Here’s how it works: A con artist sends an email that looks like it’s from your bank, credit union, or credit card issuer. The email asks you to provide information to the company through its website, and the scammer has conveniently provided an embedded link for you to click. The link takes you to what looks like the bank or credit union’s legitimate site. But, in fact, it’s a counterfeit site set up to collect all sorts of data – account numbers, passwords, credit card data, and Social Security numbers – that the con artist will use to defraud you.
The “phisher” has a variety of “hooks” in his tackle box. Many play on fears that fraudulent activity already has occurred on your account. They encourage you to act now to stop further abuse and might include phrasing like:
- “We need to verify your personal information.”
- “We’ve placed a hold on your account due to failed log-ins or suspicious activity.”
- “Failure to respond leaves us no choice other than to close your account.”
When well-meaning consumers respond, the next thing they know, their checking accounts have been emptied, their credit cards maxed out, and their personal data used to open fraudulent accounts in their name!
Until now, customers of big banks and Internet merchants have been the main targets. (Crooks like to cast thousands of e-mail hooks knowing some “phish” will bite.) But as one of the state’s largest credit unions, we can’t dismiss the possibility that phishers will try to con our members, too.
What you can do to avoid getting "reeled in"
- Know that we’d NEVER e-mail you asking you to verify personal data or correct problems with an account. Nor do we send emails with embedded forms soliciting sensitive information. If you receive an email like that, call us right away at 1-888-628-4010 or forward the email to accounts@inspirusCU.org!
- Type our URL into your browser when connecting to our website (or bookmark it). We have only one website: www.inspirusCU.org. We have only one website: www.inspirusCU.org.
- Don’t trust any unsolicited email asking you for personal information, credit card numbers, ATM PINs, etc. If you ever doubt an e-mail that says it’s from us, call and check it out. We can verify if one of our employees really did send you an e-mail.
- Use the latest version of your browser. Also, periodically visit your browser-software vendor’s Web site to download security patches.
- Check your online accounts regularly. If you see anything suspicious, let us know!
- Review all statements promptly and compare any charges to your receipts. Your statements are often the first clue to fraudulent activity.
The three biggest tip-offs to “phishing” and other fraudulent e-mail:
- They’re usually not personalized with financial institution information like your account name and number.
- They often list scenarios (showing negative consequences) if you don’t act immediately.
- They may contain flawed grammar or spelling errors.