Phishing - Don't Get Hooked

Blog Author Aaron Robel

Written by: Aaron Robel, VP of Information Security

Published: August 29, 2018

Phishing attempts are fraudulent emails or texts designed to get you to share account information under false pretenses. We've all seen the scenarios: fake Amazon gift cards, supposed compromised Facebook accounts or that free Starbucks gift card you "won." These attacks are getting more sophisticated and more targeted. Like other companies, WSECU is not immune to having our brand appropriated by scammers. We do our part to prevent and combat fraudulent cybercrime. As members you have to be vigilant too, reviewing correspondence carefully so you don't fall prey.

Remember, WSECU will not ask you to confirm confidential login or account details by email or text. Be on high alert if you receive an email that looks like it's coming from the credit union asking you to provide critical account information. Here are some examples about what to be suspicious of.  

The email is the hook.

Below is an actual phishing email used to gather Online Banking login information. The fraudster uses emotion to try to get you to react by suggesting your access will be restricted if you don't reply. Stop. Review. Validate. THINK before you click on the LINK!


            Fraud Email Example

Questions to ask before you click: 

Is the email asking me to do something that doesn't seem right? If so, it's probably a phish. 

Does the sender routinely email me asking for this kind of information? If not, it's probably a phish. When you hover above a link in the email, does it go to wsecu.org?           

If it doesn't, it's probably a phish. Is the address using "https" for a true secure connection?

If the address uses just "http" but the message says it's secure, it's definitely a phish.  

If you are ever unsure about an email, you can always call our Contact Center at 800.562.0999. We will validate the authenticity - or not.  Reporting something phishy also helps us to respond to the threat to protect other members. 

Where do the fake links go?   

Below is an image of a fraudulent site used to capture login information after someone clicks the link in a phishing email. Stop. Review. Validate. THINK before you click on the LINK.


Fake Webpage Example

What to watch for:

Is the address in the address bar correct?

Unsecure web address

  • In this case, it's not secure. This is a big red flag! Call the Contact Center immediately.
  • It doesn't use the wsecu.org domain. It's similar, but illegitimate. Another big red flag! Call the Contact Center immediately.  

Does the webpage look right?

The fraudster has scraped images from WSECU's real website and reused them in the fake site, but they don't look quite right. This is a common practice to fool you into thinking it's the correct site. Don't be fooled! Call the Contact Center immediately.  

Phishers count on scare tactics and tapping your emotions to trick you into providing your confidential information. Remember to think before you click on the link!  If you are ever in doubt, give us a call.