Cyber criminals, or hackers, often times use very effective social engineering tactics to trick you into providing personal or financial information. These criminals try use deceptive psychological attacks to trick members into revealing your password or fool you into installing malicious software on your computer. These criminals can use this sensitive information to gain unauthorized access to your accounts, to steal funds from your accounts, or to steal your identity. They often do this by pretending to be someone you know or trust, such as Delta Community Credit Union, a valid company you may do business with or even a friend.
Phishing is a social engineering technique where cyber attackers attempt to fool members into taking an action in response to a questionable email, typically by clicking on a link or downloading a malicious attachment. Phishing is not only limited to emails, but can also be sent via fraudulent SMS/Text message (Smishing), a “spoofed” voice / phone call (Vishing), or a fake social media post.
Here’s how it typically plays out: Attackers would send out phishing emails pretending to be Delta Community Credit Union, their goal is to fool members into clicking on a bogus link in an email. Once clicked, victims are taken to a fake website that pretends to be the Credit Union online banking website, but is really created and controlled by a hacker. If a member attempts to login to this fake website, thinking they are at the real online banking website, the member’s login information and password would then be stolen by the criminal. The term “phishing” has evolved over the years and often means not just attacks designed to steal your password, but attacks designed to send you to malicious third party websites that hack into your browser, or even attacks embedded with infected attachments.
Here are some steps you can take to arm yourself with additional information and to prevent fraudulent activity on your accounts due to phishing emails:
- Never open emails or click on links from suspicious senders or unknown sources, especially if you weren’t expecting it.
- Delete questionable emails (do not respond or forward to friends or family)
- Use caution if you receive an email or text telling you to update your personal information, activate something “new” for your online banking account, or verify your identity by clicking on a link (Delta Community will never ask you to verify sensitive information via email)
- If you receive a suspicious phone call requesting your information or access to your account, hang up and call us back to verify it really is us calling you.
- Take your time – read between the lines: is the email sender asking you something strange or does the message context (grammar, spelling, formatting) seem off?
There may be times that hackers or cyber criminals may already have some of your information to make an email or call sound more authentic. Here is what you can do to report a suspicious email or text message that ‘appears’ to be from Delta Community:
- If you did respond by clicking on a link, opening an attachment or providing personal information, call us immediately at 404-715-4725 or 800-544-3328.
- Forward the email to us at InfoSec@deltacommunitycu.com (Please note that due to technical reasons, some email messages forwarded to InfoSec@deltacommunitycu.com may be rejected by our server. If this occurs, please delete the suspicious email. We regularly detect fraudulent emails and websites. Additionally, we do not respond to every email that is sent to this mailbox. Thank you for taking steps to protect your personal and financial information.
Check out the FTC’s onguardonline.gov for more about Email and internet scams.
How to recognize a phishing email
Insert Image of Phishing Email Example with callouts
Fraudsters try to trick you into visiting a fake website and providing your personal account information by sending you spoofed and phishing email messages. These emails may also ask you to call a phone number and provide account information or ask you to download a file to your computer and open it.
Spoofing and Phishing emails look like official Delta Community emails. When you receive email messages from Delta Community that you feel are suspicious, we can help you learn to spot fraudulent links/websites. If the email contains links, hover over the links (with your cursor) to reveal their true target. Our email address is https://www.deltacommunitycu.com and messages from us are from this address. Be sure to ensure there’s an ‘s’ after http and then www.deltacommunitycu.com before anything else, including a ‘/’ forward slash. There can be no variation of this address, so if there appears to be, this could be a phishing attempt. Here are a couple screen shots showing you how to recognize when messages or links are NOT from Delta Community Credit Union:
Use images from the current security page – Alert → Recognize Legitimate Emails from Delta Community Credit Union (1/31/13)
Ways to identify phishing and spoofing emails include:
- Links that appear to be Delta Community links but aren’t. If you place your cursor over a link in a suspicious email, your email program most likely shows you the destination URL. Do not click the link, but look closely at the URL: A URL that is formatted bankofamerica.fakewebsite.com is taking you to a location on fakewebsite.com. Just because “deltacommunitycu” is part of the URL does not guarantee that the site is an official Delta Community site.
- Requests for personal information. Delta Community emails will never ask you to reply in an email with any personal information such as your Social Security number, ATM or PIN.
- Urgent appeals. We will never claim your account may be closed if you fail to confirm, verify or authenticate your personal information via email.
- Messages about system and security updates. We will never claim the need to confirm important information via email due to system upgrades.
- Offers that sound too good to be true. We will never ask you to fill out a customer service survey in exchange for money, then ask you to provide your account number so you can receive the money.
- Obvious typos and other errors. These are often the mark of fraudulent emails and websites. Be on the lookout for typos or grammatical errors, awkward writing and poor visual design.
If you receive a suspicious email claiming to be from Delta Community Credit Union or uses its name, please forward it to us at [New Abuse Email ID].
- Mobile Banking Tips
- Beware spoofed mobile applications (look for # of downloads vs. # of reviews/reviewers; publisher and version # etc.)
- Avoid untrusted wireless networks (e.g. airports, hotels, coffee shops etc.)
- Avoid Rooted/Jail-broken phones
- Vishing – fraudulent voicemails
- Automated call asking to dial a number
- Fraudulent call
- Go paperless
- Online shopping & activity safety
- Look for security indicators (https vs. http)
- Protect children by monitoring their activities
- Backup your data regularly
- Enable advanced security controls (multi-factor)