Thieves and hackers have taken their mischievous cyber-tactics next level to trick people into sharing personal information that can put their finances at risk. One method is a so-called “phishing” for email or “smishing” for text messages. These phishing scams are distributed to mimic legitimate emails or text messages from businesses like retailers or financial institutions.
Now, technology has evolved to make it more difficult to spot and, unfortunately for victims, more convenient to access through QR codes, social media, and even AI-generated (artificial intelligence) text & images.
These scammers intend to trick you into entering your confidential financial and login information on a scam website that may resemble a familiar business, or financial institution, you frequent. The scammers can then use your information to make fraudulent purchases or steal identities. So, how do you know if a message is legitimate? We tapped a couple experts on our Phishing Team (Ed Gebrael, Senior Threat Analyst and Kenny Warren, Principal Security Threat Advisor) to define what measures are still relevant for spotting phishing scams and how they’ve evolved.
Increasingly, text message scams have become the dominant form of deceptive communication. Many scammers pretend to be financial institutions, delivery services, and government agencies. Additionally, you should be wary of social media scams, too, which cosplay as fake profiles of people you may know and could be in conjunction with similar posts or ads.
If you receive communication from a person or organization that you don’t know, don’t click on any links and don’t open any attachments. In fact, the safest course of action is to delete the message without opening it.
You should also beware of the rise in scams initiated on your end, like QR (Quick Response) code scams. Using your cell phone’s camera or an app, these digitized squares can instantly drive you to the scammer’s website or fake login page. These are much more common due to their casual and convenient nature when placed on seemingly benign objects like menus and parking meters.
While it was previously easier to identify phishing attempts by misspelled words or improper grammar, many scams have developed to be more sophisticated. Generative-AI has the capability to not only write error-free messages, but also to sound more legitimate or familiar. Technology can even mimic someone else’s writing style or use your public information (think: social media, government records, etc.) against you. If a text or email is well-written or friendly, don't assume it's legit.
A still relevant way to identify phishing communications is looking for words like alert, urgent, immediate action or action required. The scammers hope that if they imply urgency and scare you, you’ll react quickly without checking to see if it is legitimate. Although Alliant has sent out emails related to data breaches, they were informational only and did not ask members to log in to any account or take any action other than being diligent about monitoring their accounts.
Look out for messages that are too good to be true or seem off, like mentioning details of accounts you don’t have or stating false information. A few of the newer tactics include using an overly formal writing style, receiving communications outside of normal business hours, or directing you to call an unfamiliar number. When in doubt, go to the public website for the organization in the message and utilize their published number or email address.
Links in emails can be masked so that the words displayed in the link appear to be legitimate, while the actual link takes you to a site for a different, fraudulent company. The easiest way to check a link (or a linked image) is to hover your cursor over it without clicking. The actual URL of the link should appear at the bottom left side of your screen. (Note: In some email systems, when you hover over a link, a pop-up window will appear showing the URL.)
If the URL displayed doesn’t match the company that ostensibly sent you the email, don’t click it. For example, most Alliant emails link to pages on alliantcreditunion.org or alliantcreditunion.com.
Use your judgment when a link goes to a different website if that site makes sense in the context of the email. If an email from us promoting the Alliant Visa Platinum Rewards credit card includes a link to Visa’s website, which makes sense in that context, it likely indicates that the link is legitimate.
Phishing will only continue to grow more advanced through increased personalization and AI-assisted communications. In fact, these developed scams may even start using AI-generated voices to sound like someone you know or create videos impersonating real people. QR codes will likely be the next dominant form to evolve scam-wise as it’s more common place to find at restaurants, gas stations, and other public spots.
Overall, phishing will become more believable and harder to spot relying more on trust and urgency than on obvious red flags. It will be more important than ever to stay diligent and pause to inspect before clicking.
Review your account activity regularly. Monitoring your accounts on a regular basis is the best way for you to guard against being a victim of fraud. Alliant makes it easy for you to monitor your accounts for fraud:
with an Alliant high-rate saving account
with award-winning saving rates and loans
Get even more personal finance info, tips and tricks delivered right to your inbox each month.
Thanks for subscribing to Alliant's Money Mentor newsletter! You will now receive personal finance tips in your email inbox each month.
You are leaving Alliant’s website to enter a website hosted by an organization separate from Alliant Credit Union. The products and services on this website are being offered through LPL Financial or its affiliates, which are separate entities from, and not affiliates of, Alliant Credit Union.The privacy and security policies of the site may differ from those of Alliant Credit Union.
You are leaving an Alliant Credit Union website and are about to enter a website operated by a third-party, independent from Alliant Credit Union. Alliant Credit Union does not manage the operation or content of the website you are about to enter. Alliant Credit Union is not responsible for the content and does not provide any products or services at this third-party website. The privacy and security policies of the site may differ from those of Alliant Credit Union.
