Cybersecurity – Customer Awareness

What is Phishing?

Phishing is a form of cyber attack where malicious actors impersonate legitimate entities, such as banks, companies, or government agencies (typically via email) to trick individuals into divulging sensitive information or performing actions that compromise security.

What are some common red flags to look for to identify phishing message(s)?

• Unsolicited email from an unknown sender (verify underlying email address)
• Urgent tone, pressuring recipient to act quickly
• Requests for sensitive information like passwords or account details
• Generic salutation (e.g., “Dear Customer” instead of your name)
• Suspicious links or attachments

What is Smishing?

Similar to phishing, smishing is another form of cyber attack that occurs through SMS (text messages) or other messaging platforms. Like phishing, smishing aims to deceive individuals into providing personal or financial information or clicking on malicious links.

What are some of the red flags to look for to identify smishing message(s)?

• Unsolicited text message from an unknown sender
• Claims of urgency or alarming consequences if action is not taken immediately
• Requests to click on a link or provide sensitive information
• Poor grammar or spelling errors
• Messages from unexpected sources or organizations

What are some of the best practices to reduce the risks associated with Phishing/Smishing?

• Think before you click: Verify the legitimacy of emails or texts, especially those requesting sensitive information or immediate action
• Hover over links: Before clicking on any links, hover your mouse over them to preview the URL. Be cautious of shortened URLs or misspelled domains
• Keep software up to date: Regularly update your operating system, web browsers, and security software to patch vulnerabilities and protect against known threats
• Enable multi-factor authentication (MFA): Add an extra layer of security by requiring more than just a password to access your accounts
• Educate yourself and others: Stay informed about the latest phishing and smishing tactics and share your knowledge with colleagues, friends, and family members

Tips to avoid Identity Theft:

• Do not share personal information over the phone, through the mail, or over the internet unless you initiated the contact or know the person you are dealing with.
• Be suspicious if someone contacts you unexpectedly online and asks for your personal information. It doesn’t matter how legitimate the email or website may look. Only open emails from people or organizations you know and, even then, be cautious if they look questionable. Be especially wary of fraudulent emails or websites that have typos or other obvious mistakes.
• Don’t give out personal information in response to unsolicited requests. Be particularly careful about to whom you give your Social Security number, financial account information, and driver’s license number.
• Choose PINs and passwords that would be difficult to guess and avoid using easily identifiable information, such as your mother’s maiden name, birth dates, the last four digits of your social security number, or phone numbers.
• Review account statements thoroughly to ensure all transactions are authorized.
• Guard your mail from theft, promptly remove incoming mail, and do not leave bill payment envelopes in your mailbox with the flag up for pick up by mail carrier.
• Use an updated security program to protect your computer.
• Be careful about where and how you conduct financial transactions. For example, don’t use an unsecured Wi-Fi network because someone might be able to access the information you are transmitting or viewing

Additional Resources:

• Banks Never Ask That (American Bankers Association)
• Cybersecurity Resources (FDIC)
• Avoiding the Temptation of Smishing Scams (FCC)