
What Is a Phishing Attack? - 5 Ways to Recognize a Phishing Scam
You know scammers are out there, lurking behind friendly, seemingly legitimate emails and text messages. They attempt to get your personal information, often by asking you to click on a link. The link will bring you to a website that looks like a legitimate website, but it only exists solely for fraudulent purposes. Did you know that most phishing scams arrive by email? Just 1% attempt to scam you by phone. How can you recognize a phishing scam so you don’t fall prey to one? There are five common giveaways that an email may not be legitimate.

LESSON CONTENTS
1. Companies don’t request your personal information via email.
Unsolicited emails from a company that provide a link or ask you to verify your account details are often a scam. Companies don’t ask you for your bank account information or Social Security number.
2. Companies usually call you by name.
Scammers are sophisticated, but phishing attacks are usually sent to thousands of people at the same time. They often begin with something like, “Dear Customer” or “Dear Amazon Customer.” If this email was actually from your bank, your credit union, or a personal account, they would know who you were and call you by name.
3. Phishing emails prey on fear.
Common phrases used in phishing attacks are:
- Changes to your health benefits
- Action required: new login attempt
- Payment declined
- Security update required
- Important: please read
Sometimes scammers will send an invoice for something that you didn’t order in the hopes that you will click on the link they’ve helpfully provided to cancel this order so they can get your sensitive information.
Certain companies are impersonated more often than others. The most impersonated companies in the first quarter of 2021 were:
- Microsoft
- Amazon
- DHL
- IKEA
- Chase
- Rakuten
- PayPal
If you get an email from any of these companies, you should be suspicious. If you have any doubts, go directly to the website (DO NOT click on a link!) and log into your account. Some scam emails are one gigantic hyperlink, so if you click anywhere on the email, it will initiate a malicious attack.
Hackers are pretty good at recognizing opportunities. During times of general uncertainty, they know people are more anxious and might not be paying as much attention. At the start of the Covid-19 pandemic, phishing attacks increased significantly. During hotly contested political contests, they send out scam emails looking for contributions. The last round of stimulus checks brought a new set of scams.
If an email is targeted to you specifically, that’s called spear phishing. They could be after your financial information, but they could be gathering information to use later.
A newer scam is “sextortion”. Attackers claim they have video of you doing something compromising, and they ask for a ransom in exchange for not releasing the information. Delete the email immediately—they don’t have any such video.
Another thing you can do is enter the exact wording of the email message into a search engine. This will often identify scams.
4. Legitimate companies know how to spell and use grammar.
This is the easiest way to recognize a phishing scam. Legitimate companies employ people with excellent grammar and spelling skills to write emails for them. Did you know that hackers do this on purpose? They use awkward syntax and bad grammar as an attempt to pry on the uneducated.
If the email doesn’t read right, or there are errors especially in grammar or syntax, you should be suspicious.
5. Check the domain address.
This is often overlooked by even savvy consumers. Hover your mouse or your cursor over the link in the email address, and the destination address should appear in a bar along the bottom of the browser. If there is a string of random letters and numbers after the company name, it could be a phishing attack. Sometimes companies do include varied domains to send emails, in which case you should make sure that the link in the text matches the URL.
What to do if you’ve been phished.
If you think a scammer has obtained your information, go to IdentityTheft.gov and follow the instructions. You should also:
- Change all of your passwords immediately. You should change your passwords every three months or so, but especially after a phishing attack. Consider using a password manager to keep track of them all.
- Get anti-virus software and scan for viruses as soon as possible.
- Disconnect from the internet as soon as possible. You may be able to prevent the hacker from gaining remote access to your computer or from installing malware.
- Contact the company that was spoofed. Companies have departments dedicated to dealing with fraud. You can also report what happened to you to the Anti-phishing Work Group, which analyzes and works to prevent phishing attacks.
- Watch carefully for signs of identity theft. If you gave out financial information, check your bank accounts and credit card accounts for signs of fraud. You should also contact credit reporting agencies to let them know. Keep an eye out for new credit inquires that you didn’t authorize.
- File a report with the Federal Trade Commission (FTC).
- Don’t be too hard on yourself. While most people think they can recognize a phishing scam, hackers know that it only takes one moment of inattention.
Hopefully, you won’t fall victim to a phishing scam but if you do, you’re definitely not alone. Scammers send phishing emails because they work. Not clicking on random links or attachments will go a long way towards protecting yourself.
Related Resources
View All
Common Scams that Prey on College Students
College students may be vulnerable to online scams and predatory behavior. Many students may be living on their own and managing their money for the first time. They may not be familiar with the warning signs of fraud, which can lead to all kinds of unfortunate outcomes, including identity theft and scam purchases. If you or someone you know is getting ready to go to college, use this guide to help protect yourself from common scams that target college students.

