Recognizing E-mail Scams

Fraudulent e-mails and web sites are designed to deceive you and can be difficult to distinguish from the real thing. You should be suspicious of any e-mail that requests your personal or account information. Most legitimate companies, including Industrial Federal Credit Union, will never use an e-mail to ask you to provide or verify your personal or account information. If an e-mail asks for this type of information, assume it's a scam.

Identifying a fake (phishing) e-mail:

False sense of urgency. Many phishing e-mails try to deceive you with the threat that your account will be in jeopardy if it’s not updated right away or that it has been compromised. An e-mail that urgently requests you to supply sensitive personal information is typically fraudulent.

Fake links. Many phishing e-mails have a link that looks valid, but send you to a fraudulent site that may or may not have an URL different from the link. Check where a link is going by moving your mouse over the link in the e-mail and looking at the URL in the bottom bar of the browser. If it looks suspicious, don't click it.
Misspellings and bad grammar. Fake e-mails often, but may not always, contain misspellings, poor grammar, missing words, and gaps in logic. These types of mistakes help scammers avoid spam filters. It's more difficult to identify a fake e-mail using the following:

Sender's e-mail address.
To give you a false sense of security, the “From” line may include an official-looking e-mail address. The address may actually be copied from a genuine one. The e-mail address can easily be altered, so it’s not an indication of the validity of any e-mail communication.

Generic greeting. A typical phishing e-mail has a generic greeting, such as “Dear Customer,” but legitimate e-mails may use it too.

Identifying a fake web site:

Deceptive URLs. Some scammers will insert a fake browser address bar over the real one, so it looks like you’re on a legitimate site. The words may be slightly altered by adding, omitting, or transposing letters. Even if an URL contains the word "IFCU," it may not be the actual Industrial Federal Credit Union web site.

Out-of-place lock icon. Make sure there is a secure lock icon in the status bar at the bottom of the browser window. Some fake sites will put this icon inside the window to deceive you.

Reduce your chance of being victimized:

Do not use links included in the e-mail. Open a new browser window and type in the URL you know to be correct.

 Do not open attachments. Like fake links, attachments may be used in phishing e-mails and are dangerous. Opening one, even an image or PDF, could cause you to download spyware or a virus.

Call the company in question using a phone number you know to be correct. The person you speak with will most likely be able to confirm whether they actually need the information and if so, whether you can provide it over the telephone.

 Use anti-phishing software. There are a number of programs available that will check the web address in question against a list of known phishing scams and notify you if the site appears there.

 Update your computer with the latest browsers, upgrades and security patches. Some spoof sites are able to obtain your information through your internet host company's address if you simply visit the site.

<< Return to Security Center.