Phishing Emails: Company Impersonations

In an effort to keep our members informed of current online security threats, we wanted to remind you about a continuing trend we’re seeing from scammers who are impersonating large businesses and government agencies through email and phone calls. These suspicious phishing emails are circulating inboxes in an attempt to gain access to personal and secure business networks. This is something you should be very careful about for both your personal and work email accounts and as always, when answering calls from unknown numbers.

We’ve put together the top red flags to look for when evaluating whether an email is legitimate or potentially fraudulent.

Who is the actual sender?

This may sound like an easy thing to determine, but this is the top way scammers are able to dupe their victims. Unfortunately, it is pretty easy to set up an email to look like it is coming from “Amazon.com.” However, the actual “from@company.com” email address is what you should actually be double-checking. Looking at the image below, you can see that the actual email address has nothing to do with Amazon – big red flag!

Is there a “To” address (i.e. your email address)?

This may or may not be the case, but a lot of times, these scammers are sending emails to hundreds or thousands of victims to increase their chances of someone taking the bait. Some are more sophisticated about it, but sometimes, they hide the “To” email addresses, which is a dead giveaway that it is not a legitimate email. A business that sends you an email will include your email address.

Where are the links trying to send you?

Another way to tell if an email is a phishing attempt is to hover over (DO NOT CLICK!) the links or URLs to see what pops up. Please see the images below as examples of this tactic. As you’ll see, the written out links in the email make it look like you will be taken to the Amazon website, but when hovered over, the URL actually programmed into the email is completely different. Clicking on the links could lead to any number of problems, including infecting your computer with spyware, trying to access the network you’re connected to and much more.

It is very important to inspect every email you receive. Ask yourself questions such as:

• "Do I have an account with this company?"
• If I have an account with this company, does it use this specific email address or phone number? (i.e. Do you have an Amazon account with your work email address?)
• If I have an account using this email address or phone number, did I recently place an order?"

Even if you answer “Yes” to all of these questions, the email could still be impersonating a legitimate business and you should check the items outlined above.

Helpful tips if you receive a suspicious email:

• Never open attachments or click on any links from unknown senders.
• Hover over the link(s) with your mouse to see if the link points to a legitimate address.
• Never enter your sensitive information in an untrusted site or pop-up window.
• Do not reply.

Unfortunately, scammers are becoming more and more savvy and persistent with their attacks and consumers have to be as vigilant as possible. As a reminder, United Heritage Credit Union takes these measures very seriously. We do our best to only include links to our website or trusted partners in our emails. Our promotional emails contain “@uhcu.org” in the From/Sender line. We are always working to update and enhance our security measures to stay on top of the most recent security threats. We hope this information is helpful for our members.