Today, you must always be on the lookout for phishing scams. To help you identify phishing and avoid getting scammed, we suggest the following:
- Do not reply to or click on a link in an e-mail that warns you, with little notice or prior legitimate expectation that an account of yours will be shut down unless you confirm your billing information. Instead, contact the company cited in the e-mail using an authenticated telephone number or other form of communication that you are sure is genuine.
- Legitimate companies, especially financial institutions should never ask you to verify your account information. If you get an email that asks for this type of information, delete it and report it to the company being phished.
- Before submitting financial information through a website, look for the locked padlock on the browser’s status bar or look for “https://” at the beginning of the web address in your browser’s address window. The presence of a padlock and the https:// does not guarantee that the website is legitimate or secure. However, the absence of either the padlock or the https:// does indiciate that the web site is not secure.
- Identifying a phishing e-mail may be easier than it appears. Sometimes, the entire e-mail is a graphic which may be a sign. If you cannot highlight words, then you know it’s a graphic, sometimes with a link. Also, if you hover your mouse over the graphic or other links, you can usually view the actual link (at the bottom of your screen or a hover line). The link may be something else than it actually says in the e-mail. If you do click on the graphic or link, check the url to make sure it actually is from the domain of your financial institution.
- For example, if FMFCU sent you an email, the url from the link you clicked should be fmfcu.org. If it has a slash after it, like fmfcu.org/savings.htm, that’s ok, because as long as the url ends with fmfcu.org before the slash, it is from us.
- If it looks like this: fmfcu.org.fake.domain.org, then it is not from us. The real domain here is domain.org and you are being phished.
- Use anti-virus software and make sure you have a firewall in place.
- Review all financial statements (online or paper) as soon as you can so you can see if any unauthorized charges are present. Log into FMFCU’s Online Banking for an even more up-to-date transaction history.
- Never send e-mails with sensitive personal or financial information. E-mails are not secure. Visit official websites and login securely to send this type of information.
- Always be aware of attachments in e-mails. Never open an attachment from someone you do not know. This could contain a potential virus.
- Always make sure your web browser contains the latest patches. Newer browsers will eventually contain anti-phishing features to help you even more.
If you think you’ve been phished, you may file a complaint with the Federal Trade Commission (FTC) at ftc.gov. Here you can take some steps to minimize your risk. Also make sure you order your credit report and review it periodically.
If you’ve been phished by a fake FMFCU e-mail, please contact us immediately and if possible, send us a copy of the e-mail so we can take steps to bring down the fraudulent site.