Scammers are always switching up their techniques to trick consumers into revealing personal information or downloading malware on their devices. This leaves them vulnerable to identity theft.
One of the most common ways scammers do this is through phishing scams and email/website spoofing. In a phishing scam, you receive an email that looks like it’s from a legitimate business. It has a similar logo or other identifying marks. The email asks you to update or verify your account information by clicking a link. When you click that link, you’re directed to a spoofed website that looks identical to the real thing. If you log in to your account on the spoofed website, you have unintentionally provided your information to a scammer.
The same thing can happen via text message. In that case, it’s called smishing.
Your privacy and the safety of your personal and financial information is important to us. Please practice online safety by utilizing the tips below.
McCoy will never:
- Ask you for sensitive personal or account information (such as card numbers, PINs, and passwords) by email or text message.
- Request that you download software for any reason in an email or text message.
How to spot a fraudulent email or text message:
- Typos: Communications full of misspellings and grammar mistakes are the first clue that you’ve been contacted by a scammer. Legitimate companies proof communications carefully through multiple people to avoid these types of errors.
- Incorrect Web Address: Before clicking on any links, take a close look at the web address provided. Most scammers will make simple swaps to trick the eye into thinking they’ve shared the company’s actual website. You may think you’re going to a legitimate website when, in fact, you’re being led to a spoofed website. Common techniques include replacing a lowercase L with the number one or an uppercase O with the number zero. McCoy’s web address will always be listed as www.mccoyfcu.org in any communications from us. Most importantly, it will link to a secure website. Secure sites have a lock icon to the left of the URL and an “https” at the start.
- Unprofessional Email Address: Always check the sender’s email address when contacted via email. A representative from a legitimate company will never contact you from a generic email address like Gmail, Hotmail, or Yahoo. All emails from McCoy will come from an email address that matches our website domain (ending in “@mccoyfcu.org”).
How to protect yourself from scammers:
- Never click anything in an unsolicited email or text message. If a company reaches out with claims of an account issue, the first instinct is to click the link. Instead, visit the company’s website directly from your browser then log in and look for any notifications in your account. Never click on attachments or download anything from an unsolicited email, either.
- Never send sensitive information through email or text message. This includes your Social Security number, usernames and passwords, account numbers, and PIN numbers, just to name a few. Legitimate companies will never ask you to do this.
- When in doubt, call. Are you unsure if you’ve been contacted by a scammer? Your best bet is to reach out to the company directly to inquire. Always use the phone number listed on the company website, NOT the one in the email or text in question.
If you receive a suspicious email or text message from McCoy, please call us to report it at 407-855-5452.