Learn how to avoid phishing email or text scams

Thieves and hackers have become more and more creative and clever in finding ways to trick people into sharing personal information that can put their finances at risk. One method is a so-called “phishing” email or text. These phishing scams (pronounced like “fishing”) are emails designed to mimic legitimate emails from businesses like retailers or financial institutions. In reality, they are created by thieves to trick you into entering your confidential financial and login information into a scam website. The scammers can then use the victim’s information to make fraudulent purchases or steal identities.

So how do you know if an email that says it is from Alliant or another financial institution is legitimate? Below are a few tips on how to identify phishing emails.

Tip-offs to phishing scams

1. You are not expecting a communication or it comes from an unfamiliar source.
2. The wording is strange or you notice typos.
3. The text or email says it's urgent.
4. The links/URLs are fake.
5. The site is not a "secure" site

You are not expecting a communication or it comes from an unfamiliar source

If you receive an email or text from a person or organization that you don’t know, don’t click on any links and don’t open any attachments. In fact, the safest course of action is to delete the email without opening it.

The wording is strange or you notice typos

Many phishing attempts originate in foreign countries and are written by people for whom English is a second language. If the subject line or text of the email has obvious typos or is written in broken English, it’s likely to be a scam. If a text or email is well-written, don't assume it's legit. Fraudsters are getting better and better at phishing because it can be so profitable.

The text or email says it's urgent

Phishing emails often contain words like alert, urgent, immediate action or action required. The scammers hope that if they imply urgency and scare you, you’ll react quickly without checking to see if the email is legitimate. Although Alliant has sent out emails related to data breaches, they were informational only, and did not ask members to log in to any account or take any action other than being diligent about monitoring their accounts.

Also, look out for messages that are too good to be true. You'll never win a contest you didn't enter. You want to be suspicious of any email or text claiming to have an in-demand item such as an N95 mask or a coronavirus vaccine.

The links/URLs are fake

Links in emails can be masked so that the words displayed in the link appear to be legitimate, while the actual link takes you to a site for a different, fraudulent company. The easiest way to check an email link (or a linked image) is to hover your cursor over it without clicking. The actual URL of the link should appear at the bottom left side of your screen. (Note: In some email systems, when you hover over a link, a pop-up window will appear showing the URL.)

If the URL displayed doesn’t match the company that ostensibly sent you the email, don’t click it. For example, most Alliant emails link to pages on alliantcreditunion.org or alliantcreditunion.com.

Use your judgment when a link goes to a different website if that site makes sense in the context of the email. If an email from us promoting the Alliant Visa Platinum Rewards credit card includes a link to Visa’s website, which makes sense in that context, it likely indicates that the link is legitimate.

The site is not a “secure” site

Any site into which you enter personal or financial information should be a secure site with a link starting with “https” (the added “s” stands for secure) instead of just “http.” If the URL for the form asking for your information starts with http instead of https, it is not safe to enter your login or financial information.

How to protect yourself

Review your account activity regularly. Monitoring your accounts on a regular basis is the best way for you to guard against being a victim of fraud. Alliant makes it easy for you to monitor your accounts for fraud: 

• Alliant Mobile Banking App. You can log in to our mobile app in seconds using fingerprint ID technology available in most smartphones. In the app, you can review your most recent transactions to ensure that they are legitimate.
• Alliant Online Banking. You don't have to wait to receive your monthly statement to review your account. Just log in to online banking anytime! 
• Emailed alerts: When you opt in to email alerts, you'll receive notifications about logins or transactions made on your accounts. 
• Real-time fraud text alerts. Alliant offers real-time text alerts for debit card transactions that we think are suspicious. 

Check out these other ways to keep your information secure

• How to keep your information private online
• 5 common COVID scams and how to protect yourself
• Everything you need to know about skimming fraud

Pam Leibfried is a marketing content specialist whose love of words led to a writing and editing career. After a brief stint teaching English, she transitioned to corporate communications and spent 20 years at The Nielsen Company before joining Alliant’s content development team. Early in her work life, Pam’s friend Matt explained the benefits of a 401(k) and her dad encouraged her to start a Roth IRA. Their good counsel prompted her to prioritize retirement savings, which just might enable her to retire early so she can read more and live out the slogan on her fave T-shirt:  “I have a retirement plan: I plan on quilting.”