Help I've Been Scammed! What Should I Do Now?
So, you believe you’re the victim of a scam—what do you do now? Online scams are becoming increasingly common as online scammers and hackers look for new ways to trick consumers into handing over their personal information. If you’ve been scammed, you might have noticed an unauthorized transaction posted to your bank account or your funds may be lower than expected. There’s also a chance that you sent your personal information to the wrong person by mistake, including your debit and credit card numbers, bank account information, Social Security number, phone number or email address. If you notice a problem with your account, there are several ways to rectify the situation. Follow these steps to secure your money before the scammer has a chance to make another withdrawal.

Mobile Banking Safety Tips
More people are using mobile banking apps and websites than ever before. Many people prefer to manage their money online using a mobile device rather than visiting a local service center in person. You don’t have to deal with traffic or wait in line to use the ATM. Banking apps are as safe as the financial institutions they represent, but you need to be careful when sending and sharing your information online. Use these safety tips to enjoy the benefits of Ent mobile banking without putting your finances at risk.

How Secure is My Password?
It’s generally recommended that you change your password once every three months or so, but it can be easy to forget or push it off. You may be wondering if it’s really such a big deal? Yes, it is because cybercrime is on the rise. In a 2018 survey of adults, almost 33% said they personally had experienced a hack of their social media and email accounts. This may be because up to 50% of them use the same password for multiple accounts. Read this article to help you secure your passwords and online accounts before you get hacked.

Chip-Enabled Ent Debit Cards: How EMV Technology Keeps You Safe
Today, most debit and credit cards have multiple ways to transmit data and authenticate a payment. One such way is the small, square computer chips you see on the card. This is called an EMV chip and is used to help protect the user from fraud. Read this article to learn more about how EMV chips work and how they help keep your information safe.

Someone Wants to Send You Money? It's Likely a Scam.
So, someone wants to send you money? Maybe someone reached out to you via phone, text or email claiming that you won a prize, they’re going to wire you money or you are the beneficiary for your family members. Everyone wants “free” money, but often these messages or notifications are scams. Learn more about what you can do to protect yourself from these types of scams.

How to Protect Your Identity and Money During Tax Season
It’s tax season in the U.S. You’re likely focused on gathering all the necessary paperwork and submitting your return on time. Meanwhile, in the criminal world, fraudsters are busy executing schemes in an attempt to steal your identity and money. In fact, the Internal Revenue Service identified $2.3 billion in tax fraud in 2020. To help alleviate some stress this tax season, we’ve compiled this guide to help you protect yourself, recognize possible fraud warning signs and take action if you become a victim.

What Is a Phishing Attack? - 5 Ways to Recognize a Phishing Scam
You know scammers are out there, lurking behind friendly, seemingly legitimate emails and text messages. They attempt to get your personal information, often by asking you to click on a link. The link will bring you to a website that looks like a legitimate website, but it only exists solely for fraudulent purposes. Did you know that most phishing scams arrive by email? Just 1% attempt to scam you by phone. How can you recognize a phishing scam so you don’t fall prey to one? There are five common giveaways that an email may not be legitimate.

How Do I Know If I've Been Scammed? Common Red Flags
If you suspect you are being scammed, Ent Credit Union is here to help. Money scams can take many different forms. Criminals may claim to be the government, such as the IRS, or even your local financial institution to con you out of your hard-earned money. There are several ways to find out if you are indeed the victim of a scam. Use this guide to protect yourself from scams online and over the phone.

What is Phishing & How Does it Work?
You can never be too careful when it comes to managing your money. Cybercriminals and digital hackers often use a technique known as “phishing” to get customers like you to turn over their personal data, including PIN numbers, credit and debit cards, bank statements and other financial information. These kinds of cyberattacks can happen to anyone at any time. That’s why it’s important to learn about phishing, so you can protect yourself and your money from online scams.

What is Spoofing and How Does it Work?
Chances are that you’ve been the victim of a spoofing attempt by now. Spoofing is a type of cyberattack where someone pretends to be a trusted source so they can gain access to your personal information. In this article, you’ll learn what spoofing is, and more importantly, what you can do to keep your personal information safe.

Multi-Factor Authentication: Why It's Important & How to Set It Up
You have passwords for every online store, financial institution and social media website, yet you were still hacked. How is that even possible? Sadly, this is becoming more and more common, which is why multi-factor authentication (MFA) has become more widespread.