These days, it’s easy to stay electronically connected to your financial accounts and businesses you trust. More and more often, online criminals pose as organizations to trick people into providing sensitive information or access to their accounts. They do this through a scam known as phishing.

How Phishing Scams Work

Scammers take advantage of the ease with which we use email. Their phishing emails appear to be from financial institutions, credit card companies, online stores, government agencies, and other trusted entities.

Phishing emails trick you into giving up personal information like account numbers, passwords, or your Social Security number. Scammers use this to get access to your banking accounts or install malware on your computer.

Phishing emails lure you by pretending to be a routine message, making a threat, or promising something you want. These emails often appear legitimate by including a company logo or other familiar details, making them trickier to detect.

Look for Warning Signs

Be on the lookout for these warning signs that could indicate a scammer is looking for your information:

• Look for emails that don’t address you by name or that contain typos. Typos are a red flag that the message might be fake.
• A phishing email may mimic a business’ website address but may actually come from a different source. Look carefully to see if there’s a variation in the address that the email came from.
• Does the message contain an attention-getting subject line or an attachment or ask you to click on a link for more information? This may lead to a fake website designed by the scammers to capture your information or download malware onto your computer.

A phishing email wants you to respond in some way. The email may:

• Tell you there’s some suspicious activity, login attempts or another problem with your account
• Inform you that you’ve won something
• Ask you to confirm personal information
• Include a fake invoice as an attachment
• Tell you there’s a problem with your computer that needs to be fixed
• Ask you to click on a link to make a payment or update payment information
• Say you’re eligible for a government refund

Don’t Get Hooked

There are several steps you can take to avoid being a victim. Before you respond to any email:

• Did you request information from the email sender? If not, it’s probably a phishing email.
• Verify any request by contacting the business directly through the information on their website.
• Remember that legitimate companies or government agencies never ask for passwords, Personal Identification Numbers (PINs), Social Security numbers, one-time verification codes, or account numbers in an email.
• Delete suspicious emails. Don’t click any links or open any attachments.

Protect Yourself

Spam filters may keep some phishing emails out of your inbox, but scammers are constantly trying ways to outsmart them, so adding extra layers of protection is a smart move.

Set up two-factor authentication. When you add two-factor authentication, scammers can’t access your account with your password alone. You will need to provide additional information, such as a confirmation code emailed or texted to you or a passcode from an authentication app to log in to the account.

To activate two-factor authentication to protect your Firefighters First accounts:

• Mobile: Go to More > Settings (gear icon) > My Settings > Security Options
• Online Banking: Go to Security > Change My Security Settings > Security Options

Here are some extra ways you can protect yourself against phishing and spoofing when banking with us:

• Ensure you're on the real Firefighters First site https://firefightersfirstcu.org/ before you sign in, check your browser bar
• If you receive a suspicious email from us, don’t click on any links or reply. Forward it to us immediately at abuse@firefirstcu.org then delete it

What if You Responded to a Phishing Email?

• Don’t panic. If you gave a scammer information—such as your password, credit card number, bank account number, or Social Security number—contact your financial institution or credit card company and let them know your account might be compromised.
• Use security software. If you clicked on a link or think you downloaded a harmful attachment, security software can run a scan to detect any problems. It’s a good idea to set the software to automatically update so it can recognize and handle any new security threats.

When you know the signs of phishing, you can avoid taking the bait. Call us with questions or concerns anytime at 800-231-1626 or visit our security resources to learn more about privacy and security measures you can take to stay safe.