Even the savviest internet users can unwittingly fall victim to phishing scams. Learn more about what phishing is, how to protect yourself from these scams, and what to do if you become the victim of a phishing scam.

1. Understanding Phishing E-Mail
Scams
What They Are and How To Protect Yourself

2. What is Phishing?
“Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text
message by someone posing as a legitimate institution to lure individuals into providing
sensitive data such as personally identifiable information, banking and credit card details, and
passwords.
The information is then used to access important accounts and can result in identity theft and
financial loss.”
Source: Phishing.org

3. Common Ploys Used in Phishing Emails
Scammers have been known to use a wide range of messages to get people to provide
their personal information and they’re always looking for new ways to take advantage
of people. Some common ploys used by phishers include:
● Fake invoices
● Messages about suspicious account activity or other problems with an account
● Links to make a payment
● Offers for free things
● Messages about being eligible for a government refund

4. Common Features of Phishing Emails
According to Phishing.org, phishing emails very often have some of the following
features:
● “Too good to be true” offers and statements
● Messages that create a sense of urgency to get people to act quickly
● Hyperlinks that are misspelled or, when hovered over with a mouse pointer, show
a URL that’s different from what you expect
● Unusual attachments
● The message was sent from an unfamiliar sender

6. Example of a Phishing
Email

7. Phishing Email Example
Source: FTC

8. How Can You Tell This is a Phishing Email?
The email looks like it’s from a familiar, trusted company and even uses the company’s
logo. But the following signs signify the email is part of a phishing scam:
● The email says your account is on hold because of a billing problem, a common
phishing ploy.
● The email uses the greeting, “Hi Dear.” A real email would likely use your real
name, not a generic greeting like this.
● The email also includes a link to provide payment information.

9. Protecting Yourself from
Phishing Scams

10. Protecting Yourself from Phishing Scams
● Install a SPAM filter to reduce the number of fraudulent and malicious emails you receive.
● Don’t trust any email urgently requesting personal information, such as checking account or credit card numbers, Social
Security numbers, user names, passwords, PIN codes or other financial information.
● When clicking on links in an email, watch the “address bar” of your browser to ensure you’re directed to the authentic,
branded domain. It is easy for a phisher to spoof a web link and redirect it to another web site.
● Rather than using hyperlinks in an email that you suspect may not be authentic, you should directly type in the URL in the
Internet browser address bar. Certificates for the site ensure that the site you type in is where you’re going. In an email,
hyperlinks may appear to be going to one site, but can direct you to another.
● When entering personal information on secure sites, look for the locked padlock on the Internet browser’s status bar or make
sure that you see https:// at the start of the URL in the address bar. This indicates SSL security is in place, although it does not
guarantee the site’s legitimacy. Without these, however, the web site is definitely not secure.
● Be alert to scammers phishing using any communication method and asking you to confirm using any communication
method (phone, fax, email, etc.)
● Keep in mind that legitimate companies would never ask their customers for private information in an email.
Source: USC Credit Union

11. What to Do If You Become
a Phishing Victim

12. Steps to Take After Becoming a Phishing Victim
● File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
● Contact the fraud departments of any of the three major credit bureaus to place a fraud alert on your credit file. The fraud
alert requests creditors to contact you before opening any new accounts or changing information on existing accounts. The
credit bureau is required to notify the other two bureaus after confirming your fraud alert. You will then receive a copy of your
credit report from all three credit bureaus. (See below for contact information for all three major credit bureaus.)
● Contact your credit union or bank and notify all with whom you have a financial relationship.
● Immediately close those accounts that you know or suspect have been tampered with or opened fraudulently.
● File your complaint with the Federal Trade Commission (FTC). The FTC maintains a database of identity theft cases used by
law enforcement agencies for investigation. Further information regarding identity theft can be obtained from the FTC at
www.consumer.gov/idtheft or 1-877-ID-THEFT.
● Report the theft of your checks to check verification companies.
● Check the post office for unauthorized change of address requests on your behalf.
● Follow-up all telephone calls with letters and keep a copy of all correspondence.
Source: USC Credit Union