CUNA 2023 diamond award trophy icon
CUNA 2023 Diamond Award Winner

Financial Education

Stay Safe Online: Phish- and Scam-Proof Yourself

Understand the tactics hackers use to scam you out of your money and private information.

A red envelope handing from a fishing hook, illustrating the concept of phishing and cybersecurity.
info dialog icon Worried you may be the victim of identity theft? Our partners can help!

The FBI’s Internet Crime Complaint Center (IC3) reports millions of people fell victim to online scams last year, losing $12.5 billion. News like this and individual reports of data breaches, cyberattacks and identity theft can make you want to avoid the internet—an impossibility when we work, shop, bank and communicate online all the time.

But you don’t have to join the ranks of these victims if you take proactive cybersecurity measures, such as using multi-factor authentication, setting strong passwords and downloading software updates as soon as they’re issued.

The other critical way to protect yourself from cybercrime is by understanding the tactics hackers use to scam you out of your money and private information. Phishing is one of their most common tactics, so let’s start there.

What is phishing?

During a phishing attack, a cybercriminal emails you and tries to convince you to open an attachment or click on a link to a website, either of which contains malware. It can be a virus that gives criminals access to your computer and its contents or even ransomware that locks you out of your device until you pay the thieves, typically in cryptocurrency.

Cybercriminals design their phishing attempts to look like they are coming from legitimate sources, such as your financial institution, your favorite e-commerce site, a government agency like the IRS or other known businesses and individuals.

There are multiple variations on phishing, such as spoofing. According to the Cybersecurity and Infrastructure Security Agency (CISA), spoof attacks deceive users by changing one letter, symbol or number of a trusted source’s email address, name, phone number or website URL.

Here are some other phishing variations:

  • Spear phishing: The email appears to come from a specific person you know and trust, often an authority figure, such as your boss or the head of your company’s IT department.
  • Smishing: The attacker uses texts, technically called SMS messages, instead of email.
  • Vishing: The attack comes through a phone call or voicemail message.
  • Angler phishing: The attacker targets you on social media by pretending to be a company’s customer service department following up on something you posted about them.

How can you spot phishing attempts?

Hackers have improved their phishing techniques over the years, but these tell-tale signs still indicate something isn’t right:

  • Generic greetings, such as “Hello Bank Customer”
  • Misspelled URLs or suspicious-looking ones
  • Business messages coming from a Gmail or public email address rather than a corporate one
  • Urgent requests suggesting time is running out on an awesome deal or to resolve a problem
  • Threatening messages that scare you into thinking the IRS or some other authority figure is coming after you or that your personal or financial information is at risk
  • Unprompted requests for an account number or identity verification
  • Spelling, grammatical and syntax errors

In today’s busy world, it’s tempting to skim through emails and texts, but before you respond or react to them, pay attention to details like the URL, the sender’s email address or phone number and the tone of the message. And remember, it’s always safer to directly contact a trusted source to verify the legitimacy of an email, phone call, text or social media message than to click on a link or provide information.

What are popular online scams?

Cybercriminals are always looking for a way to lure you in by creating a very tempting or urgent situation. Here are some of the most common scams circulating online today:

  • Cryptocurrency scams: Typically, the threat of blackmail, the allure of romance or the push for an investment scheme urges you to send money in cryptocurrency to another person.
  • Gift Card scams: Similar to cryptocurrency scams, you’re asked to pay things like your supposed IRS tax debt or outstanding utility balance with gift cards.
  • Job scams: These are fake job listings sent via phishing or vishing that require an upfront fee or confidential information to gain access to them.
  • Lottery scams: “You won” it says but pay a fee to claim your prize.
  • Vacation rental scams: In some cases, the beautiful property you book ends up being bogus or is switched to an undesirable one at the last minute. In others, you’re tricked into using a site that impersonates legitimate ones like Airbnb or Vacation Rentals by Owner (VRBO).

Now that you know these scams are out there, you can be a more cyber-savvy consumer.

The U.S. and Scams Infographic
The average loss per scam victim in 2022 was $12,859.

Where should you report phishing, cyberattacks and scams?

If you’re a cybercrime victim or come across these online scams, make sure you report it to the proper authorities:

In addition to these national resources, you can also contact your local police and the attorney general in your state.

Editor’s note: Quorum is not affiliated with any of the companies mentioned in this article and derives no benefit from these businesses for placement in this article.

Your Identity is Yours. Let's Keep It That Way. Identity theft can happen to anyone. Our trusted partners at BALANCE have the tools you need to ensure your personal information doesn't fall into the wrong hands.

Comments Section

Please note: Comments are not monitored for member servicing inquiries and will not be published. If you have a question or comment about a Quorum product or account, please visit quorumfcu.org to submit a query with our Member Service Team. Thank you.

CUNA 2023 diamond award trophy icon
CUNA 2023 Diamond Award Winner

Financial Education

Quorum derives no benefit from businesses in return for placement in this blog.