How to Avoid Email and Text Scams

Phishing and smishing attacks are rapidly increasing, with link-based phishing alone rising over 200% in the second half of 2024. These types of scams aim to steal personal and financial information through deceptive emails and text messages. In this blog, you’ll learn how to recognize the red flags—such as suspicious links, grammar errors, and unexpected requests for sensitive data—and what steps you can take to protect yourself. By understanding how these scams work and staying alert, you can significantly reduce your risk of falling victim.

Phishing attacks are the single most common form of cybercrime. In the second half of 2024, there was a 202% increase in the overall amount of phishing messages, with link-based phishing being the most prevalent. Unfortunately, phishing and smishing are the most common attacks simply because it’s cheap and easy for attackers. The term “smishing” is a mix between short message service (SMS) and phishing. Phishing and smishing attacks are very similar, but phishing uses your email to try to get your personal information, and smishing contacts you through text messages.

There are ways to easily identify and avoid phishing and smishing attacks when it comes to your personal information and finances. By staying vigilant, you can likely prevent any phishing or smishing attacks that may happen to you. Learn what to do to protect yourself.

How to Spot a Phishing Email

1. The sender’s email address is incorrect
2. Look at the email address that the email was sent from. If it seems suspicious or not consistent with the sender’s name or business, this is a red flag. An email reaches your work inbox, and it’s supposed to be coming from a client email, but the email address reads: personalname@gmail.com. However, it should be coming from a business email, not a personal email address. If you see an inconsistent email address, then you should make sure to report it.
3. Request for information
   If you receive an email that asks for your full name, address, and banking information, then that is a clear indication that it is a scam. No banks or credit unions, including The Police Credit Union, will ever ask you for your personal information by email.
4. Suspicious link or attachments
   Most people know you should never click on a link in an email if you are unsure what it is. It’s always a good idea to hover over the link if you are unsure what it is. That way, you can see the domain and where it is sending you. In addition, if you see an attachment in an email and you didn’t expect it, do not open it.
5. Incorrect spelling or grammar
   It’s important to check subject lines, body text, links, and signatures for spelling or grammatical errors. Frequent errors like this are a telltale sign that the email may be a phishing email. You should also look out for very generic messages (i.e., Dear Customer, Greetings User, etc.) when you are trying to determine if it is a phishing email.

Here is an example of a straightforward phishing email:

Scammers continue to get more and more creative with their messaging, so emails asking to pay an invoice or change a password should be carefully monitored. 

How to Spot a Text Scam or Smishing

Typically, a smishing scam attempts to impersonate a reputable business and it does this by trying to get you to click a link or phone number attached in the text. The phone number and area code tend to look like any others. These messages will typically appear to come from credible sources like Amazon, FedEx, or UPS to make them seem more realistic. If you fall into clicking the link, then you will likely be asked to enter some kind of personal information like a social security number, credit card information, or other sensitive information. You could also unknowingly download malicious software to your device that can potentially collect personal information.

Here is an example of a smishing attempt

What to do Next

Do not open or reply to the email if you have any suspicion of it being a phishing email. You should always report these kinds of emails. If you receive this in your personal email, you can go to IdentityTheft.gov and fill out the form. If you receive this kind of phishing email in your company email account, report it immediately to the IT department so that they can take the necessary precautions. Another tip you should keep in mind is to make sure your computer is always up to date with the latest security software. This should occur daily, so you don’t go too long without the most current patches and updates.

As far as smishing, you should:

• Never click links, reply to text messages, or call numbers you don't recognize.
• Do not respond to any unfamiliar or suspicious messages.
• Delete all unfamiliar and suspicious texts you receive.
• Make sure your cellphone is updated to the latest version, Apple or Samsung.
• Protect any sensitive personal information - bank accounts, health records, social media accounts, etc. – you can do this by adding two-factor authentication.

Always Stay Vigilant

The best way to protect yourself against these kinds of phishing or smishing attacks is to know what to look out for and always report anything you find suspicious. Never click on any links or attachments you are uncertain of, and never give your personal banking information out. Trust your instinct because it’s almost always going to be right. And remember that if you ever have questions about whether a legitimate email came from The Police Credit Union, contact us or schedule an appointment at our Virtual Branch.