One day an email lands in your inbox, but you don’t recognize the sender and the message seems odd. Maybe there’s an urgent request to take an action you might not normally take. These are common examples of phishing, the practice of sending a fake email (phishing) or text (smishing). Even a phone call (vishing) believed to be from a known source can send you down a dark path. Scammers try to trick you into sharing personal information, installing malicious software on your device, or sending them money or gift cards. If you can spot the red flags of phishing, you’ll be in a better position to avoid potential trouble ahead.

What are the types of phishing attacks?

• Deceptive phishing. The sender impersonates a legitimate company or person you’re familiar with. The thief makes an urgent plea for you to share personal or financial information right away. 
• Spear phishing. Here the email is more personalized, to increase the likelihood of you falling into the thieves’ trap. 
• Link fraud. Thieves embed a link or QR code in an email that redirects you to an unsecure website that requests private information they can steal.

Three ways to spot these scams

1. Set your spam filter to your highest comfort level to keep out unwanted email. Phishers apply pressure to get you to respond to their request. Do not be drawn in immediately. Instead ask yourself if this is something the person, or company they’re claiming to be, would do or say. If the answer is No, don’t click and don’t reply. If you’re unsure, go to the source by contacting them directly. 
2. Make it a habit to carefully check the sender's email address. Fake email addresses often look so much like a real address you may not spot the error. Double-checking the email is especially important on mobile devices, since the email address often isn't displayed. You may need to tap the display name of the sender to see the email address. 
3. Before clicking on a link or replying to a text or phone request for information, think about how you normally do business with that person or organization. A phishing example might be an email where the business’s name is misspelled, even subtly. For example, The Best Fish House may come across as The Best Fish H0use. Never send a return email, since you don’t know who has control of that original email. These tips can make you and your legitimate contacts safer!

Tips to prevent phishing attacks

• Whenever possible, enable two-factor authentication (2FA) for your email as an added layer of security. It requires you to enter your username and password, and another factor such as a code sent as a text message. Once you enter the special code, you can access your email. Adding 2FA is a good way to help prevent thieves from accessing your contacts then using them to impersonate you in a fake email, if you accidentally fall for a phishing scheme. 
• Don’t scan unknown QR codes. Scammers may use QR barcodes to lead you to a fake website where you are asked for personal information. 
• Turn on spam filters. These are designed to help you catch emails faster that don't belong to people you normally connect with or fake companies. 
• Install trusted antivirus software to guard against known scamming tactics and close online security loopholes. To use these, keep your web browser up to date and install patches as they become available or set them to automatically install. When a new patch is available, you’ll be protected right away.

What to do if you're a victim of a phishing scam

Visit the Federal Trade Commission’s identity theft prevention website to file a report and learn how you can minimize the risk of becoming a victim of identity theft. You can also turn to your credit union for help reducing the chances of identity theft, with tips on detection, prevention and resolution.

If you receive a phishing email, do not directly reply to the sender; instead, report the email to your email provider as "phishing" through the designated reporting feature within your email client/service provider.