Member FDICFDIC-Insured - Backed by the full faith and credit of the U.S. Government

How to recognize and avoid phishing scams

Each year millions of people fall victim to phishing attacks, resulting in tens of thousands of people losing their identity — or their money.

What is a phishing attack? A scammer disguises an email to make it look like it’s coming from a legitimate source, like a government agency, financial institution or even a family member. It has some sort of call-to-action encouraging the target to click on a link embedded in the email. It could be an alert about an account that needs updating, an order you placed or a request for information.

When you click on the link, you are redirected to a legitimate-looking website for your bank or credit card, where you’re invited to log in. The phisher captures your log-on or your personal information, to pose as you on the real website and proceed to drain your funds and/or spend your money.

You are the first and last line of defense against a phishing attack. Your only real protection against a phishing attack is a clear understanding of how it works and knowing the tell-tale signs to avoid falling prey. Here’s what to look for:

  • Phony sender address – The first place to look is the sender’s address. Look closely for any misspellings or conspicuous dashes in the sender’s address or the subject line. When you hover the mouse arrow over the sender’s email address, it will reveal the sender’s actual email address.
  • Suspicious salutation – Be suspicious of any email that doesn’t include your first or last name. It’s best to just delete the email.
  • Urgent call-to-action – Emails asking you to take immediate action are suspect. Do not click on any links.
  • Phony links – With any email, you should inspect a link to ensure the organization’s name is spelled correctly. If you do click on a link to a website, inspect the URL address to ensure it is preceded by an “https.” The “s” indicates that the site is secure.

The bottom line? To avoid a phishing attack do not use suspicious links or qr codes, and never provide sensitive information to unknown or suspect websites.

Want to defend yourself against debit card fraud? Click here to learn how you can avoid becoming a victim.

About This Author


Ross Bentzler

Ross Bentzler is Executive VP and Information Security Officer for Alpine Bank. Ross has worked in the information technology field for two decades, focusing on information security for 13 years.

More about Ross Bentzler

Allpoint It’s your money after all. Find a surcharge-free ATM