Don't Get Hooked by Phishing Scams

Phishing scams use your email as an entry point to steal information or distribute malicious software. It is the most common and effective attack method used by cyber criminals. The focus of this blog post is to help you identify and report phishing emails. 

Phishing emails may include:

• Attachments loaded with viruses, worms or other malicious software (aka malware).


• A link to a website to distribute malicious payloads.


• Dialogue intended to build rapport between the sender and recipient in order to elicit funds or personal information. 

Email spam filters do a good job of either blocking these emails from your inbox or diverting them to your junk mail; however, some phishing emails may get through. Here are some examples of phishing emails, and things to look for:  

Emails Containing Malicious Links

• Phishing emails typically do not refer to you by name. They will reference sir, ma’am or some other generality.


• Cyber criminals use tactics like scarcity (such as “click this link to be one of the first 10 with a chance to win”), or, as in the IRS example below, authority (a criminal complaint has been filed against your company). According to IRS.gov, they do not send out email solicitations.


• If you are unsure of links in an email, hover (but do not click) the cursor over the linked text. If it is a phishing email, you will notice it actually references a different website. The link typically displays on the bottom left of the screen. Here is an example of a phishing email with a malicious link:

If you are unsure of a link in an email, you can also open your web browser and type the web address referenced within the email rather than clicking on the link. This could save you a trip to a computer repair store because malicious software was downloaded and you are now locked out of your computer.

Emails with Malicious Attachments

• Before you open an email attachment, look at the greeting. If it appears to be from someone you know, verify that the sender’s name and address are the same.


• If you want to verify the safety of an attachment, you can download it (but don’t open it) and upload it to a free malware scanner such as virustotal.com or virusscan.jotti.org.

Here is an example of what a phishing email containing malicious files might look like:


Email Scams Requesting a Reply

• Watch out for emails promoting offers that seem too good to be true.


• Phishing emails will often not include your name in the greeting. However, the sender may claim to have found you through an internet search or other method. Here is an example of such an email scam:

Avoiding Phishing on Mobile Devices

To verify a link on an Apple® or Android® mobile device, tap and hold down on the link until the address pops up. This will show you the actual linked address so you can verify if it matches the text in the email.      

Reporting Phishing

There are a variety of ways to report phishing emails:

• Apple: Forward the email as an attachment to reportphishing@apple.com
  
  
• Yahoo: Next to SPAM is a down arrow button.  Click on it, and select “Report a phishing scam.”


• Gmail: At the top-right corner of the message, click the down arrow next to the "Reply" button, then select “Report Phishing.”


• Outlook: Select the email in question, then report the email by selecting the arrow next to Junk and select “Phishing scam.” 


• PhishTank.com: This is a free service for reporting or verification of phishing emails.


• At Capitol Federal®, we are committed to the security of your accounts and personal information. If you ever have a question about a Capitol Federal site or email, you may always call us to verify it at 1-888-8CAPFED.

For more tips on protecting yourself online, check out our other cybersecurity blog posts:

Protecting the Keys to Your Kingdom

Wi-Fi Security Tips

« Back to Blog

Categories: Safety and Security