Phishing, smishing, and vishing: know the difference

Phishing: the email deception

Phishing is one of the most common and deceptive forms of cyberattacks. Scammers craft emails that appear to come from trusted organizations to trick people into sharing sensitive information or clicking on harmful links.

How it works:

• Scammers pose as trusted organizations or individuals via email.
• Messages often create a sense of urgency or offer enticing prompts to encourage quick action.
• Victims are directed to fake websites or download malicious attachments.
• Personal information is stolen when entered on these fake sites or through malware installed from attachments.

Example:

You receive an email claiming to be from PayPal, warning that your account has been compromised and will be deactivated unless you confirm your credit card details. The provided link leads to a fake PayPal website, where you unknowingly share your credit card information, which is then used for fraudulent activities.

✩ Tips:

• Double-check the sender’s email address.
• Be cautious of urgent requests or unexpected attachments.
• Always hover your cursor over links to preview their destination before clicking. This simple step helps you identify potentially harmful or fraudulent URLs by revealing the actual web address. Look for inconsistencies, such as mismatched domain names or unfamiliar sites, and proceed cautiously to protect your personal information and devices.
• Use anti-virus software to block malicious emails.

Smishing: the text deception

Smishing is a cyber attack that uses text messages to trick people into sharing personal information or downloading malicious software. It’s important that you never click on the links or call phone numbers listed in messages from unexpected or unfamiliar sources. The best protection against smishing comes down to a simple strategy: Don’t respond.

How it works:

• Scammers pose as banks, delivery services, or other trusted entities in text messages.
• Messages include links to fake websites or prompt you to call a fraudulent number.
• Victims may unknowingly share personal or financial information.
• Clicking malicious links can also install harmful malware on your device.

Example

You get a text message that appears to be from your credit union, claiming your account has been closed. To reactivate it, you're instructed to click a provided link. Once you do, you’re prompted to enter your account number and PIN. The link may also secretly install malware on your phone.

✩ Tips:

• Be wary of unexpected texts, especially ones that create a sense of urgency.
• Avoid clicking links in messages from unknown or unverified sources.
• Confirm requests by contacting the organization directly using official contact details.
• Install and use mobile security software to guard against threats.

Vishing: the voice deception

Vishing, short for "voice phishing," is a type of cyberattack where scammers use phone calls to trick individuals into sharing sensitive personal information such as credit card numbers, bank details, or passwords. By impersonating trusted entities like banks, tech support, or government agencies, they exploit voice communication to deceive victims, much like email phishing but over the phone.

How it works:

• Impersonation: Scammers call pretending to represent trusted organizations.
• Social Engineering: They use psychological tactics to gain trust and create urgency.
• Exploitation: Victims are tricked into sharing personal details, financial information, or login credentials.
• Fraud: The stolen information is used for identity theft or financial scams.

Example

You receive a call from someone claiming to be from your credit union. They warn you about a fraudulent charge on your account and ask for your login credentials or PIN to “secure” it. In another scenario, the caller claims you've overpaid a bill and requests your information to "refund" the excess amount. These are classic examples of vishing, where scammers use phone calls to steal sensitive details.

✩ Tips:

• Stay cautious and be wary of unsolicited calls, especially those requesting personal details.
• Verify, hang up and contact the organization directly using their official phone number.
• Only share sensitive details if you initiated the call.
• Use caller ID and blocking tools to filter unknown numbers.

Remember:

We will never contact you by phone, email or text asking you to provide account numbers, passwords, social security numbers or other personal information.

Stay in Control

As a credit union member, you help protect your financial information from cyber threats. Stay informed about risks and follow best practices to keep your accounts secure. Cybersecurity is a shared responsibility, and together, we can create a safer digital environment.

Card Control

Temporarily block your card within our mobile banking app, locking it to prevent fraud if it's lost or stolen. Unblock it easily when found.

Download our app

Two Factor Authentication

Serves as an extra layer of security for stronger protection of your online accounts.

Learn More

Account alerts

Setting up text or email alerts can help you recognize suspicious transactions more quickly. Set these up within online banking. Login and navigate to the “Resources” menu, and select “Alerts.” From there, you can choose the types of alerts you want and how you’d like to receive them—via SMS, push notifications, or email.

Online Banking

Phishing, smishing, and vishing: know the difference

Phishing: the email deception

How it works:

Example:

✩ Tips:

Smishing: the text deception

How it works:

Example

✩ Tips:

Vishing: the voice deception

How it works:

Example

✩ Tips:

Remember:

Stay in Control

Card Control

Two Factor Authentication

Account alerts

Not a Member, Yet?

Already a Member?