.
  • Report all suspected phishing attempts immediately using the phish alert button.
  • Extend your vigilance to texts, social media / LinkedIn messages and posts, and even phone calls – attackers are evolving, and we must adapt.

Examples of what reporting phishing looks like on Outlook and Gmail:

Resources 

Great job, you are now more aware of what phishing looks like and are better prepared to evade and report phishing attempts! If you want to feel even more secure, check out the security benefits that UCCU offers with an Elevated Checking account! Additionally, read this article by the FTC and use the website if you need to report phishing.