What is Phishing & How Does it Work?

What is Phishing?

Phishing is a type of cybercrime where the hacker or perpetrator sends a message to the consumer, usually in the form of an email, text message or telephone call, posing as a company or institution. There are many different types of phishing attacks to look out for, including fake websites with similar layouts, suspicious emails with multiple email addresses and those urging you to click a link.

Some hackers may claim to be the IRS while others may pose as your local bank or credit union. The message may look official in every way. Hackers might also use a company’s official logo and other symbols to make the customer think that it’s from a trusted source. The message usually features an urgent message asking the person to update their profile, change their password or contact the institution for more information. The message may contain a link or input fields. Once the person clicks on the link and enters their secure login information in the input field, the hacker will gain access to their account. The hacker can then use this information to quickly withdraw money and deplete the account.

Hackers usually target employees and everyday consumers. They may send out thousands of messages to unsuspecting victims at once, waiting for someone to take the bait. This is what’s known as clone phishing or spear phishing.

What to Look for in a Phishing Attack

If you encounter a strange email, voicemail or text message, watch out for these phishing attack warning signs:

Exciting Offers and Deals: Many messages will try to lure in customers by sending them fake offers, discounts, and promotions. This incentivizes the person to click on the link. If the offer seems too good to be true, it probably is.

Urgent Response Needed: Hackers aren’t usually known for their patience. Phishing emails and messages often include a sense of urgency, including the words “immediate” or “emergency.” Some messages may even tell you that your account has been hacked before asking you to quickly update your login information. If it’s truly an emergency, contact the institution directly for more information.

Links and Attachments: Beware of phishing messages and emails that contain links and attachments. If you didn’t request this information or attachment, it’s probably a scam. Avoid clicking on the link or opening the attachment, as it may include malware or a computer virus.

Unusual Sender: Pay attention to who sent the message. If the sender’s email address or phone number doesn’t look familiar, avoid opening the message altogether.

Don’t assume the message is legitimate just because it was sent using an Ent email address or local phone number. Some hackers may disguise themselves as Ent employees or local residents.

What to Do If You Suspect a Phishing Attack

If you receive a strange email, text message or phone call from someone claiming to be a legitimate organization or company, here are steps you should consider:

Start by asking yourself whether you initiated this interaction. Did you request information or some other service from the organization in question? If the answer is no, do not open the message or respond in any way.

You can also try using Google or some other search engine to do some research on your own. Try typing the phone number or the text in the email into the search bar. If it’s a scam, chances are other consumers have reported the attack. When you encounter a suspicious link or email address, try hovering your cursor over the link. You should see a small preview of the website or the person’s contact information without having to click on it. If the preview doesn’t come up, it usually means the website or email address is fake.

Other Cyber Security Tips

There are several things you can do to reduce the risk of phishing attacks, so you don’t fall prey to a scam.

Install spam filters on your email account to protect yourself from fraudulent messages and possible scams. The filter will analyze the message, including the sender, its contents, and how the email was generated to determine if it’s safe to open. Set up spam filters on your internet browser as well. When you click on a fraudulent or suspicious website, the browser will send you to a blank page alerting you that the site may be dangerous. To avoid fake websites, you should only visit and interact with websites with the SSL certificate. Websites with the SSL certificate have a green “HTTPS” URL with a lock symbol. This shows you that the website is safe and secure.

The Ent Promise

It’s also important to partner with a reliable, secure financial institution that has your best interest in mind. The best banks and credit unions use advanced security software to prevent phishing attacks and protect their customers’ financial data.

At Ent Credit Union, we go to great lengths to protect our members from phishing attacks and online scams. We are also here to make sure you have the information you need to protect your money online.

There are some things Ent will never ask you for over email, text or the phone, including your login information, debit and credit cards, social security number, and other sensitive information. If we need to access this information, we will ask you to fill out one of our secure forms either online or in-person.

If you see a message from Ent asking for this information, it’s a scam. Report suspicious messages to our member service representatives to help us find the culprit. We also research the latest phishing scams and attacks to keep our members informed.

Contact us to learn more about what is phishing, so you can manage your money with more peace of mind.