Phishing and Smishing - Service Federal Credit Union (2024)

Phishing and Smishing

Social Engineering refers to the manipulation of people into performing actions to divulge confidential information. By using creative methods, scammers, criminals, and other bad actors can gain access to your personal information.Two of the most common methods used are known as Phishing and Smishing.Below we’ll review what these methods are, how they are used, and how to protect yourself against threats.

What is Phishing?

Phishing is defined as “a technique for attempting to acquire sensitive data through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person.” A phishing email or website will often disguise itself as a legitimate organization, such as your credit union or bank, an online storefront, or social media to get you to provide sensitive information.

Examples of Phishing

Some examples of phishing may follow themes as shown below:

Example 1: You receive an email claiming to be from a service stating “Your credentials need to be verified.” When you click on the link, it has you enter your email and current password, often entering twice to ensure the entries match. When you enter this information on their fake page, they log the information and provide a follow-up message pretending to be a confirmation before reverting you to the actual services website.

Example 2: Your friend on Facebook has their account hacked. While it is compromised, the hacker using their account sends you a suspicious link, often with a message like “Is this you?” or “I need your help.” These links are usually either a truncated “bitly” link or a long link. Once you click on the link, the website it leads to may ask you for information or may install malware on your device without prompt.

What Is Smishing?

Smishing is a form of Phishing in which an attacker uses text messages (SMS, therefore SMS + phishing) to get a target to click a link or reply with sensitive information by pretending to be a legitimate business.

Examples of Smishing

Example 1: You receive a text message asking if you made a large authorized transaction at a store you wouldn’t normally go to. The message asks you to reply “Yes” or “No.” When you reply, a scammer calls to walk you through fixing the fraudulent transaction while gaining sensitive information from you. This allows the scammer to potentially gain access to your credit card information, making more transactions in the process.

Example 2: You receive a text message stating that an application is out of date and needs to be updated, followed by a shortened hyperlink (often a link). When you click on the link, mobile malware is installed allowing the scammer to see certain things you do on your phone, whether it’s credentials for applications, credit cards used on mobile purchases, or more.

How to Protect Yourself from Phishing and Smishing

When dealing with potentially fraudulent messages, there are many ways that you can protect yourself.Below is a list of best practices that you should follow to ensure your safety in these scenarios.

  • Slow down, think before you react to a message
  • Check the email address of the sender. If the name doesn’t match the email address, it is likely fraudulent
  • Check the phone number of the sender.Typically, legitimate texts from a corporation will only come from a 5 or 6-digit number (with some exceptions for text receipts from small businesses).If the sender has a 10-digit number with a random area code or comes from an international number with a country code, do not reply or open any links
  • Check the message for typos.Oftentimes phishing messages will have obvious grammatical errors
  • If you see text as a hyperlink (blue text underlined), use extreme caution.Hover your mouse over it to see what the web address is.If the web address seems suspicious (shortened link, typos, or from a service you’re unfamiliar with) do not open it
  • If the message creates a sense of urgency to act, do not respond to it.This is often the easiest way to get someone to click or reply without considering the source
  • If you are unsure of the validity of a message, do not reply to it
  • If a message claims to be from a service you use on a new number or unofficial email, do not reply. If you have questions or want to verify if the message is valid, reach out to the vendor’s official phone number listed on their website to confirm.
  • Do not provide sensitive information via text message or email. All businesses that need this information will have a secure and approved method in alignment with security protocols.
  • If you receive a suspicious message from a friend or family member, reach out to them via another method to confirm if it was them. If you suspect their account was compromised, let them know so they can fix this.
Phishing and Smishing - Service Federal Credit Union (2024)


Will service credit union text you? ›

By signing up for text alerts from Service CU, you'll receive real-time alerts straight to your phone. For members located in the United States: To sign up, simply text SERVICE to 603603.

Is phishing sending fake emails messages and phone calls? ›

Phishing refers to fraudulent attempts to get personal information from you, usually by email. But scammers use any means they can to trick you into sharing information or giving them money, including: Fraudulent emails and other messages that look like they're from legitimate companies, including Apple.

How can you tell if someone is phishing on your bank account? ›

Some common indicators of phishing include unexpected communications requesting personal or financial information, unfamiliar sender email addresses, generic greetings, spelling and grammar mistakes, and deceptive URLs.

