spotting bad links

A Recent Phishing Attempt Example

June 2, 2022

Phishing and other forms of online fraud are becoming more and more prevalent in daily life. Recently, one of our very own members came across a phishing attempt that almost cost a sizeable amount of money.

The member received an email from someone (a fraudster) posing as a representative for their investment company. There were some bad links in the email that could have either downloaded a malicious software onto the member’s computer or tracked their data online. The fraudster was able to steal the member’s login information for digital banking and almost manipulated the member into transferring out thousands of dollars. Luckily, this was discovered and blocked.  

This member was very fortunate that the fraud was caught. Others are not so lucky. It’s important to know what to look for in an email to avoid these types of attacks in the future.

Here are some tips for avoiding bad links:

Hover over a link without clicking it. If you hover your mouse over a link without clicking, you’ll see what link the email actually will send you to. In a phishing attempt, the link could be a page with malicious software or even could capture your login information. For example, let’s say someone sends you a link to mwafcu.org. When you hover over this sample, you’ll notice it’s actually sending you to another page (one of our blog posts) not the main page of our website as it suggests.

Check the sender. Is the sender someone you know? Make sure their email address matches what you have saved for them. Again, actually check the exact email address it came from. Look for suspicious email extensions. If a business is emailing you, they’ll most likely have an official domain email address, not a gmail, Hotmail, or yahoo address. Also, remember that they can make their email address display any name they want. Perhaps it says “PayPal Service” but when you expand the information to see the email address, it may say “[email protected]” or even “pa[email protected]” instead. That’s a red flag.

Do not open attachments. If you get an email from someone you don’t know, opening an attachment could download a virus on your computer.

When in doubt, do not click on any links in an email – even if it looks like it’s coming from a business you know. Fraudsters can easily copy email formats from reputable businesses and make their emails look legitimate. Instead of clicking a link in an email, just bookmark your favorite pages ahead of time and go directly to the link itself through your bookmarks.

Set alerts for suspicious activity in digital banking. You can set up text and email alerts in digital banking to inform you whenever there is a login or a change to important information like your contact info, login credentials, or password. You can also set alerts for large transactions.

If you think your account has been compromised, change your passwords. Change your email password. Change your digital banking username and password. Change any password you may have possibly given to the fraudsters.

Seek help from a professional for malicious software. If you think there may be a virus or malware on your computer, take your computer to a professional. They’ll make sure the software is disarmed and your computer is safe again.

It is important to remain alert and use these tips to look out for bad links and phishing emails. Using these tips could help protect you and your family from hackers and fraud.  Additionally, you can also protect yourself from identity theft with Ultimate ID. MidWest America Federal Credit Union offers Ultimate ID for just $5 per month, which helps to protect you and your household should your identity be stolen. Find out more here.