What is smishing and phishing text messages? ›

Smishing is a social engineering attack that uses fake mobile text messages to trick people into downloading malware, sharing sensitive information or sending money to cybercriminals. The term “smishing” is a combination of “SMS”—or “short message service,” the technology behind text messages—and “phishing.”

Do credit unions send text messages? ›

Some credit unions use text messages for legitimate communications in order to help protect their members' information, accounts, and to provide other convenient messages. Here are some examples of what a credit union would NEVER text you.

Would a bank text you from a mobile number? ›

Yes, banks may use text messages to help protect accounts and provide convenient messages to customers.

What is the difference between email phishing and smishing? ›

Get familiar with these terms: Phishing: fraudulent e-mails and websites meant to steal data. Vishing: fraudulent phone calls that induce you to reveal personal information. Smishing: fraudulent text messages meant to trick you into revealing data.

What happens if you open a phishing email on your phone? ›

Smartphones can be hacked via phishing links in text messages, emails, or software. By interacting with a phishing link, you risk accidentally downloading malware or being redirected to a malicious website controlled by hackers who intend to collect user information.

Can you get hacked by responding to a phishing email? ›

Yes, you can get hacked by replying to an email, especially a phishing email. In most cases, it's not the response that causes the breach but the subsequent actions that follow. When you respond, you confirm that your email account is active, making you a target for further attacks.

How to identify a fake text message? ›

Here are five ways you can identify a fake text message.
  1. The text message is irrelevant to you. ...
  2. Claiming to be someone you know but it's an unknown number. ...
  3. Displays a sense of urgency. ...
  4. You're being urged to click on a link. ...
  5. The text contains misspellings and grammatical errors. ...
  6. Fake delivery notification texts.
Feb 12, 2024

What are the three warning signs phishing? ›

Major warning signs in an email are: An unfamiliar greeting. Grammar errors and misspelled words. Email addresses and domain names that don't match.

How do you know if a bank alert is real? ›

If an alert asks for account information or asks you to do something through the message, such as clicking on a link, that may be a sign that the alert is fraudulent. A real financial institution won't ask for personal information by text or email.

What happens if you click on a smishing text? ›

Clicking a phishing link in a spam text message can open your phone to security threats. If you don't enter any information or accept any downloads, your data may be safe. On the other hand, it's possible that suspicious files and malware were downloaded to your device through that malicious link.

Why does my phone say smishing and phishing? ›

While phishing typically refers to email scams, smishing refers specifically to deceptive text messages. Smishing scams involve contact from an unknown number, often claiming to be from a reputable business.

What happens if you reply to a phishing text? ›

Directly replying to a spam text message lets a spammer know that your number is genuine. After you reply, they can sell your phone number to other spammers who might bombard you with false promises of free gifts and product offers. Instead, it's best to block and report the number.

Will a credit card company ever text you? ›

Terms may apply to offers listed on this page. Credit card companies will generally alert cardholders when they suspect fraudulent activity on their accounts. You may not want to respond to a call or text along these lines in case it's a scam.

Will credit collection services text you? ›

Debt collectors, even legitimate ones, are legally allowed to call consumers at their personal numbers, and as of October 2020, a new rule from the Consumer Financial Protection Bureau (CFPB) gives debt collectors permission to contact you not just by phone, but also by email, text message and social media platforms ...

How do you know if a credit union is legit? ›

Enter the credit union's name and check the "Charter State" field. If the field says “CA,” your credit union is chartered in California. That means it is regulated by, and complaints can be filed with the California Department of Financial Protection and Innovation or DFPI.

Do banks text you links? ›

Most banks take care to explain their policies on a security or privacy page. Bank of America says that it will "never text, email or call you asking for personal or account information." Banks will also not ask you to verify your identity by clicking a link. Second, watch for claims of urgency.

Top Articles
Latest Posts
Article information

Author: Edmund Hettinger DC

Last Updated:

Views: 5941

Rating: 4.8 / 5 (78 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Edmund Hettinger DC

Birthday: 1994-08-17

Address: 2033 Gerhold Pine, Port Jocelyn, VA 12101-5654

Phone: +8524399971620

Job: Central Manufacturing Supervisor

Hobby: Jogging, Metalworking, Tai chi, Shopping, Puzzles, Rock climbing, Crocheting

Introduction: My name is Edmund Hettinger DC, I am a adventurous, colorful, gifted, determined, precious, open, colorful person who loves writing and wants to share my knowledge and understanding with you.